Home > Legal & compliance > Compliance > Taking cover: How to handle bettors’ sensitive data

Taking cover: How to handle bettors’ sensitive data

| By iGB Editorial Team | Reading Time: 5 minutes
The popularity of legal sports betting and igaming has quickly spread. But challenges have surfaced in issues related to intellectual property, data protection and security. Russell Karp of DataArt explains how sportsbooks can manage and secure their data to overcome these challenges.

Nowadays, data collection, reporting and protection are as urgent as ever. These issues often intertwine with compliance within and across jurisdictions. With a mound of information to manage, operators must put extra effort into ensuring that bettors’ data is secure both on sportsbook platforms and mobile apps. So how can a sportsbook manage and protect data?

Data Management

Three of the most common data management challenges for sportsbooks include:

  • The inability to load high volumes of transactional data from gaming machines to legacy systems due to formatting and support issues. Many legacy systems exist in silos and don’t communicate well with other technologies, making it difficult to manage and analyse transactional data;
  • Verifying the massive amount of sports data feeds, delivering real-time betting odds, scores, and settlements generated across various sources makes data management an uphill climb;
  • The supply of reliable, available data using official sports league data vs unofficial versions.

To deal with the first two challenges, you must evaluate your data architecture and adopt a cloud strategy if one is not in place.  

How data is aggregated, organised and used is at the intersection of business and technology and provides various internal consumers (even AI) the information necessary for their respective needs. This includes the entire supply chain of information, including marketing, sales and customer support.

Migrating data to the cloud improves capacity and scalability which reduces potential down times due to cloud infrastructure measures like redundancy.

Importantly, it also scales easily when volumes of new users or wagers could potentially trigger a performance issue; especially during major sporting events. We still remember the Super Bowl in 2021 when all the major US operators – including FanDuel, DraftKings and Penn’s Barstool app – experienced technical issues, resulting in lost revenue. Additionally, MGM’s Nevada app was unable to accept any online bets during the event.

The third challenge, official vs unofficial data, is a bit trickier. Most sports betting providers are not required to use a specific data source, while leagues and teams claim ownership of their respective sports data and deem it “official”, though their intention is to sell data or charge integrity and rights fees.

While professional sports leagues seek compensation from sportsbook operators for accessing their real-time official statistical data, offshore sportsbooks are still operating without restrictions. Furthermore, unscrupulous companies in the ecosystem have developed methods to scrape or pilfer data from suppliers that have spent millions to partner with sports leagues in the US and internationally. That six-to-eight second lag on offshore sportsbooks is not a latency issue but rather a delay that typically arises when a website uses pirated data.

Data Security

The gaming industry is particularly vulnerable to cyber threats due to the information operators retain. One of the most significant data security events to impact the sector is the 2014 Las Vegas Sands Corporation hacking, where criminals stole customer credit card info, drivers’ licence information and social security numbers.

In 2020, SBTech-powered sites were taken down for more than 72 hours after cyber criminals used ransomware to threaten critical systems. Thankfully for clients, no personal data was compromised but the company lost at least 72 hours worth of gaming revenue. This can happen to any sportsbook, regardless of its size.

Data security vulnerabilities typically result in hacks where confidential information is stolen and is used in a variety of criminal activities (false identities is at the top of the list) with bonus abuse being one of the most common transgressions. 

Welcome bonus abuse, a common form of bonus abuse, occurs when a single player is granted a new player bonus multiple times. A recent report from Arkose Labs claimed that gaming companies experienced an 85% increase in fake account registrations in the first quarter of 2022. Bonus abuse is certainly a problem and can be exacerbated when groups of individuals or organised crime use false identities and location alteration, through VPNs, to commit fraud on a large scale. 

The responsibility of preserving integrity in sports betting is the responsibility of everyone in the ecosystem including sportsbooks, teams, leagues and the government. Sports betting companies must adhere to state, federal, international and tribal-state regulations when collecting, processing, sharing and managing data. The easiest way to do this is to follow these key data privacy principles: inform, consent, good data retention policies and data security.

The four key principles of Data security
The four key principles of Data security

Securing and transmitting shared data could be just as challenging as ingesting it. Complexities arise when multiple partners are involved who rely on each other to securely transfer confidential information. 

“The individual sportsbooks do not want their wagers shared necessarily back. So, there is certainly some sensitivities to all that,” Matthew Holt, CEO of US Integrity, recently told DataArt. There has to be trust between partners and an agreed-upon method of security levels that will satisfy all parties involved.

Proven technology solutions are an essential piece of the puzzle in order to ensure a fair and safe environment for partners and bettors alike. Although open-source solutions are cost-effective, they can also include serious security issues such as malware infections, Denial-of-Service (DDoS) attacks and even data breaches. The famous 2016 DDoS attack on William Hill cost the operator roughly £4.4m during a 24-hour outage. Research reveals that a quarter of all online sportsbooks experienced DDoS attacks in June 2022.  Needless to say, this is a troubling statistic which has the potential to worsen.

Data security
In response to cybersecurity events like the ones above, DataArt security experts created a seven-level pyramid to secure your betting platform.

Sports betting operators must adopt security as a core cultural value, constantly cultivate security awareness and evolve security practices as their business grows.


“Compliance is key because there’s such a rapid pace at which new regulations are growing and continue to be a focus for sports betting operators. Getting launched in a sports betting market takes an army[…] to meet the regulatory requirements from licensing to product, to your internal controls and documentation and everything that goes on behind the scenes,” says Eric Frank, chief executive officer and co-founder of Odds On Compliance.

If you’re a current operator or have plans to become one, it is vital to understand the regulatory hurdles in your jurisdiction and build compliance measures into your business plan. Navigating the websites of numerous regulators is challenging though you must stay current on all of the latest regulations or potentially face an expensive penalty. For example, gaming regulators in Nevada recently fined William Hill for regulatory infractions which impacted thousands of customers. 

So how will technology streamline and introduce efficiencies for this arduous task? There are platforms on the market such as Odds On Compliance that focus on aggregating, organising, and presenting this data by domestic and international jurisdictions in a consumable manner. The platform must also contain extensive search capabilities, bookmarking and exporting features.


Behind the enormous online betting ecosystem with sportsbooks, suppliers, operators, regulators, partners and leagues, among others, there is a golden opportunity to leverage the latest technologies in order to build confidence in users that their information is secure. Using the correct technology can help you solve data management, security, and compliance issues, while promoting a trusted user experience for players.

Subscribe to the iGaming newsletter