Mobile security is a top priority for many businesses that want to offer high-end mobile customer applications. Two-factor security that is convenient and transparent to customers is increasingly seen as the first strategic domino that must fall to conduct mobile business effectively.
Toronto-based Magna Entertainment Corp., a major North American owner and operator of horse racetracks, is a case in point. Mobile betting via cell phone is a huge growth area in Asia, where projected revenues for 2006 are estimated at US $1 billion. But revenues in North America are zero, largely due to the complexity of regulations.
Magna must worry about issues familiar to the banking industry — anti-money laundering and ‘know-your-customer’ regulations that require organizations to identify their customers and track suspicious financial transactions, said Steve Keech, CIO of Magna.
In addition, the firm must address other wagering-specific regulations, such as age verification and geo-fencing regulations, which require that the company know where people are when they bet and what they bet on, so that the right jurisdiction’s rules are applied if the customer is wagering in Nevada or Ontario, Keech said.
To make its foray into the lucrative North American mobile market, Magna must persuade regulators that it has the capability to follow all regulations.
“There are some grey areas there, and we don’t want to be grey,” said Keech. Magna needs strong authentication and a way to support geo-fencing to kick off the process. “We need to make sure regulators understand what we’re doing and are comfortable with the technology,” he said.
Strong security will also allow Magna to enhance the customer’s wagering experience, said Keech. Magna uses Carlsbad, Calif.-based International Lottery and Totalizator Systems (ILTS) terminals, which allow customers betting at the racetrack to do pari-mutuel wagering, meaning “betting among ourselves.”
Instead of betting against the house, as in a casino, this allows customers to place bets on their own choices against those of every other patron.
High-speed Totalizator terminals pool and compute the odds by applying complex mathematical formulae in line with the Racing Commission’s rules, in addition to providing other information such as horses’ past performance and real-time graphs of odds shifts, and allowing the customer to cash a winning ticket.
“The challenge with the Web is that we really don’t know who’s connecting to our system,” said Keech. “Because of that, we don’t open the full functionality of the Totalizator to customers who connect via the Web. What we’re looking to do by being able to authenticate individual devices is to open more of the Totalizator’s functionality so our customers can get all they value they would at the track. “
Magna considered three vendors before settling on Toronto-based Diversinet Corp.’s mobile security wares. The business case was compelling, said Keech: Diversinet offers gadget-free two-factor security based on a one-time password (OTP) that is generated by a program installed on the same device being secured, be it a cell phone, laptop or PDA.
Once initialized, the device and user are uniquely associated, and authenticated at logon. If someone tried to enter the system by stealing a customer’s username and password via shoulder-surfing, explained Keech, it would not allow him to connect: both the customer’s device, which generates the OTP to authenticate the transaction, and his username and password are needed to successfully logon.
icon.
