Get 125% / $2,500 on 1st deposit!
New players only. Exclusive Welcome Bonus of up to $2,500
A public hearing was conducted by the Massachusetts Gaming Commission (MGC) on August 29th to discuss revisions to Title 205 of the Code of Massachusetts Regulations. The main discussion point was whether or not online sportsbooks should be required to use multi-factor authentication (MFA), as this might greatly improve customer security.
MGC Chair Jordan Maynard stressed that mandating MFA may give consumers an extra degree of security, protecting their personal information as well as their financial holdings. He pointed out the benefits of MFA, stating, “If you have your bank account, your debit card tied up to something like an online sports betting account, it’s good to lock it up with MFA.”
However, not all commissioners agreed on making MFA mandatory. Commissioner Brad Hill argued that since MFA is already an available option, users should have the freedom to choose whether to activate it. The MGC plans to continue discussions with the state’s licensed operators before reaching a final decision.
Commissioner Eileen O’Brien backed the idea of mandating MFA, highlighting its potential to prevent underage gambling. By adding an extra security step, MFA could help ensure that minors do not gain unauthorized access to online sports betting accounts.
This concern is not new to the MGC. Last November, the commission addressed the issue of underage sports betting, with Commissioner Hill sharing concerns about minors accessing sports betting platforms through accounts belonging to parents or older friends. Hill noted, “We didn’t have any proof of it, but just that it was happening. I just think it’s something that we need to continue to keep an eye on and work with our operators to ensure that this is a priority for them.”
MFA works by requiring users to provide additional verification beyond just a password, creating an extra barrier against unauthorized access. This could involve answering a security question or entering a code sent to the user’s phone or email.
If the MGC decides to move forward with the MFA mandate, there are two possible approaches. One approach, similar to regulations in Pennsylvania, New Jersey, and Iowa, would require users to authenticate once every two weeks. The site would remember the device for two weeks, but the user would need to authenticate again if they log in from a different device.
Alternatively, the MGC could adopt a stricter model, like that proposed by the Ohio Casino Control Commission, requiring MFA for every login.