The security and payment challenges facing online gaming

Alex Morgan-Moodie | Senior Director, Gaming Vertical Lead

March 11, 2022

The global online gaming market is growing fast, with its compound annual growth rate predicted to be as high as 12%.1 By 2025, we could see a market as large as USD$112 billion.1

Players who place bets online, whether via online casinos or through online sportsbooks, ultimately provide potentially identifying data, including payment details, to operators.

With such vast – (and growing) – amounts of money and data in play, it is perhaps unsurprising that this market is a target for cyber criminals.

But how big is the threat, really? And what can online gaming operators do to protect their players and their business, all while improving customer experiences? 

The answer is by finding secure payment solutions.

The scale of the threat

Some 77% of cyber-attacks targeted the online gaming and gambling sectors in late 2020,2 with the most common type of attack being a ‘distributed denial of service’ attack designed to take a business offline. Such an attack has the potential to prove fatal for trust and customer experience.

But denial of service is not the only threat facing online businesses. In 2020, a major sports betting company was taken down for a full 72 hours after cyber criminals used ransomware to threaten critical systems.3 Thankfully, in this case, no data was lost, but the company will have lost at least 72 hours’ worth of gaming revenue and may have caused some consumers to think twice about playing with them again.

Again in 2020, a series of attacks crippled major gaming operators across South-East Asia, as well as some in Europe and the Middle East. In these cases, malware hidden in fake emails was used to gain access to company servers, allowing hackers to take control of company information, player data and even make transactions.4

As in any online market, consumer-initiated fraud will also be a concern for many operators. If you run an online casino or gaming website, you must remain vigilant for suspicious activity (money laundering or unexplained spending, for example), or else you may fall foul of regulators and players.

With so much data on the line, and so many threats to look out for, how can operators protect their players?

It could start with using secure payment solutions to make data less identifiable.

Tokenization – a potential solution?

It is unlikely that any industry, or any individual business, will ever stamp out cybercrime for good. Threats are always evolving alongside defences – sometimes even faster.

While we won’t be able to eliminate cybercrime risk from online gaming, there are ways to potentially minimize harm.

If you are accepting large volumes of payments, or have payment details saved on internal systems, it could pay to anonymize or pseudonymize the data to protect it from prying eyes.

A secure payment solution like OmniToken helps to secure transactions, minimize fraud and reduce risk, while helping operators perform routine payment functions across sales channels and partners.

OmniToken replaces cardholder data with a token, reducing the risk that such data could be stolen. That’s because the real cardholder data – the card numbers and security codes that players use to place bets – never actually resides within the operator’s environment.

Players will likely not even notice this process, but could be encouraged to save payment data for easier, recurring play if they are told that their data is tokenized

OmniToken is also flexible and interoperable across third-party service providers, and is completely channel agnostic.

Wherever and however your players place their bets, their payment data is given an extra layer of security through tokenization.

Meeting emerging challenges

When it comes to cybersecurity, one of the main aims of any business will be ensuring it is always ahead of potential threats.

But, as already mentioned, new challenges are constantly emerging, often with little to no warning. Operators must be diligent and security-conscious at all times, going so far as to ensure that employees are trained to spot danger. After all, the human element is just as critical to security as cryptography or firewalls.

But the right partners and tools can have an outsized positive impact on your security posture, helping you to proactively respond to threats and protect invaluable data.

While tokenization is unlikely to be an answer to every cyber threat, having the ability to process payments securely, in a way that works for your business and consumers, could become increasingly important.

Worldpay from FIS is always standing by with the global payments processing expertise you need to help you stay as safe as possible. A notable portion of the 40 billion transactions we process annually is gaming revenue and payouts, so we understand what is at risk.

We can also assist you with accepting a wider range of payments, offering an extensive range of alternative payment methods to give your consumers choice in how they play and pay.

Protecting your players and your business should be a top priority. You simply can’t roll the dice with such important, vulnerable data.

1 The Business Research Company (2021) Online Gambling Global Market Report 2021: COVID-19 Growth and Change to 2030. Research and Markets. Available online at: [Accessed 31/01/22]

2 Nexusguard (2020) Nexusguard Study: Online Gaming is a Hotbed for DDoS Attacks. Available online at: [Accessed 31/01/22]

3 Evans, J (2020) SBTech partners experience 72-hour downtime after cyber-security breach. EGR. Available online at: [Accessed 31/01/22]

4 Cimpanu, C (2020) Chinese hackers have breached online betting and gambling sites. ZDNet. Available online at: [Accessed 31/01/22]