Site security – internal controls and hacker defenses

What's the difference between site integrity and site security? Integrity means that the site deals a fair game and won't try to steal your money. Security means that the site has mechanisms in place to prevent criminals from exploiting the players or the site.

How could a site be vulnerable to criminals?

In any business that handles a lot of money, the greatest danger is from insiders. For example, a dishonest insider could try to gain access to player names and addresses, email addresses, credit card numbers, NETeller account numbers and bank account information. A well-run site will make it difficult for an employee to get any of this information beyond the minimum needed to perform their job each day. Another insider threat is the possibility of eavesdropping on the messages the dealer sends privately to each player saying what the player's hole cards are. A well-designed poker server will encrypt this information before it leaves the server and can be eavesdropped upon.

Outside criminals are also a threat to online poker sites. Just as the players' personal information must be kept private from insiders, so must it be protected from external hackers. Attacks can come in surprising forms, too. Several online sports books in the UK have been the victims of denial of service attacks as part of an extortion racket. Defense against external attacks requires a well-funded, competent IT staff and excellent physical security.

So how do the various poker sites measure up on the security front? Unfortunately, there is very little data available. No breaches of any poker player databases have been publicly reported (or even rumored, in fact). But the obvious difficulty of securing a site against electronic, physical and insider attacks means that the smaller sites with the fewest resources are likely the most vulnerable. This is another reason to favor the larger sites.