The Massachusetts Gaming Commission (MGC) held a public meeting on Thursday, August 29, in which members discussed amending Title 205 of the Code of Massachusetts Regulations to require online sportsbooks to implement multi-factor authentication (MFA).
MGC Chair Jordan Maynard shared his belief that making MFA a requirement could heighten security for users, protecting their funds and any data they share with online sportsbooks.
If you have your bank account, your debit card tied up to something like an online sports betting account, it’s good to lock it up with MFA.
However, Commissioner Brad Hill was less inclined to make MFA a requirement, arguing the option is already there for anyone who wants to use it.
Preventing underage gambling
Commissioner Eileen O’Brien shared her support for Maynard’s position, adding MFA could also assist in ensuring responsible gambling, as it provides an extra layer of security against underage gamblers trying to access an online sports betting account that doesn't belong to them
This comment follows the commission’s earlier concerns regarding underage sports betting, which were addressed during a meeting last November. Commissioner Hill cited instances where minors might gain access to sports betting platforms using accounts belonging to parents or older friends.
Example: I'm able to bet, my 16-year-old knows my passwords. I allow him to go in and bet, which we're being told is happening. We didn't have any proof of it, but just that it was happening. I just think it's something that we need to continue to keep an eye on and work with our operators to ensure that this is a priority for them.
How MFA works
MFA requires users to provide additional information beyond just a password to access their accounts, creating an extra security layer against unauthorized access. For example, this could include answering a security question or entering a code sent to the user’s phone number or email.
Should the MGC choose to move forward with the mandate, there are two potential approaches it could take to implementing MFA. One approach — similar to regulations in Pennsylvania, New Jersey, and Iowa — would require MFA once every two weeks. The site will remember the device for two weeks, but the user will need to authenticate again if they use a different device.
Alternatively, the MGC could adopt the stricter approach proposed by the Ohio Casino Control Commission, requiring MFA for every login.
Online driving revenue
The latest figures published by the MGC revealed the state’s seven online sportsbooks accounted for 98.8% of July’s revenue. Mobile handle also reached over $405 million of the total $411.8 million. DraftKings dominated, followed by FanDuel, and BetMGM.
This fall, the MGC is set to discuss limits placed on winning sports bettors, after sportsbooks didn’t show up to May’s meeting.
