Since being founded in September 2001, PokerStars has grown into the world’s largest online poker site. It has 35% of world market share and, to date, more than 26 million players across the globe. It also hosts an annual PokerStars World Championship of Online Poker (WCOOP). Based in the Isle of Man, UK, the company has built a reputation for integrity and player opportunity.
Softcat and PokerStars enjoy a long standing relationship. When PokerStars decided to implement a second factor authentication solution, they contacted their trusted advisor Softcat, to advise the best solution and for our help and assistance in validating the technology. Softcat works very closely with RSA and have done for many years. We used our own expertise and the knowledge of RSA’s technical team to help PokerStars develop their bespoke authentication platform.
PokerStars has developed an enviable reputation as a leading online poker site which offers players the opportunity to win substantial amounts of money. It has bolstered its considerable brand presence by qualifying more poker players for the World Series of Poker than all the other online poker sites combined, and by running its own PokerStars World Championship of Online Poker (WCOOP). Its brand presence is also underpinned by the knowledge that PokerStars’ players can potentially win huge amounts of money. In 2004, one online competitor, Chris Moneymaker (real name), started with about $30 in his account but eventually went on to win several million dollars when he qualified on PokerStars.com to play in the World Series of Poker. This provided a boost for the company leading to a huge surge in popularity with many more players signing up. Security is clearly a critically important and central feature for its website. In fact, since its launch the company has never suffered a network breach. However, that said, PokerStars wanted to offer its high-value customers, many of whom have hundreds of thousands of dollars in their accounts, the option to strengthen their personal security even further.
The privately-owned PokerStars has a wide range of security features in place to protect its network ranging from firewalls, to intrusion detection systems and network traffic logging to real-time monitoring. Michael Josem, Games Security Specialist, PokerStars, said, “We do everything to safeguard our network and our players but we also wanted to offer a certain type of player the option of extra security to bolster their personal security.” The company decided on RSA SecurID, two-factor authentication tokens from RSA, the Security Division of EMC, simply because, “RSA is the largest and most trusted vendor in the industry with the strongest two factor authentication,” said Josem.
RSA SecurID provides an extremely reliable level of user authentication and is the only solution that automatically changes passwords every 60 seconds. One of the key factors informing the decision was RSA SecurID Authentication Engine (SAE), an easy to implement authentication software solution. SAE easily integrates directly into an organisation’s homegrown externally-facing security application. Consisting of a set of Application Programming Interfaces (APIs), it permitted PokerStars to provide back-end authentication for RSA SecurID technology without requiring significant infrastructure and application changes to the company’s existing environment. PokerStars had pre-existing capabilities for user management security policy, password management and reporting, that provided online gamers with secure access to their accounts. SAE dovetailed neatly with this system. As a result, the company began offering the RSA SecurID tokens to high-value players through a VIP programme. Players simply redeemed points they had collected when playing poker games to obtain a hardware token that provided strong two-factor authentication and could be hung from a key ring.
By upgrading account security to a two-factor authentication process – the player’s unique password plus the unique number generated by the token – players with large amounts of money now have unrivalled security and peace of mind. The company first offered players the opportunity to redeem points in exchange for a RSA SecurID token. Within the first five months 3,000 tokens were taken. The proof of the initiative became evident when a player’s password was compromised by a key stroke logger that had gained access to his computer. However, the attempted theft failed when the hacker was faced with a request for the RSA SecurID code number.
The RSA SecurID system also inspired PokerStars to extend the concept of PIN-based security by providing players with a new PIN service used in conjunction with an existing password. Together with the RSA SecurID token, an extremely robust security system is now in place. PokerStars has benefited from a two-factor authentication system that was easily integrated into existing systems.
The loyalty of valuable high-net worth customers has been reinforced and the company’s reputation as the world’s leading online poker site has been bolstered even further.