PA online gambling to enact two-factor authentication by start of ’23

PGCB multi-factor authentication
Image: Shutterstock

Another major online gambling market is moving towards mandatory two-factor authentication going into 2023. The Pennsylvania Gaming Control Board (PGCB) advised operators in June that the move was coming. Licensees in the state have until Dec. 31, 2022 to implement the extra security layer.

PGCB spokesperson Doug Harbach provided some details of the new regulations to SBC Americas.

The multi-factor authentication needs to be engaged every 14 days, regardless of activity. Additionally, independent third parties will need to verify the security of these measures annually. The reports from these security checks need to be submitted to PGCB.

Finally, operators are required to encrypt the players’ personal data to ensure it is protected by the utmost security. These security measures must be tested quarterly.

According to Penn Bets, operators like FanDuel and Unibet are already proactively reaching out to players to let them know this change is coming at the end of the month. Some operators, like BetPARX have already implemented the new multi-factor technology.

While the timing may seem reactionary to the recent wave of fraud issues, PGCB actually issued this directive in the summer to give operators sufficient time to implement the measure.

Harbach also emphasized that, while this action from the operators will help detect and crack down on fraud, customers should still take steps to practice good cybersecurity hygiene. For example, do not use the same passwords across multiple online accounts.

Pennsylvania joins New Jersey and Ontario as the third North American jurisdiction to mandate two-factor authentication for regulated operators.