Massachusetts Gaming Regulators Discuss Online Sports Betting Authentication

MGC Members discussed amending Title 205 of the Code of Massachusetts Regulations to require online sportsbooks to implement multi-factor authentication (MFA), believing it could heighten security for users.

Ziv Chen - News Editor at Covers.com
Ziv Chen • News Editor
Sep 2, 2024 • 14:07 ET • 4 min read
Rafael Devers Boston Red Sox MLB
Photo By - USA TODAY Sports

The Massachusetts Gaming Commission (MGC) held a public meeting on Thursday, August 29, in which members discussed amending Title 205 of the Code of Massachusetts Regulations to require online sportsbooks to implement multi-factor authentication (MFA).

MGC Chair Jordan Maynard shared his belief that making MFA a requirement could heighten security for users, protecting their funds and any data they share with online sportsbooks.

If you have your bank account, your debit card tied up to something like an online sports betting account, it’s good to lock it up with MFA.

However, Commissioner Brad Hill was less inclined to make MFA a requirement, arguing the option is already there for anyone who wants to use it. The MGC plans to discuss the mandate further with the state’s licensed operators and has yet to reach a conclusion.

Preventing underage gambling

Commissioner Eileen O’Brien shared her support for Maynard’s position, adding MFA could also assist in ensuring responsible gambling, as it provides an extra layer of security against underage gamblers trying to access an online sports betting account that doesn't belong to them

This comment follows the commission’s earlier concerns regarding underage sports betting, which were addressed during a meeting last November. Commissioner Hill cited instances where minors might gain access to sports betting platforms using accounts belonging to parents or older friends. 

Example: I'm able to bet, my 16-year-old knows my passwords. I allow him to go in and bet, which we're being told is happening. We didn't have any proof of it, but just that it was happening. I just think it's something that we need to continue to keep an eye on and work with our operators to ensure that this is a priority for them.

How MFA works

MFA requires users to provide additional information beyond just a password to access their accounts, creating an extra security layer against unauthorized access. For example, this could include answering a security question or entering a code sent to the user’s phone number or email. 

Should the MGC choose to move forward with the mandate, there are two potential approaches it could take to implementing MFA. One approach — similar to regulations in Pennsylvania, New Jersey, and Iowa — would require MFA once every two weeks. The site will remember the device for two weeks, but the user will need to authenticate again if they use a different device.

Alternatively, the MGC could adopt the stricter approach proposed by the Ohio Casino Control Commission, requiring MFA for every login.

Online driving revenue

The latest figures published by the MGC revealed the state’s seven online sportsbooks accounted for 98.8% of July’s revenue. Mobile handle also reached over $405 million of the total $411.8 million. DraftKings dominated, followed by FanDuel, and BetMGM. 

This fall, the MGC is set to discuss limits placed on winning sports bettors, after sportsbooks didn’t show up to May’s meeting.

Pages related to this topic

News Editor

Ziv Chen is an industry news contributor at Covers.com

Popular Content

Covers 25 Years Logo Established in 1995,
Covers is the world
leader in sports
betting information.
Covers is verified safe by: Evalon Logo GPWA Logo GDPR Logo GeoTrust Logo Evalon Logo