• United States




Legalizing online sports betting means a new need for security

Jul 10, 20185 mins
AuthenticationIdentity Management SolutionsMobile Security

In the wake of SCOTUS paving the way to legalizing online sports betting in the U.S., states are figuring out the best approach to making it secure with authentication and identity verification.

crowd of sports spectators seamless 164455698
Credit: Thinkstock

On May 14, 2018, the Supreme Court of the United States (SCOTUS) ruled in favor of New Jersey’s case to repeal the Professional and Amateur Sports Protection Act (PASPA), thereby paving the way towards legalizing online sports betting in the U.S. PASPA prohibited all states other than those with existing legislation—Nevada, Oregon, Delaware, and Montana—from legalizing online sports betting.

The big business of online sports betting

It comes as no surprise that sports gambling is big business. In 2017, Nevada’s Gaming Control board reported a $4.8 billion bet at its sportsbooks. This was a new record high, but legal betting is just the beginning of the story. No one has a definitive number for how much money is bet illicitly. For example, the research firm, Eilers & Krejcik Gaming, projects that this number could fall between $50 billion and $60 billion.

While the Supreme Court’s decision opened the door for individual states to regulate sports betting, it didn’t prohibit future federal regulation in the industry. The House of Representatives is planning a hearing titled “Post-PASPA: An Examination of Sports Betting in America.” It was scheduled for June 19 but was postponed to a later date.

Individual states will regulate and define through legislation how sports betting may be implemented.  Anticipating a repeal of PASPA, several states introduced legislation ahead of the Supreme Court’s ruling, while many others are drafting bills. Eilers & Krejcik Gaming projected that if the law was overturned, 32 states will authorize some form of sports betting by 2023, with annual revenue projected at $6 billion.

States are trying to figure out the best approach. Some will only permit wagering on location at a designated establishment such as a casino or racetrack. This will likely require an in-person identity proofing event where a hopefully well-trained person will properly identity-proof the sports gambling applicant. More progressive states realize that each of us has a mobile wagering device in our pocket and will permit wagering online through a mobile app or web browser. 

Digital onboarding and the SCOTUS decision

The SCOTUS decision comes at a time when technology has advanced to the point where digital onboarding of customers is quickly becoming commonplace. Especially so in industries where it is imperative to know the identity of the customer and ensure they meet specific legal requirements. 

Banks have quickly embraced identity verification solutions to digitally onboard customers and are realizing reduced costs, paperwork reduction, and higher customer satisfaction as a result. This technology is expected to expand into other areas such as ride sharing, the hospitality industry, online education, social media and likely online sports gambling. For the end-user, it is as simple as taking a photo of their driver license and a selfie. The back-end technology will verify that the document is genuine and has not been altered. Facial recognition technology will determine if the individual on the driver license matches the selfie. In addition, the demographic data can be verified on the back-end using a variety of sources, such as mobile phone account records. Moreover, any terms and conditions can be acknowledged with an electronic signature. All this takes place in seconds.

Security will be of the utmost importance to state gaming commissions. States have a golden opportunity to get it right the first time and leverage the latest technologies in identity and access management and authentication. After verifying the identity of the individual, the identity should be bound to a device to ensure that future bets are coming from a trusted device. States will likely deploy the latest in easy to use mobile apps for users to download from the App Store or Google Play Store or from their own state-managed website.

All too often, organizations focus on the user experience of their mobile app with security being an afterthought. When it comes to financial transactions, including wagering and the storage of personally identifiable information, security must be of the utmost importance. The mobile app must be resistant to intrusion, tampering, and reverse-engineering via app shielding technology. Securing the core components of the gambling app, including communications between the mobile device and the server, storage, and user interface, are critical.

Deploying online sports betting the right way

If states are to deploy online sports betting the right way, they need to know that the person placing the bet is really the person whose identity was verified. Static passwords should not be considered; nor should any authentication method that could impede usage. Imagine how angry one might be if they didn’t get their Super Bowl bet placed in time, because they were fumbling with some heavyweight authenticator.  States should turn to the latest available adaptive authentication solutions that analyze and score hundreds of user, device, and transaction data in real-time to determine the precise authentication requirements for each transaction. This level of intelligence ensures the best possible customer experience, while safe-guarding transactions and customer data.

Some states may require that bets take place within the state’s borders. By combining geofencing with behavioral biometrics, the user experience will be frictionless, while the state will have confidence that they are in compliance.

It remains to be seen, but I am willing to bet (pun intended) that those states that procure and implement the latest mobile security and authentication technologies and permit online and mobile wagering on sports will reap millions more in annual revenue than those states that only permit sports betting at the horse track.


Michael Magrath is responsible for aligning OneSpan’s solution roadmap with standards and regulatory requirements globally.

He is Co-Chair of the FIDO Alliance’s Government Deployment Working Group and is on the Board of Directors of the Electronic Signature and Records Association (ESRA). He also served as a member of the Board of Directors for the Identity Ecosystem Steering Group’s (IDESG) and was Chair of the Health Information Management Systems Society (HIMSS) Identity Management Task Force.

Prior to OneSpan, he served as Director for Identity Solutions for DrFirst, a leading U.S. health IT solution provider, and focused on streamlining and securing the identity management process for healthcare providers nationwide and increasing the adoption of electronically prescribing controlled substances (EPCS).

Before DrFirst, Mike lead Gemalto’s market and business development activities in the U.S. government and healthcare markets and was a contributing member of the Health Record Banking Alliance, WEDI, HIMSS, the Medical Identity Fraud Alliance and the Secure ID Coalition.

He served as Chairman of the Secure Technology Alliance’s (formerly the Smart Card Alliance) Health & Human Services Council from 2010-2014 where he led initiatives to stimulate the understanding, adoption, use and widespread application of smart card technology in healthcare. He served as an advisor to the American Medical Association supporting a Center for Disease Control grant to develop and test the viability of a "Health Security Card" to identify and expeditiously treat victims in the event of a disaster.

Mike holds a Bachelor’s Degree in Psychology from the University of Massachusetts at Amherst. He is married with three children and resides in Northern Virginia.

More from this author