Quote:
Originally Posted by FarseerFinland
What security challenges do you see as greatest threats in the future of online poker?
There are a bunch of incidental and obvious risks that I think will be (broadly) manageable as part of an on-going and typical cat-and-mouse game, a typical battle between "operators" and "bad actors"*
Basically, you'll see bad actors come up with new ways to circumvent existing security systems, and then operators will implement new and better ways to reduce (but not eliminate) those risk, and so on. That's much of what this forum has focused on over the last ~20 years of online poker: the typical stuff of fraudsters (colluders; bot users; etc) and dodgy business practices (Full Tilt; Ultimate Bet; PokerSpot; Absolute Poker; etc).
Looking forward, however, I think there are a pair of very big macro risks to online poker, and both of them come from the same place: badly considered fragmentation of local regulatory operations.
There are two key risks, I think:
a) Local regulators may make it excessively hard to detect, enforce and deter bad actors. For example, the EU's new privacy rules around a "right to be forgotten" give new rights to fraudsters to not be remembered (after certain waiting periods, and so on). Similarly, when Italian local regulation was implemented, operators were not permitted to deduct money from customer accounts (I haven't followed recent Italian regulatory changes, I don't know if they have changed). An operator being prohibited from confiscating money from a fraudster is a huge hassle, especially since I cannot imagine that the player community would have confidence in the local regulator taking appropriate action against bad actors.
This is not just about restricting the ability of operators to take action, but also around enforcing bad and stupid security practices. For example, requiring operators to allow passwords to be reset using "secret questions" (What is your favourite colour? etc) is just terrible security advice, and weakens the security of player accounts.
b) The huge regulatory burden reduces the opportunity for innovation and competition. Big incumbent operators are the chief beneficiary here, because they have the scale to deal with all the stupid local rules (eg, one European jursidiction requires a clock to be displayed in the software all the time; another jurisdiction required the user to enter their date of birth every login). This makes it harder for a new competitor (eg, Run It Once; Google/Facebook/etc.) to enter the market, because there's a huge burden of silly stuff they need to adapt for every local jurisdiction.
*I've put these in quotes because I don't want to go through the process of precisely defining these terms, because I recognise that there are quibbles to be had about the precise definition here. Those quibbles don't really matter to this particular post.