Products | security

Inside Gaming takes security very seriously and so we have invested heavily in all areas to ensure our sites and products are secure for everyone using our services in full or in part, from our clients to the end users.

Earning the trust and confidence of the end user is the key to success and the primary goal here at Inside Gaming. We aim to make everyone feel 100% comfortable playing games at our tables from day one and have taken every effort to ensure so.

From using true random number generators to ensure total game integrity to providing our players with real-time on demand transaction and game histories from within the gaming software to securing and protecting the privacy of our players with 128-bit SSL technology - these are the driving forces behind the way we run our business and our daily operations. We have also put in place the most advanced combination of statistical analysis tools and expert vigilance to provide the industry's most effective shield against player collusion.

The gaming software we use carries an official Certificate of RNG Evaluation from Technical Systems Testing (TST), an internationally recognized and respected Accredited Testing Facility (ATF). TST has been working with industry operators, suppliers, manufactures and regulators to ensure that gaming products operate in a manner that is fair, secure and auditable and comply with some of the world’s most stringent and comprehensive legislative and regulatory requirements. See http://www.tstglobal.com/ for more information.

PCI Compliance

The PCI Security Standards Council is an open global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection.

The PCI Security Standards Council’s mission is to enhance payment account data security by fostering broad adoption of the PCI Security Standards. The organization was founded by American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International. For more information see https://www.pcisecuritystandards.org/.

Inside Gaming has been through the stringent PCI Compliance tests, including penetration testing and vulnerability assesment on its sites and products. We have also ensured all our suppliers have been through the same.

Question: What can happen to you and/or your organization, if you fail to implement or adhere to, the Payment Card Industry Data Security (PCI DSS) compliance rules?

Answer: Ask TJX Companies Inc. (TJX).

Currently, the company-owner of T.J. Maxx and Marshall's department stores and other stores in North America and the United Kingdom-faces more than a dozen class action lawsuits in Alabama, California, Massachusetts, Puerto Rico and six Canadian provinces, for what has been hailed as the single largest data breach in United States history.

TJX revealed in March 2007 that hackers compromised at least 45.7 million credit and debit cards. From July 2005 until the discovery in December 2006, the bandits penetrated a supposedly secure network environment.

In a regulatory filing made with the Securities and Exchange Commission (SEC) after the violation, TJX stated that its computer systems were first hacked in July 2005 by one or more intruders who accessed information from customer transactions dating back to January 2003. TJX officials said that they didn't find out about the breach until about three months ago.

More troubling, however, is the fact that TJX believes that the hackers had access to the decryption tool for their encryption software, making PIN numbers, credit card numbers, and any other unique identifiers easy to see. The SEC filing also said another 455,000 customers who returned merchandise without receipts had their driver's license numbers stolen.

At this time, TJX is not sure whether it was a single breach, or multiple intrusions. The ripples of this breach are far reaching, including the addition of TJX's acquirer-Cincinnati-based Fifth Third Bancorp-as a defendant in some of the lawsuits.

The bank processed some payment card transactions for TJX. TJX and its acquirer are not alone in not being cognizant of potential holes in their security systems, as there have been many examples of breaches that have compromised confidential information across several business sectors in the last decade alone.

"Companies like LexisNexis, Citibank, ChoicePoint have all had breaches," says Khalid Kark, senior security analyst with Forrester Research. Kark is a leading expert in Security and Risk Management, compliance, best practices, and services. "The issue is that it's not that the company doesn't have good security, it's just that they haven't really put in all of the effort and the time to understand all of the areas of threat and try to protect against those."

In order to address the threats to credit card information, the PCI Security Standards Council (PCI SSC) was formed in September, 2006.

Even with the guidelines, many organizations have not opted to pursue PCI Compliance, even when they may know that they need to be.

At the same time Visa U.S.A projects that 65 percent of all merchants will be PCI compliant by the end of 2007, and stiff penalties that target acquirers is one tool that the PCI SSC.

If an organization doesn't know that they need to be PCI compliant, or if an organization just doesn't want to be bothered by having to obtain PCI compliance, it soon will not matter. The goal is to have all merchants, regardless of their merchant level, compliant with PCI DSS.

"Being PCI compliant is a smart business decision, as far as securing their [merchants] Web property and Intellectual property," said Aaron Biddar, president of ControlScan-a leading Internet security solutions company.

"With data being stored virtually, in accessible areas, PCI standards are set up to help businesses with better practices," he continued. "These better practices can begin with 'hey, do you have a lock on your door?' to 'do you have scanning procedures in place?'…being PCI compliant, without being forced to do it, just makes good business sense, period."