twitter logo linkedin logo facebook logo

New rules for New Jersey sportsbooks: MFA is a must


New gambling regulations in New Jersey

New Jersey has a problem: it’s too attractive. That is, its gambling industry seems too tempting for people in states where betting and gambling are not allowed. Since the New Jersey Legislature passed a bill in January 2011 to allow online gambling by New Jersey residents over 21, online gambling has become very popular in the state. Where gambling can take place is limited: On February 26, 2013, a revised bill permitting Internet gambling legalised online casino gambling for a ten-year trial period. It also restricts the operation of the websites to Atlantic City’s eleven casinos.

That hasn’t stopped the gambling and betting industry from turning into a billion-dollar business. The enormous profits also attract gamblers from other states. Officially, only people residing in the Garden State area can bet there, but many are determined to overcome this hurdle. And that’s where it gets complicated.

Messenger or proxy betting 

Messenger betting is illegal in New Jersey. A person in New Jersey cannot place bets in their sportsbook accounts for another person, not even for another New Jersey resident. It’s against both state and federal law. Yet, that still happens. With its new betting guidelines, the regulator wants to stop that activity. It requires betting and gambling companies to implement strong authentication in the form of Two-Factor Authentication (2FA) or Multi-Factor Authentication (MFA). However, the NJ Division of Gaming Enforcement (DGE) has reserved the right to define other authentication strategies as “strong,” as long as they’re more secure than a username and password alone. The recent DraftKings case shows how critical extra measures like MFA are for the industry and the state.

The DraftKings case

In November 2020, the betting industry news site Sportshandle published the details of a betting case that landed sports betting company DraftKings in hot water.

It centred around Eric Stevens, a VIP customer of DraftKings. He is based in Jacksonville but made the wagers from Florida through his friend Larry Porter who lives in New Jersey.

Stevens used Porter, the proxy, to place dozens of out-of-state wagers on his New Jersey DraftKings account while he remained in Florida. Messenger betting isn’t only illegal in New Jersey; it’s also against DraftKings’ own terms and conditions. Yet, it was also profitable: Stevens routinely made six-figure out-of-state wagers and often placed single bets above $1 million.

DraftKings paid a $150,000 civil penalty to the state of New Jersey. According to Sportshandle, federal law agents told them this proxy messenger case isn’t the only one. It was about time New Jersey’s gambling and betting laws reflected that.

What are 2FA and MFA? 

Multi-Factor-Authentication (MFA) makes it harder for hackers to get access to online accounts. Users have to provide at least two verification factors of the following:

Things you know (such as a PIN)

Things you have (like a smartphone or a key)

Things you are (like a fingerprint)

2FA falls in the MFA category. It simply means that you need two factors to verify yourself, whilst the term MFA is the umbrella term for this technology.

The challenges for the gambling industry 

The new gambling regulation has many advantages: 2FA makes it easier for betting companies to ensure that only the account holder uses their services and doesn’t outsource them to someone in another state. The need for strong authentication also reduces the risk of hacking, a serious problem in the betting industry. Hackers would now need the device the one-time code is sent to and the account password. A safe betting experience increases trust in the brand so the 2FA regulation can be beneficial for the gaming and betting industry.

But adding MFA to the user experience also adds friction to the login process. The longer it takes gamers to log in and start betting, the more likely they will abandon the website and go elsewhere. That’s especially true since betting is a recreational activity that people use to relax, not a necessary evil like logging into their bank account to check their bank balance. How can the gamer and betting industry offer more security without adding friction to the user experience?

How MIRACL can help

MyLottoHub is an excellent example of how the right design and use of single-step MFA has a direct impact on profit.

Nigeria’s lottery companies sell 2.7 billion tickets yearly to players hoping to strike it lucky. Until recently, each draw depended on paper tickets sold through a national network of agents. That led to delays and disputes over the collection of winnings. The browser-based app MyLottoHub came on the market to replace that physical infrastructure with a digital experience.

Players can buy tickets for different lotteries, enter draws and collect winnings quickly. For lottery companies, the app is a ready made way to do business online. For players, it’s a shortcut to the joy of gaming.

MyLottoHub needs to reassure lottery companies that player identities are verified, accounts are secure, and tickets are genuine. It also needs to conform to Nigeria’s strict NDPR data regulations (equivalent to GDPR in the EU) and resist hackers’ favourite mode of attack: phishing. After all, hackers love the gaming industry.

At the same time, any security procedures must avoid interrupting the user experience so players can buy tickets, access forecasts, and collect winnings without friction.

That proved a challenge. In 2020, MyLottoHub was still at the pilot stage and urgently needed to expand. Growth had flatlined, held back by a complex registration process and a sometimes awkward user experience. New users had to part with many details, including their mobile number, real name, age, email address, username, and password. Initially, MyLottoHub only installed MIRACL as an extra layer of security, keeping the usernames and passwords. Both existing and new users didn’t like this user experience, so MIRACL advised MyLottoHub to make a few changes.

First, the email address was made the username for every player, which led to an uptick in traffic. Then, MIRACL advised removing the password altogether so that players only had a four-digit PIN, using MIRACL single-step MFA.

MIRACL proposed other design changes, too: more prominent registration buttons, fewer sign-up fields, and optimisations for mobile phones, which were the preferred device for 85% of users.

The result was impressive: MyLottoHub is now Africa’s #1 lotto app and platform.

Thanks to the changes set out by MIRACL, MyLottoHub nearly doubled its conversion rate to over 75%. Not only that, but in just over six months, MyLottoHub experienced 60% growth in month-on-month traffic. Registered users continue to grow by 35% a month. The industry-leading login success rate of 99.8% is one of the factors that led to this outcome.

In 2021, the company won a place in the Google Play Store, onboarded major clients, and secured 240,000 sales – an increase of more than tenfold over the previous year. On its present trajectory (June 2022), the company is set to grow tenfold again over 18 months to the end of 2023. By 2025, it is on track to sell 270 million lottery tickets annually – a 10% market share.

“MIRACL provides state of the art security for our users within an online experience they love,” says Obayomi Okubajo, Co-founder at MyLottoHub. “By prioritising friction-free enrollment and login, we are putting players first, winning clients and growing fast. That growth would have been impossible without single-step MFA.”

If you want to know more about MIRACL, you can sign up for our newsletter here or schedule a demo here.

Get the MIRACL memo in your inbox

Get in touch to learn more

You can opt out at any time. See our privacy policy here.