Feeds

Betting sites balance fraudster nab and customer loss

Tricky job? You bet

Securing Web Applications Made Simple and Scalable

Speakers at the conference conceded that gaming firms needed to improve their security, but a major underlying theme was how this might put off customers.

During a panel discussion on integrity Bring said he thought good security could give customers confidence in a site and a competitive advantage, but “we're all being judged in the same way - the industry needs to be a lot more serious about ensuring they have the best technology and best people in place”.

The panel agreed that customers were mainly looking for the best bonuses, and could then be surprised they were having problems getting money out of less reputable sites.

Oliver Eckel, head of corporate security at Bwin, said his firm was playing around with the idea of having various levels of security, with the lowest being a simple login and password and the customer “happy in having a lot of risk”, then going towards using the idea of using tokens like World of Warcraft. “That's something the industry should be moving towards,” he said.

All panel members were resigned to being unable to stop all fraud, and Eckel felt he didn't need perfect security - “it just needs to be better than my competitors'. There needs to be enough of a deterrent to make sure it's not very cost-effective for criminals.”

Ahead of the conference Visa had been showing off its dynamic password technology to the industry. Then on the risk panel Phil D'Angio, director of business development at security business VeriSign thought it “really silly” that the businesses were making a lot of effort in checking who was trying to access their sites, then issuing “the weakest credentials possible – the user ID and password combination.”

“I don't see the point. You have something out there that's fairly convenient, and quite a bit stronger. Taking security up a notch seems the practical thing to do.”

Luckett was not keen, as any increase in security deters his customers - some of whom want to place bets minutes before events start.

“On our side of the fence, anything that makes it harder for customers to log means there is more chance of losing them. Yes you're insecure, but until everyone does it – who wants to be the first? We don't.

“Anything you type into a keyboard is going to be logged by a key logger – if you've got ten layers of security, the key logger will log them all. You might as well use user name and password and let your users get in nice and easy.”

But who else gets in nice and easy? ®

The smart choice: opportunity from uncertainty

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.