The Michigan Gaming Control Board (MGCB) is making two-factor authentication mandatory for online casinos in the state starting March 4. The Board sent out a memo to operators back in November of the added procedures.
Soaring Eagle Casino sent an email to Eagle Casino & Sports customers on Wednesday morning to notify of the new policy. The operator is going to be using SMS verification as its second step of authentication.
Two-factor authentication had been optional over the years. However, the MGCB is tightening up security measures to protect Michigan bettors. In a memo sent to gambling platforms, the MGCB said:
“To be clear, Michigan administrative rules permit the use of remote multi-source authentication, which is a common practice on Michigan platforms today. However, such methodology is only sufficient if it fulfils the underlying statutory and regulatory mandate to verify an individual’s identity before allowing the individual to create an account.
“The use of remote multi-source authentication to verify the accuracy of information entered by a prospective account holder and confirm its correspondence to a real-life person does not, by itself, constitute identity verification. Procedures must be performed to ensure that the account applicant is who they say they are and authenticate their claim to the identity.”
MGCB adding extra layer of security with 2FA
It’s the MGCB’s job to uphold the integrity of gambling by implementing policies that protect Michigan residents’ sensitive information. Requiring platforms to introduce two-factor authentication is one way of doing that.
Despite it being an extra step before logging onto a sports betting app or online casino, the new rules benefit the players. In the memo, the MGCB describes strong authentication as follows:
“Strong authentication is defined as a method that has been demonstrated to the satisfaction of the Board to effectively provide higher security than a username and password alone.”
MGCB Public Information Officer, Lisa Keith, told PlayMichigan the increased threat of cyberattacks influenced the decision for all online operators to implement two-factor authentication:
“With the rise in cyber threats, it is crucial to protect sensitive personal and financial information. MFA provides an additional safeguard, making it much harder for malicious actors to compromise accounts.”
To achieve strong authentication, operators must require two of the following factors:
- Information known only to the authorized participant, such as a password, pattern,
or answers to challenging questions. - Something possessed by an authorized participant, such as an electronic token,
physical token, or identification card. This can include a one-time passcode sent to a device, email address, or phone number. - An authorized participant’s biometric data, such as a fingerprint, face recognition,
or voice recognition scan.
In addition, two-factor authentication mitigates credential stuffing and account takeover attacks, which can lead to significant financial damager for customers. Keith added:
“By requiring MFA, we are taking proactive measures to prevent such incidents and enhance the overall security of the online gaming environment.”
Soaring Eagle’s plans for two-factor authentication
Soaring Eagle informed customers of the new policy and also confirmed the last four digits of phone numbers. The email stated:
“We want to inform you about an important regulatory change in Michigan. Starting March 4th,all players will be required to use Two-Factor Authentication (2FA) at login – this will no longer be optional.
“To facilitate this, we’ll be using SMS verification. This means your account must have a valid phone number on file to ensure uninterrupted access.”
The operator reiterated that nothing else is required of customers, unless their phone number has changed. In that case, customers are encouraged to reach out to support.
