Conditionally for non-members as well

EGBA creates special expert group to counter latest cybersecurity threats against gambling sites

2022-03-24
Reading time 2:50 min

The European Gaming and Betting Association (EGBA) said Wednesday it has created a new expert group to help support and coordinate the efforts of its members, which include some of Europe’s leading online gambling operators, to counter the latest cybersecurity threats against gambling websites.

The group will enable EGBA members to share information with each other about the latest cyber threats and attacks, cooperate to track and resolve incidents, identify and solve security vulnerabilities, and implement the latest best practices in cyber security.

"Gambling websites are an increasingly lucrative target for organised and professional cyber criminals who deploy a range of sophisticated methods to try to access player accounts, and steal funds and customer data stored within these," the trade body stated in a press release.

According to cyber security firm Imperva, automated cyber threats accounted for 28% of all global traffic to gambling websites in 2020. EGBA explains that cyber threats are a particular problem during major sporting events and increased 96% year-on-year during the European football championships in 2021, with UK and German gambling websites particularly targeted. In 2019, EGBA members prevented at least 550 major cyber-attacks against their European websites.

The group comprises cyber security experts from EGBA members and the scope and type of data to be shared in the group has been established through a Memorandum of Understanding. The group will facilitate cooperation between EGBA members to support their active, early detection and responses to cyber threats, strengthen individual and common security practices, and prevent malicious activities against their customer bases, including protecting against theft of funds and data breaches. 

Participation in the group is open to gambling operators which are not members of EGBA, provided they comply with a number of principles to ensure the highest standards in cyber security and data protection are maintained, EGBA said.

Maarten Haijer, EGBA's Secretary General, stated: "We have launched this expert group to encourage and establish a much-needed platform for cross-industry cooperation on cybersecurity issues. Cyber criminals are increasingly determined and sophisticated in their efforts to try to hack into gambling websites to steal customer data and money. Cyber threats tend to be cross-border in nature, affect operators in the same ways, and are a common threat to the industry. That’s why it is crucially important that operators work closer together to strengthen cyber security protocols and procedures, find common solutions to the latest threats and security vulnerabilities, and implement the highest security standards."

Furthermore, EGBA cited some examples of cyber threats to online gambling websites. For instance, Distributed Denial-of-Service (DDos) attacks make a website or app slow down or become unresponsive by flooding it with artificial website traffic and are problematic for gambling websites because website speed and performance are crucial to the real-time nature of sports betting. Website latency or outagecan result in loss of revenue, poor customer experience, brand damage, and loss of customers to competitors.

Account takeover (ATO) sees bad bots mimic legitimate login activity to gain access – through credential stuffing and cracking – to player accounts. This type of attack can be lucrative because funds and financial information, such as bank card details, are stored in player accounts. Like with many other sectors, ATO is the biggest cyber threat to the gambling sector and can lead to the theft of a player’s money and private data.

As for odds/price scraping, this is a specific issue for gambling websites. By using bad bots to scrape betting odds from multiple gambling websites, cyber criminals can obtain valuable insights which help them to predict betting results more accurately and to decide on which websites they should place their bets, to maximise profits. Operators may also use price scraping against their competitors and use the insight to advance their own market position.

Promotion abuse happens when bad bots are deployed by cyber criminals to perform large-scale account creations in order to abuse a special promotion, e.g. a free bet promotion for new customers on the World Cup 2022 tournament, and then capitalize unfairly on the promotion.

Finally, credit card fraud sees cyber criminals try to access player accounts to test credit cards numbers to identify missing data (exp. date, CVV, etc). This damages the fraud score of the gambling operator and increases customer service costs to process fraudulent chargebacks.

Leave your comment
Subscribe to our newsletter
Enter your email to receive the latest news
By entering your email address, you agree to Yogonet's Condiciones de uso and Privacy Policies. You understand Yogonet may use your address to send updates and marketing emails. Use the Unsubscribe link in those emails to opt out at any time.
Unsubscribe
EVENTS CALENDAR