Credential abuse is prevalent across many verticals, especially those where there is access to popular products or, potentially, cash.
Users tend to use the same email address and password across many gaming sites, and due to widespread use of generic single-factor authentication, this creates an environment where account takeover is prevalent.
In addition, IT & Fraud teams rarely have regular communication and therefore the true extent to which credential abuse directly contributes to fraud is unknown within an operator.
Credential abuse and the resulting account takeovers ultimately create extra work for fraud teams, who must assess the extent of the compromise and take steps to make the account legitimate again and reimburse, if necessary, any losses by the customer.
In this webinar, sponsored by Akamai, a panel of experts will discuss the scope of the challenge when it comes to credential abuse and account takeover, assessing the risk vectors and potential solutions for the igaming industry.
Watch for this webinar to learn more about:
- What are the potential ramifications of not implementing an effective credential abuse prevention strategy
- How credential abuse can be blocked before account takeover is achieved
- How to minimise the impact on legitimate users
To coincide with their webinar, Akamai have also released an in-depth white paper called Gambling and the Cloud: Securing the Future you can download a copy here.
Answers to some of the questions we could not get to during the webinar:
1. As an increasing number of international jurisdictions regulate online gambling, do you think the risk of credential stuffing will diminish? Countries who regulate online gambling in 2019 and beyond obviously already have access to solutions and can build safer systems, than countries who retrofitted their regulation. Or, do you think that cybercriminals will become increasingly sophisticated and make it even more difficult to protect our data?
Credential Stuffing is driven by the availability of 2 key elements – password reuse and Single Factor Authentication. While these still exist the landscape for credential stuffing will remain.
2. If and when the gambling industry begins to use biometric data for identity verification, AML and responsible gambling, will this mitigate risks with credential stuffing?
A second factor would massively impact the scope of credential stuffing, and it wouldn’t matter so much whether this is biometric or another form.
3. Do you think compliance teams and their subsectors need to start taking a uniform, risk-based approach to their own challenges, or do they need to remain separate in their expertise?
Having a consistent policy for security is very important and all teams need to understand the strategy alongside it. Multiple regulations should not necessarily mean multiple solutions, and understanding other technologies that are being used in the business – not only from a security perspective – can mean a more effective and resilient solution whilst also reducing technical debt.