Casinos have long been tempting targets for thieves and scammers, but the reality bears little resemblance to movies like Ocean’s Eleven. The majority of attempts have either been foiled whilst in progress, or the thieves were later caught and punished. Casinos are notoriously reticent to publicise such incidents, but the biggest heist to date is believed to be a 2013 security breach at the . Melbourne Crown Casino The scammers managed to hack the casino’s security cameras, feeding information to a high-rolling player who walked away with $32 million. It seems that the Crown security caught on to the ruse, and the money was recovered. Indeed, that’s how it usually goes with attempts like these on physical casino establishments – the security know what to look out for and most people don’t get away with it. Brick and mortar casinos may have well-established and effective security protocols in place, but when it comes to casino sites, security is an ongoing challenge. One of the first things that potential customers must do when deciding to make an account at a casino website is look at the licensing, regulation and security credentials. about how to identify if casino sites are secure and trustworthy. Read more here The stakes are high; casino websites hold a huge amount of personal data on their players, including identifying information and bank details – they are required by law to do so. This information is of great value to cyber criminals, as demonstrated by the 2016 in Canada. cyber attack on the Casino Rama Up to 200,000 players had their personal data stolen, some of which was published online, and a class-action lawsuit is underway to the tune of $60 million. It is reported that the hackers demanded money in return for not publishing more of the information, although at the time the shady group behind the attack claimed that they were merely attempting to force the casino to improve security. Cyber Threats and their Prevention Phishing Luckily, there have not been many such attacks on entirely web-based casinos to date. A large-magnitude data breach would likely be fatal for any online casino; their reputation would simply never recover from the loss of trust. But the Rama incident raises serious concerns in the industry, especially because it is believed to have been achieved via a phishing scam. Such attacks can be the hardest to manage, since they rely on fooling users into giving access to their personal data. The scale of the Rama data breach suggests that the phishing victims may not have been individual clients, but rather employees with access to customer data. Phishing is in the realm of a human error issue, and the only tools available to combat it are strong messaging for customers and thorough training for employees. DDoS Attacks All casino sites are also alert to the threat of a Distributed Denial of Service (DDoS) attack. These are particularly damaging to a 24/7 business like a casino, where customers expect access at all times. During a DDoS attack, hackers use bots to overwhelm site servers with requests, leading to the site crashing and sometimes even causing physical damage to the servers. Such an incident can be a great blow to the reputation of a casino site, but a DDoS attack can also be part of something even more serious than a site crash. Large-scale attacks are on the rise, but smaller ones can go undetected and be used as a smokescreen to install ransomware or malware. Hackers need only minutes to gain access to customer information and more. Even if a DDoS attack is not accompanied by a more significant security breach, crashing a casino site can lead to the loss of millions in revenue and permanently harm the name of the casino. In a crowded market, loss of faith in site security is enough to close anyone down. As DDoS attacks have such potentially devastating consequences, today’s casino websites must ensure that all precautions are taken to mitigate the risk. Manual DDoS mitigation is no longer recommended, as it requires a manual response to an attack – in the case of a smaller-scale, undetected attack, such mitigation would be useless. Instead, a more proactive and preventative approach needs to be taken, which may well require the services of a dedicated DDoS mitigation provider. Such providers employ a variety of techniques, such as rate limiting, blacklisting and firewalls. One effective way to mitigate against DDoS is by abandoning unicast DNS in favour of anycast. This allows traffic to be absorbed by a network of servers that share an IP address, rather than routing all traffic to a single server. Hacking and Encryption While the threat and magnitude of DDoS attacks increases, it’s important not to neglect defence against other forms of hacking. The usual way that this is done is via data encryption, and the majority of casino websites use TSL (Transport Layer Security) to provide a secure channel for data to pass through without being intercepted or tampered with. Most sites still refer to TSL as SSL, the name of its predecessor. Many casino sites are today boosting their SSL encryption and adding an extra layer of security with – a robust method of encrypting and decrypting data so that it can be safely transmitted via the internet. RSA algorithm How Secure are Casino Sites? Casino sites take security just as seriously as their land-based counterparts, and utilise a variety of sophisticated methods to mitigate and eliminate risks. Coupled with stringent KYC (know your customer) practices, the security protocols at casino sites are some of the most rigorous to be found at any e-commerce site. As tools and methods of attack become increasingly sophisticated, casino sites must be responsive to change and be proactive in staying one step ahead of the hackers. Since it is in everyone’s interests to make security a priority, reputable casino sites afford customers the same levels of safety as online shopping with a major retailer or using an internet banking service.
