Sportsbooks need to provide better security

Mudcat · 03-27-06, 12:47 PM

Thanks for posting. I agree whole-heartedly that increased security would be a good thing.

I confess I am confused by this whole issue. At the risk of sounding dense, I don't understand how someone can steal your funds, even with your account # and password. I can see how they could place some unwanted bets - which would be a big drag, no question (unless they won) - but are they actually able to withdraw your funds to somewhere other than your originally posted info?

Maybe it is because I use Neteller that this seems improbable. Would you say that Neteller is the best way to go vis-a-vis security or am I being naive?

Or are we just talking about hackers placing unwanted bets.

Originally posted by marc

1) When I first log in, don't give me some stupide balance confirmation screen. How am i suppose to comfirm my balance before I even have a chance to view my graded wagers. Instead, what I wnat to see is YOU LAST LOGGED IN AT SUCH AND SUCH TIME FROM SUCH AND SUCH IP ADDRESS.

I'm not sure I see how this would help. Wouldn't the hacker just see that and say, "Sure whatever," and then do what he's going to do? I see what you have said about, In almost all cases of players whose accounts were hacked into, the culprits logged into the account a number of times prior to stealing the funds. Wouldn't hackers just stop making those preliminary log-ins and go straight to "making their move."

I'm not arguing; I'm just trying to better understand what is happening.

Originally posted by marc

2) If someone calls or emails to request any change like a change of address, or email address or password, send an email TO THE ORIGINAL EMAIL ADDRESS on file confirming the change requested.

I agree with that 100%. Seems like a no-brainer to me.

TLD · 03-27-06, 01:42 PM

Very valuable post Marc. I wholeheartedly second it. I don’t know that it’ll get the attention it deserves and lead to changes in sportsbook practices, but it certainly should.

marc · 03-27-06, 01:51 PM

Mudcat,

With some sportsbooks it's actually quite easy to steal somoene elses money. As long as you have their account number and password. All you do is call, pretend to be the other player and tell the clerk that you would like to transfer all of your money to your buddy who has another account. And basically you trannsfer the funds from the other player account into your. You play it through 1x, and then request a withdrawal by **. If you can get the **, before the other player or the book realize what happened, there is nothing anyone can do.

The reason why it is importnaat to let players know when the last time someone logged into their account is that usually the thief were log into the account a number of times before striking. I think it's a combination of checking to see how much money you hvae, and also checking to see when you usally place your wagers. In order to really pull it off, the thief needs to be sure he has enough time to play with your money before you log in and discover that your money was stolen. But if you were to log into your account, and you got a message that the last time you logged in was at 2AM, and th ip address wasn't yours, you would know right away, that someone else accessed your account.

I just spoke to a player who hada nice chunk of money stolen, and wehn the sportsbook ran an ip check, they saw that the thief had been logging into his acocunt on and off for 3 weeks before striiking. I know in my case the thief had logged in a few times at least 1 week prior. SO in both of our cases and in likley most cases, a simple message stating when the last time we logged in would have alerted us to the fact that someone else was logging into our accounts before any money was actually stolen.

The Great One · 03-27-06, 02:15 PM

I've often thought about this alot.

What happens if all of a sudden you log in, your money is gone. You e-mail or call the sportsbook, they won't refund it when all they have to do is take your money. Your word against theirs. OR

One of those 4 peso an hour clerks could give the info. to one of their friends or something and have them pull the heist without the person in charge of the sportsbook even knowing.

I'm still trying figure all the nuiances of this business out. Because I'd like to have 5 figure balnces in 6 or 7 books, but I'd always be fearful of something like this.

But I've said it bfore, if Washington would get behind this, the first person that scams gets their little island flooded by B-52 missiles and they'll be changing their tune real quicky.

Mudcat · 03-27-06, 02:30 PM

Man does this give me the heebie jeebies.

Originally posted by marc

With some sportsbooks it's actually quite easy to steal somoene elses money. As long as you have their account number and password. All you do is call, pretend to be the other player and tell the clerk that you would like to transfer all of your money to your buddy who has another account. And basically you trannsfer the funds from the other player account into your. You play it through 1x, and then request a withdrawal by **. If you can get the **, before the other player or the book realize what happened, there is nothing anyone can do.

That's insane if books are allowing that. If that is happening, then I couldn't agree more: increased security is needed.

I hear what you're saying about the IP alerts too.

You have brought up some great points. Thanks for the wake up call.

marc · 03-27-06, 03:09 PM

The Great One,

For the most part, there is nothing that prevents an underpaid clerk from selling your name, account number and password to someone else. ANd as you said, in almost all cases, when you log into your account and discover that your money is gone, the first response form the sportsbook is always, "well it's your responsibility to protect your password." The fact that one of thier clerks might be involved is never considered. The fact that the sportsbook might have lax security is not considered.

What really makes my blood boil, is that in most cases these thieves will play with the money and try to see if they can double or triple it before they withdraw. In many cases they just end up gambling it all away. SO basically they steal the funds from one player and then lose it to the sportsbook. Player can easily prove he wasn't the one who placed the wagers. SPortsbook can easily see from phone logs and ip addresses taht someone else did in fact gain entry into the other players account. It shoudl be a simple matter of voiding out all the illegaly placed wagers and returning the money. But the stance the sportsboks and casinos almost always have is that in order to "protect themselves" they must keep the money. BEcause if they were to return the money, they run the risk of 2 players trying to scam them. Whereby 1 players gives another player his info. PLayer 2 then logs in places some wagers. If they win great, if they lose, player 1 cliams not to know player 2, says his acocunt was broken into and demands his money back. While I acknowledge that such a scam can take place, until te sportsbooks can show that they have taken adequate measures to protect players. they can't simply out thier own protection ahead of the players.

pags11 · 03-28-06, 05:30 AM

Marc,

excellent thread topic...I have to agree with you and others here...as these hackers continue to grow more experience, the websites definitely need to take measures to protect their players...

natrass · 03-28-06, 10:35 AM

Its another symptom of the generally accepted situation that any funds held in a book are totally at the owners risk. The book risks nothing and the only real security out there is to further there own business interests.

I really think proven cases should lead to a forum warning. I would like to know which books allow this to happen .. and also which dont. Any book could challenge a warning and show its not possible but, yes, let the onus be on the book to demonstrate its security for all to see.

There is too much assuming (by players and books ... but the books are supposed to be the professionals) going on with players funds.