PokerStars’ Head of PR Michael Josem has published data showing that hacking attempts on customer accounts have been steadily declining since the beginning of the year.
Josem worked in the PokerStars security team before his transition to PR, and was hired following his detailed work in exposing the UltimateBet super-user scandal in 2008.
In response to player complaints about their accounts being hacked, Josem wrote a long post on the Two Plus Two poker forums in which he detailed the poker room’s efforts to combat the problem.
Josem told players that “that there is no sudden spate or recent surge of account hackings. The only thing that has changed has been player awareness of the issue – awareness that has been partly caused by PokerStars instituting heightened security in the form of new notification emails when a PokerStars client is accessed from a new location.”
Along with password protection, PINs, SMS validation and RSA Security tokens, the operator has now introduced an option for players to provide two security questions.
The company has adopted a multi-pronged approach to the issue of account security. It seeks not just to reduce the number of accounts hacked, but to reduce the damage which is done if the unfortunate situation arises.
According to Josem, “despite players (often inadvertently) giving their account login credentials to unauthorised users, PokerStars was still able to ensure that no funds were lost in about 52% of the cases in January and February.”
He continued to say that in the remaining 48% of cases, “the median loss to each player per hack was $57.09.”
Players have complained that even when they are certain that they themselves are not at fault, PokerStars terms and conditions do not oblige the company to make any restitution. This is in line with the terms and conditions of high street banks, but it continues to irritate players who have lost funds.
The company insists that account security must be a joint venture between itself and the players. PokerStars can provide password security on its servers with its “hashing” encryption system and policies of never knowing itself what users passwords are. It can also offer players options for increasing the security of their account, such as SMS Validation and the RSA tokens, but it is up to players to protect their passwords from being stolen or acquired in situations that are beyond PokerStars’ control.
We believe that maintaining the security of player accounts requires a joint-partnership between both players and PokerStars. That’s why we invest in a whole range of strong security mechanisms on our end… but also why we enable players to make a decision about the level of security that they feel is appropriate for themselves. We do this by offering players things such as RSA Security Tokens, PokerStars PINs and SMS Validation. SMS Validation and PokerStars PINs are free to players to use, and SMS Validation in particular is specifically designed to mitigate the risk of unauthorised account access from new locations.