IT security in online poker: an optimization of it security spending.

• Author: Rousu, Matthew C.
• Position: Report

1. INTRODUCTION AND LITERATURE REVIEW

   Online gambling is a flourishing market for gamblers. According to Poker Players Research, 10 million players in the USA alone ventured into the world of online poker prior to the April 15th, 2011 indictments by the U.S. Department of Justice case that effectively shut down the top three Internet poker sites. (PokerPlayersResearch.com) The Internet, having no geographic boundaries, serves as a perfect meeting place for people around the world. However, the lack of regulation of the environment, and the fact that it is an $18 billion industry makes it a target for thieves and organized crime. (Chen et al, 2004).

   While it may be more commonplace to believe that customers are the ones most likely to steal or cheat in online poker, it is actually the employees who are more likely to do so. In fact, gaming officials surveyed in a 2008 gaming commission questionnaire believed that 90% of theft in casinos was done by employees (Florence and Allison, 2009). It would follow that the honesty and integrity of employees is a significant issue to casinos, but it is certainly a non trivial matter to ascertain who is honest, and who will steal. Background checks are standard and are required in some states (e.g. the Mississippi Gaming Control Act, 1990, Section J. 1(a-f) (MS Gaming Commission, 2009), but this has not been a significant deterrent in theft.

   Online poker sites can increase security costs up front and reduce the risk of theft occurring, or they can wait until a theft has occurred. Most companies increase security up front (Labuschagne L., 2000). Even so, the FBI and the Computer Security Institute found that 60% of companies had an unauthorized use of their computers. However, companies only report being hacked 15% of the time (http://www. cert.org/about/ecrime.html). This is generally because companies do not want the negative publicity and damage to their brand (Sager I, 2000). As a result, the true extent of theft and computer break ins is unknown. The problem of theft and hacking in online poker is exacerbated by the companies and sites being run in multiple foreign countries, with each having its own laws, jurisdiction, and computer law enforcement capabilities. Law enforcement generally cannot pay competitive salaries to technical employees. As a result, technical people in developing countries tend to work in the private sector or for organized crime groups (Shelley, 2003). Due to this, companies have an added incentive to not report crime, as law enforcement is less likely to have the skill set to catch and prosecute the criminals and it will ultimately make more people aware of a company's vulnerability.

   This research takes a mirrored approach to cheating at online poker. The first consideration is how could an employee cheat, and what is the optimal amount of money we could steal before anyone would question what was happening? Obviously, to that end, the goal is to...