Gambling with Security: Mitigating Threats to Online and Mobile Gaming

Published February 3, 2020
Ed Tittel HeadshotWRITTEN BY ED TITTEL. Ed Tittel is a long-time IT industry writer and consultant who specializes in matters of networking, security, and Web technologies. For a copy of his resume, a list of publications, his personal blog, and more, please visit www.edtittel.com or follow @EdTittel

In this time of the COVID-19 pandemic, we’re all spending more time on our PCs and smartphones. It might seem odd, but The Business Research Company’s Global Online Gambling Market report asserts that online gambling has skyrocketed in 2020. This is because home-bound punters, blocked from visiting brick-and-mortar gambling dens, are turning to online gambling destinations in droves.

This makes protecting games of chance — and their players — against online gambling security threats more important than ever, especially where mobile gambling security is concerned.

Computer application with gaming icons, dice, cards

Online gambling is in hackers’ crosshairs

In June 2020, Security Boulevard published a discussion of cybersecurity for the online casino and gambling industry. It exposes a number of clear and present dangers that face online gambling developers and involve more than hack attacks (though those are also quite prevalent).

Access to gambling platforms themselves can come under direct attack, but smart attackers also recognize that scamming gamblers is another avenue of more indirect attack. By stealing customer information, attackers can ultimately access their money at far less risk to themselves than a “fair game” of chance.

The revenue streams involved can also be quite substantial. Grand View Research estimates the size of the global online gambling industry as $53.7 billion in 2019, and a compound annual growth rate of 11.5% is projected from 2020 to 2027, for a global market size of $127.3 billion by that year.

Europe dominated the 2019 market with $22 billion in receipts, but the US appears headed for the top in the short term, with Grand View Research projecting its market size at nearly $103 billion by 2025. The Asian market is also coming on strong, as more online venues that serve its populations keep appearing.

Cryptocurrency payments are becoming the norm in gambling apps and applications, as online gambling and casino operators switch to Bitcoin and its various counterparts. From a security standpoint, cryptocurrency is attractive because gamblers need not enter their personal data during deposits, and blockchain systems are nearly hack-proof. In addition, cryptocurrency transaction fees are much smaller (sometimes zero) than for a traditional payment method such as credit or debit cards, bank account access, and so forth. Deposits and withdrawals are faster, too, while maintaining player anonymity.

More players means more attack vectors

Desktop PCs, with their larger monitors and display areas, still dominate online gambling by user count. But as smartphone size and resolution have increased over the past decade, momentum is shifting toward mobile users. Mobile online gambling applications are looking for traction, with more variety in deposit options for playing funds, loyalty points, and interactive play with others around the globe.

Mobile technology continues to exert a massive influence on online gambling. Trends such as social gambling and a proliferation of mobile gambling applications signal oncoming changes in gambling habits and practices. Given that somewhere between a third and half of the global population has ready access to a smartphone, casinos and online gambling organizations are investing ever more heavily in gaming applications, especially in creating mobile-friendly games. In Europe, for example, desktop games account for 49% of market share, but mobile keeps growing and now represents at least 35% of online gambling activity.

All this action calls for strong protection, so online gaming security and gambling app security are top of mind for online casinos and gambling outlets, especially on mobile devices.

Key concerns for gambling companies

According to Security Boulevard, hacking remains the primary threat for online casinos and gambling establishments. Targeted attacks may swamp servers with bot traffic, or may involve sophisticated phishing or spear phishing attacks to steal confidential customer information. The same source confirms ongoing gambling company and online betting attacks in southeast Asia since 2019, and that betting companies in the UK gained access to 28 million confidential children’s records (for future contacts and cultivation). Ransomware is a particular concern for online gambling outlets, as illustrated by a successful attack on SBTech in March 2020 that shut the site down for 72 hours.

Gambling companies must educate gamers about phishing, email and social media to prevent spoofing attacks, or out-and-out gambling app impersonations. Clear, strict rules must apply to communications and access so that users will be less easily fooled into providing credentials or credit information to untrustworthy or malicious third parties.

Two-factor authentication should come into play for anything involving set up or management of credentials or online payment information (and yes, email counts as a second factor when the primary device is a smartphone). Payment security, especially online payment security, is always worth extra attention (and extra testing, even to the point of deploying pre-emptive white hat or red team attacks).

But as necessarily public points of exposure, gambling websites (and the applications that access them) are painfully obvious and unavoidable points of attack, so more is needed.

Building a security mindset for gambling software

Across the board, a security mindset is fundamental when developing gambling software that involves internet access and communication. That goes double when such access and communication involve financial transactions, cryptocurrency or customer information, and triple when the focus is as popular and all-consuming as gambling is for millions of users.

Experts recommend putting these four principles to work throughout the development lifecycle for gambling software:

  1. Design and build with security in mind from the get-go. Credentialing, payment, and holdings and winnings are particular foci for attack, and these points should get extra attention at every step in the development lifecycle.
  2. Include security reviews at each step of the development process to check for and eliminate vulnerabilities.
  3. Always start security improvement with an in-depth review of existing code, including open source and third-party code (libraries, APIs and so forth), in order to identify and eliminate, mitigate or work around vulnerabilities.
  4. Test all apps thoroughly, through internal and pilot populations, before making any general public releases.

Advice to online gamblers

For starters, online gamblers are advised to neither jailbreak nor root mobile device operating systems. This exposes smart devices to increased vulnerability.

Equally important, all users, whether on mobile devices or PCs, should never install apps or applications except from official sources. Likewise, they must never click links sent from emails, text messages, social network posts, or other third-party sources of gambling information and connections.

As always, users must keep devices and applications — including gambling apps, applications and plug-ins — current, with regular security updates and anti-malware protection fully engaged. If possible, in fact, gamblers should use a virtual private network (VPN) connection when gaming. If one isn’t built into the gambling infrastructure, a good third-party VPN will do.

Online gambling is a big-draw, big-money industry. For those who create, use or offer online gambling, proper attention to security is a must. With the right tools and techniques, all parties can remain safe and sound.


Would you like to know more about implementing an automated security scanning solution in your company? Get in touch with our Kiuwan team! We love to talk about security.

Scan your code with Kiuwan banner