There are plenty of good reasons why online gambling is strictly regulated in most EU countries and Switzerland: After all, it is essential to ensure that only authorised users have access to the offers - i.e. not minors or people who have blocked themselves from using gambling sites, for example. Not only that: the operators of online casinos have a particular obligation to protect their customers' data. As the game is usually played for money, users register bank accounts or credit card details, all of which must be secure from any unauthorised access. The example of the Swiss online casino jackpots.ch, a subsidiary of the Grand Casino Baden (GCB), shows how compliance with all legal obligations and safeguarding user data can be optimally achieved. The magic formula here is secure authentication using a passwordless login.
To keep dubious providers out of the market, Switzerland enacted a new Gambling Act in July 2019. This allowed brick-and-mortar casinos in Switzerland to expand their business activities to the online sector. A pioneer in this sector, Grand Casino Baden launched the first official Swiss online casino ‘jackpots.ch’ back in July 2019. As a licensed provider, the GCB is bound by strict legal requirements that regulate purely chance-based prize outcomes and the protection of players and all their sensitive data.
To prevent any unauthorised use of the online casino, the identity of prospective customers is verified by means of official identification documents before they can create a player account. But even after registration, it is still important to check who is trying to log in each time. With this in mind, the Grand Casino Baden set out to find a provider of biometric authentication systems at the beginning of the year. Impressed by a demonstration of the technical possibilities, their choice fell on the Authentication Cloud from Nevis.
Authentication using the FIDO standard
The login process is very simple for users: All they have to do is enter their user name on the online casino’s website. The actual authentication, i.e. the reconciliation of the digital identity stored during registration with that of the user on the device, takes place via the authentication app installed on the user’s registered mobile device. Thanks to the extremely high-security standards for logging in, there is no need to enter a password at all. Instead, during passwordless authentication, the user’s identity is verified by biometric factors like face ID or fingerprint; in this way, logging in takes just a matter of seconds.
One thing that is particularly important for ensuring security is that the biometric data used for unique identification never leave the mobile device, where they are stored in specially secured storage areas. Combining biometric identification and strong cryptography based on the FIDO (Fast IDentity Online) standard meets all current security requirements.
For online casinos or sports betting providers, passwordless authentication thus combines several factors that are crucial for business success: Firstly, it takes into account the customers’ desire to log into their gaming account with the minimum of effort – providers who discourage this with obstacles (for example, long and complicated passwords) quickly lose out. Secondly, despite all this convenience, it does not skimp on security. Security always remains the main focus. This also means, for example, that identity is not only checked during login but for all particularly sensitive transactions. For example, money transfers into the gaming account can be additionally secured with a separate confirmation in the so-called step-up procedure. The FIDO procedure guarantees strong security that effectively protects user data from hacker attacks and identity theft.