Chief regulators of four major gambling states emphasized the importance of cybersecurity and discussed cultural differences between Europe and the United States during Monday’s opening session of the largest gaming conference in North America.
As the gaming industry continues the transition to a post-COVID environment, safeguards must be upgraded to cope with potential cyber attacks, according to New Jersey Division of Gaming Enforcement director David Rebuck.
“Cybersecurity — without a doubt — the focus on that is very intense,” Rebuck told a packed ballroom at the Global Gaming Expo (G2E) at the Venetian Resort Casino in Las Vegas on Monday (October 10).
Rebuck’s agency adopted heightened standards for cybersecurity earlier this year that now require all online gaming and sports-betting operators to deploy multifactor authentication for online accounts, in order to prevent so-called “credential stuffing” among other cyber risks.
Nevada also recently promulgated a regulation establishing cybersecurity standards, according to Brin Gibson, chairman of the Nevada Gaming Control Board.
The goal is to “lay out some markers” for smaller and newer licensees, Gibson said.
“My hope is at least our large, non-restricted licensees are already doing some of it, or all of it.”
The cybersecurity regulation, which could be formally adopted as soon as this month, is intended to encourage Nevada gaming licensees to examine their weaknesses and “get their systems to the point where they’re as robust as possible, and as safe as possible,” Gibson said.
Gibson said Nevada gaming companies are collecting massive amounts of personal data, including on a newer trend among slot-machine game designers to introduce personalized versions of their games for casino patrons.
Ransomware remains a concern, Gibson said, but a higher priority is the gaming industry’s handling of personally identifiable information (PII).
“I don’t want PII leakage,” he said. “I’m concerned about that. I think it would damage the reputation of our licensees.”
Marcus Fruchter, administrator of the Illinois Gaming Board, said it is critical for gaming regulators to hire the right personnel to keep up with the ever-evolving field of cyber technology.
“A state agency is kind of like a large ship,” Fruchter said. “It’s very difficult to start to turn it and turn it in one fell swoop. So we’re beginning to turn it.”
Jay McDaniel, executive director of the Mississippi Gaming Commission, said his agency tries to stay ahead of cyber issues by tracking developments overseas.
“We have the same [international] licensees. They’re operating here,” McDaniel said.
Mississippi only allows sports betting at its brick-and-mortar casinos, and is unlikely to legalize internet gambling in the near future.
“It’s kind of a blessing in my job because right now, I don’t have the online, the regulated online [gaming], to worry about,” McDaniel said.
IGT chief compliance officer Luke Orchard moderated the regulators’ panel, and asked if the series of multimillion pound fines levied against the gambling industry in the UK in recent years had an impact on regulators in the United States.
Rebuck, the chief New Jersey gaming regulator, said it is “naive” to compare Europe and America, which has a “more provincial” approach to gambling.
“The minimum age for gambling in … our states is 21,” he said. “The majority of countries overseas [have a minimum age] of 16, maybe 18 now. We all know there’s a huge difference.”
As for a movement in the United Kingdom to set a so-called affordability limit of £2,000 for intensive know your customer (KYC) checks on players seeking to make deposits for online gambling, Rebuck said that would never work in the U.S.
There are some merits to the concept of affordability in general, from both a KYC and responsible gambling perspective, according to Rebuck.
But setting specific thresholds is not feasible.
“To try to legislate that in the United States as a form of regulation, I think, is a disaster,” he said.