(a) The Operator shall use authentication credentials, including a username, or similar identity indicator, and a password or a secure alternative means to ensure that only the Player has access to the Wagering Account. Allowable authentication credentials are subject to the discretion of the Commission as required. The requirement does not prohibit the option for more than one method of authentication being available for a Player to access their Account.

(b) If the Operator does not recognize the authentication credentials when entered, an explanatory message shall be displayed to the Player which prompts the Player to try again. The error message shall be the same regardless of which authentication credential is incorrect.

(c) Players shall be given the option to use a Multi-Factor Authentication process when accessing their Wagering Account. In addition, a Multi-Factor Authentication process shall be used for the retrieval or reset of a Player's forgotten or lost authentication credentials.

(d) Current Account balance information, including restricted Wagering credits and unrestricted funds, and transaction options shall be available to the Player once authenticated. Restricted Wagering credits and unrestricted funds that have a possible expiration date shall be indicated separately.

(e) The Operator shall support a mechanism that allows for an Account to be locked if suspicious activity is detected, including three consecutive failed access attempts in a 30 minute period. A Multi-Factor Authentication process shall be used for the Account to be unlocked.

History Note: Authority G.S. 18C-114(a)(14);

Previously adopted as Rule 1G-006;

Eff. January 8, 2024;

Readopted Eff. March 27, 2024.