Pulse


MULTI-FACTOR AUTHENTIFICATION MIRACL


Increasing instances of data breaches is driving changes to governmental policies regarding GDPR across global markets. Legislatively, what is the lay of the land when it comes to gaming? What significant changes are being made at a regulatory/legislative level, and where?


“Just within gaming, we have seen 400,000 account takeovers in the last five months. While these attacks typically come in waves, this is a truly shocking and unsustainable level of breach and fully justifies the relatively recent initiatives to require MFA login for gaming accounts.


Leading this process has been New Jersey’s Department of Gaming Enforcement. New Jersey is the single largest state by value for online gaming and so the regulator has been able to impose relatively high levels of operating cost in the form of account protection without materially jeopardising the profit opportunity for operators.


Te fact is that consumers cannot be left to manage the security of the platforms they choose to frequent. Tere has to be regulatory input. By providing adequate warning of the requirements, the NJDGE has for the most part enabled operators to successfully adhere to regulations.


Moreover, by issuing ‘best practice’ security measures, they are also providing guidance for what they are likely to care about in the coming years. For example, the ability of operators to control the number of devices that may be authorised for a given device is an important measure to stop account sharing but it is currently not widely adopted. MIRACL has introduced this feature to ensure that we are ahead of forthcoming legislation.”


How has the rapid progression of MFA legislation, particularly in North America and Europe, impacted MIRACL? Whilst increased MFA adoption won't harm the company's bottom line, does evolving legislation also come with its own set of challenges?


“Frankly, it’s been a massive opportunity to be able to show our solution side by side with industry accepted, yet poorer options. When MFA was required in New Jersey, many operators turned on the default use case for SMS. We have heard operators losing as much as 12% of revenue in that first month. When you are able to then compare the user experience of our single- step MFA - a two second login via a 4 digit pin or local biometric where available - side by side by a multi-step multi-factor authentication option like SMS…well, it becomes a no brainer for user experience. And that is before we even talk


P78 WIRE / PULSE / INSIGHT / REPORTS


“Just within gaming, we have seen 400,000 account takeovers in the last five months. While these attacks typically come in waves, this is a truly shocking and unsustainable level of breach and fully justifies the relatively recent initiatives to require MFA login for gaming accounts.


about how our light infrastructure enables our costs to be a fraction of an SMS cost.


However, in most cases companies’ major cost saving is from reducing the password-related support queries as well as enabling users to carry out crucial management tasks on their account without calling customer support because they have the security of MFA tying their connection.


Tat’s not to say there aren’t challenges in obtaining regulatory approval for a new technology and a new approach to account security. It’s for that reason that we’re particularly pleased to already be authorised as MFA in New Jersey, Tennessee, Iowa and Ontario with more being added daily. But with each state having its own processes, sure, it’s not a streamlined process.


Crucially, we also think that our ability to operate an outsourced authentication MFA solution without knowing ANY personal identifiable information on the underlying user will place us in a great spot with privacy legislation and ensure that operators are not subject to onerous and costly third party data audits.”


Whilst the global MFA market is on an upward trajectory, what factors are - and could potentially - hinder its growth potential? Are high maintenance and software update costs the biggest stumbling blocks for businesses looking to implement MFA solutions?


“MFA adoption within consumer markets has been tiny because the user experience of MFA has historically been so bad that it has hit operators' profits in many ways. First, it has dented traffic and therefore revenue. MFA login success rates have historically been 85-90% meaning that 10-15% of traffic is left at the front gates.


Secondly, the hassle of logging in has just diminished user engagement, which is all important in gaming.


Tird, 2FA-related user friction has crushed users’ impulse purchase desires and therefore had a heavy impact on conversion rates in terms of users logging on and then choosing to transact.


Fourth, problems related to undelivered SMS messages, forgotten passwords or incorrectly configured authenticator apps have brought about a huge surge in very costly customer support calls.


Addressing all four of these issues has been our


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74  |  Page 75  |  Page 76  |  Page 77  |  Page 78  |  Page 79  |  Page 80  |  Page 81  |  Page 82  |  Page 83  |  Page 84  |  Page 85  |  Page 86