Gaming Industry Cyber Risks in 2015-2016

Salad_Cyber-Security_BlocgHeader.png

As a result of the industry’s overwhelming reliance on online technologies, cyber risks impacting gaming service providers have shifted from tolerable nuisances to game-changing breaches. In 2015-2016, these cyber risks have largely targeted virtual gaming operations and casino payment systems.

All digital games of chance and games of skill rely on complex random number generators (“RNG”) to maintain outcome parity. RNGs are analogous to dealers and croupiers who work in traditional casino establishments. To maintain game integrity, the gaming industry developed RNGs that are amongst the most secure digital elements in the cyber world. In fact, there have been no recorded incidents of gaming RNGs being directly compromised.

Due to the overwhelming security surrounding gaming RNGs, cyber criminals have begun to attack actual virtual gaming operations instead of the virtual games themselves. The most prevalent example of this type of attack involves a distributed denial of service (DDOS) followed by an extortion demand. By way of background, a DDOS occurs when cyber criminals flood a website or server with useless data traffic, causing the website or server to become disabled. Once a DDOS is successful, the cyber criminals responsible for the attack extort victims with threats that the DDOS attacks will continue unless a ransom is paid. In the third quarter of 2015 alone, at least four major online poker providers were victims of this DDOS-extortion combination.

Improper casino integration with entertainment vendors led to multiple cyber crimes in 2015 and 2016. Improper integration issues generally arise as the result of two major practices: (1) where vendors are allowed to use casino payment systems to access client comps and credits, i.e., a casino guest uses reward points to purchase jewelry from a casino vendor; or (2) where vendors and casinos share the same payment system to allow cross-business purchases, i.e., a casino guest charges nightclub expenses to his or her hotel room. In both of these instances, casino security must be carefully considered before integration measures are implemented for customer convenience. For example, casinos could avoid major data breaches arising from improperly integrated casino-vendor payment systems if cyber best practices are instituted and client financial data and client marketing data are segregated.

To learn more about the cyber risks confronting the gaming industry and how these challenges can be overcome, please join our panel of cyber experts on May 25, 2016 from 11:10-12:00 P.M. at the 20th Annual East Coast Gaming Congress. For more information or to purchase tickets, please contact Donna Vecere at 609-572-7400 or visit http://www.eastcoastgamingcongress.com/.

Peter Fu is an attorney in Cooper Levenson’s Tax, Business and Cyber Risk Management practice groups. He concentrates his practice on sales and use tax, enterprise risk management, and commercial transactions. Peter is licensed to practice law in New Jersey and Florida. Peter can be reached at 609.572.7556 or via e-mail at pfu@cooperlevenson.com.

Michael Salad is an attorney in Cooper Levenson’s Tax, Business and Cyber Risk Management practice groups. He concentrates his practice on estate planning, business transactions, mergers and acquisitions, tax matters and cyber risk management. Michael holds an LL.M. in Estate Planning and Elder Law. Michael is licensed to practice law in New Jersey, Florida and the District of Columbia. Michael may be reached at 609.572.7616 or via e-mail at msalad@cooperlevenson.com.

Date Published: March 1, 2017


Written by: Michael Salad

Leave a Reply