At Betfair, the security of your account and personal information is a top priority. Our security team is always looking for proven methods and new ideas to ensure that our security systems are world-class. Here are some of the initiatives we are already taking to help protect you:
Betfair's 2-Step Authentication reduces the chance of having your account compromised. That's because in an addition to your username and password Betfair will ask you to enter a one-time code, which will be sent to your phone via SMS or displayed by the Google Authenticator application for iPhone, Android, Blackberry and Windows Phone, either for every login or only for new devices depending on your settings.
This authentication scheme protects against a range of attacks and eliminates the risk of insecure/easily guessable passwords or shared password being leaked from other websites you use. When you have enabled Betfair's 2-Step Authentication, attackers not only have to know/guess your username and password but also guess an additional one-time password, which changes every 30 seconds. It is very difficult to perform this type of attack due to the computational complexity it carries. With two-step authentication your Betfair account will have the best protection available.
Betfair is proud to be ISO27001 certified, the de-facto global standard for Information Security Management. This means we have looked at our business and identified the necessary security management, policies, standards and procedures to protect our customers and our business. ISO27001 certification demonstrates that we are serious about delivering premium quality security, that we willing to under go regular independent audit and that we are committed to reviewing and maintaining our security features in the future.
Betfair is PCI certified and, as a Level 1 merchant, we undergo annual PCI validation by an external and independent PCI Qualified Security Assessor (QSA). You can have confidence that your payment card details are stored and used securely.
Betfair employs numerous technologies to help protect our customers from attackers on the Internet. At every stage, from product design and development through to operations, we have security in our minds. We use a number of enterprise-class technologies to provide a high level of security.
Here are some examples:
The servers in our data centres are physically secured with biometrics, guards and cameras. Our systems are separated with firewalls, intrusion detection systems and traffic analysis solutions that examine every byte of data as it enters and then moves around within our data centres. We monitor for unauthorised changes, tampering and viruses. Automated tools continuously scan our IT systems looking for any problems where software needs patching or where security configuration could be improved. We scan all of our software using specialist tools and perform penetration tests, or ethical hacking, against everything before it goes live on our site.
All of this technology means you can be confident that using Betfair's products has the same level of safety you'd normally associate with online banking or large financial services companies.
Like other gambling and gaming companies, Betfair is required to collect personal information during the registration process in order comply with legal and regulatory requirements. We are very aware that we have a responsibility to protect your personal information and maintain your privacy. Within Betfair, only those employees that have a genuine business need to see your personal details are allowed access, and in all cases access to personal information is fully monitored.
We will never use your personal information for purposes other than those necessary to operate our website and products. We sometimes use data processing agencies and, where we do, we perform rigorous checks to make sure that these companies are reputable and will look after your data.
Whenever you register, login, make payments or send us other sensitive information we use SSL technology to make sure the information you are entering is protected. SSL is a well known standard which encrypts data before it leaves your computer in a way that can only be decrypted by Betfair's servers. Similarly the web pages you view are encrypted by Betfair's servers and only your computer can decrypt and then display them. If you have a relatively new browser like Chrome, Firefox or Opera, then this encryption is "military grade" 256-bit AES. Our servers won't accept connections from your web browser if it is unable to meet the minimum requirement for good security: 128-bit encryption.
Please refer to the Security FAQ for more information.
At Betfair we take the security of our customer’s data very seriously. If you believe you have discovered a potential security vulnerability on any of our Betfair web sites, services, apps or API’s, please help us fix it as quickly as possible by reporting your findings to firstname.lastname@example.org.
Publicly disclosing a vulnerability can put the entire community at risk, so we urge you to keep matters private until we are able to resolve the issue. We take security very seriously and investigate all reported vulnerabilities. We will keep in touch with you during the entire process. Our PGP public key for secure transmission can be seen below.
-----BEGIN PGP PUBLIC KEY BLOCK-----
-----END PGP PUBLIC KEY BLOCK-----