Multi-factor authentication for Brazil iGaming: Boost conversions and profits while maintaining regulatory compliance

Key highlights:

• Ordinance 722 regulation states that players must use multi-factor authentication (MFA) to access their accounts
• MFA prevents unauthorised access even if login credentials are compromised, ensuring a secure betting environment, crucial for player retention
• When assessing an MFA platform, key considerations include user experience, compatibility and operability, login and registration success rate and more
• Continent 8’s passwordless MFA solution enables players to access online services in less than 2 seconds with a 99.9% login success rate
• Our passwordless MFA solution provides a +18% higher conversion in user registrations, a 20% increase in profits and 90% savings in support costs

In the iGaming and online sports betting industry, where cybersecurity breaches can result in unauthorised access, identity theft, account takeovers, operational disruptions and reputational damage, MFA is an essential security measure. It’s also mandated for the regulated Brazilian iGaming market, where operators must submit proof of compliance.

In this blog, Luana Monje, Brazil-based Sales Executive at Continent 8 Technologies, explores the significance of MFA in Brazil’s exciting market, highlighting its role as both a regulatory cybersecurity requirement, outlining key considerations when selecting an effective authentication platform, and showcasing Continent 8’s passwordless MFA solution designed to deliver the most seamless single-step PIN experience.

What is multi-factor authentication?

According to the Secretariat of Prizes and Bets (SPA) and the Ministry of Finance’s (MF) technical and cybersecurity guidelines for Brazil’s betting systems (Ordinance No. 722, available in Portuguese), MFA is defined as:

A type of authentication that uses two or more of the following elements to verify a user’s identity: information known only to the user, such as a password, a pattern, or answers to challenge questions; an item owned by a user, such as an electronic token, a physical token, or an identification card; a user’s biometric data, such as fingerprints, facial or voice recognition.

Regulatory compliance with Brazil’s betting and gaming systems

First and foremost, Brazilian regulations require the implementation of MFA across several technical and cybersecurity requirements outlined in Ordinance No. 722. These requirements include:

Ordinance 722, Annex I, sections 12, 13 and 16 – Access to the betting system:

12. In cases where the bettor forgets his username and/or password, the system must offer a multi-factor authentication process for the recovery or reset of the user and/or password, one of the factors being facial recognition.
13. If any suspicious activity is detected, such as multiple unsuccessful login attempts, the betting system shall block the respective account. In this case, for the account to be unlocked, a multi-factor authentication process must be carried out, one of the factors being facial recognition.

16. The betting system must require the bettor to have a multi-factor authentication:

a) at least once every 7 (seven) days; or

b) on the first access after a period of inactivity of more than 7 (seven) days.

Ordinance 722, Annex IV, section 25f – Technical Controls, DNS requirements:

25 – The following requirements apply to servers used to resolve Domain Name System (DNS) queries in association with the betting system:

f) multi-factor authentication must be in place

MFA provides a layer of cybersecurity that significantly mitigates the risk of unauthorised access, thereby safeguarding sensitive data and personal information.

Evaluating the right MFA technology for iGaming operations

With MFA being a regulatory requirement in Brazil, iGaming and online sports betting operators need to evaluate which MFA options are most suitable for their operations. Here are some key considerations when assessing an MFA platform, and how Continent 8 can support your MFA journey.

Key Consideration	The Continent 8 MFA Advantage
User experience	Same passwordless, 2-second, single-step login – on all devices and browsers 99.9% of users log in within 2 seconds. Supports biometric auth in apps. Our MFA solution ensures consistent user experiences across both app and browser platforms, while also offering the option of local biometric authentication for apps.
Compatibility / Operability	100% of devices, 100% of browsersOur MFA solution ensures complete independence from hardware or operating systems, enabling compatibility across all devices and platforms. By providing our solution through the same browser interface as the operator’s service, or by embedding the technology directly into the operator’s native app, we support: 100% of devices and browsers 100% of users 100% of the time
Login success rate	99.93% login success or higherOur MFA platform streamlines the login process to a passwordless, single user step. The system is capable of operating with either a PIN or biometric authentication, providing users with flexibility and a reliable fallback across any device or browser. Each additional step increases the potential for user error, and every dependency (such as downloads, installations, mobile phones, cellular networks, or username entry) introduces a potential point of failure for both users and the system. Our platform achieves a 99.93% login success rate in consumer-facing applications, using either a 4-digit PIN or device-based biometric authentication where available. Our platform also attains a 99.997% success rate in action (transaction) authentication. There is no difference in success rates between mobile and tablet/laptop devices, as the system does not rely on the presence of a mobile device.
Registration success rate	+18% in player registrations, 20% boost in profitsOur MFA solution’s enrolment process simply requires users to select a 4-digit PIN. This procedure does not require any permissions, downloads, plug-ins, imported keys or configurations, thereby eliminating registration failures. The enrolment can be completely invisible and take place during customer registration. User process – on any device or browser: Choose a PIN SUCCESS The result: +18% increase in user registrations which can boost profits by up to 20%.
Support costs	90% savings in support costs Our MFA solution minimises support-related expenses and resources with a self-sufficient service. For example, this platform eliminates the need for password reset assistance – accounting for up to 60% of support desk inquiries, costing an estimated $15-70 per call – and customer validation.
MSSP services	360-degree support As an MSSP, we offer comprehensive end-to-end support for seamless evaluation, deployment, and ongoing assistance by: Managing the enrolment and remote blacklisting of devices Authenticating and digitally sign any action/transaction for security/assurance and meet modern banking standards Authenticating inbound callers to support/help desks Authenticating users on secondary devices such as kiosks or point-of-sales (PoS) installations Enabling the rapid installation and enrolment of a mobile app initiated from the desktop Combating bonus and referral fraud
Technology	Minimal attack surface, no single point of failure Our MFA solution employs advanced zero-knowledge proof of identity, ensuring a minimal trust surface and eliminating any single point of failure. Provides robust two-factor authentication, with the option of a software-only solution.
Data privacy	Zero information required Our MFA solution does not require any Personally Identifiable Information (PII) from the end user. Instead, we only need a unique identifier, which may be a hash of a mobile number, email address, or username, thereby ensuring the solution’s adaptability to various identity schemes.

 

Future-proofing Brazil’s iGaming market with advanced seamless authentication

The iGaming and online betting industry is constantly evolving, with new technologies and threats emerging regularly. Multi-factor authentication is an essential component of future-proofing betting and gaming platforms against these evolving risks. By integrating advanced authentication methods, iGaming and online sports betting operators can stay ahead of cyber threats and continuously protect their systems and players’ data.

How Continent 8 can help your business implement MFA

Continent 8 is committed to supporting businesses in the iGaming and online sports betting industry with their cybersecurity needs. Our team of experts works closely with you to design and implement tailored MFA solutions that align with your regulatory requirements and business objectives.

To learn more about Continent 8’s MFA solution, contact Luana at luana.monje@continent8.com.