We take our customers’ security seriously, and we have teams who focus solely on protecting customer information from online threats. We also want to keep our customers informed about the way we store and protect your information, and responsibly disclose vulnerabilities, so that you can take any necessary precautions.
What you can do, to stay safe
There are basic security principals that you should keep in mind:
For an extra layer of security on your account, activate 2-Step authentication. Betfair's 2-Step Authentication reduces the chance of having your account compromised. In an addition to your username and password, you’ll be asked to enter a one-time code, which will be sent to your phone via SMS or displayed by the Google Authenticator application for iPhone, Android, Blackberry and Windows Phone. You can do this either for every login, or only for new devices, depending on your settings.
This authentication scheme protects against a range of attacks and eliminates the risk of insecure or easily guessable passwords, or shared password being leaked from other websites you use. When you have enabled Betfair's 2-Step Authentication, attackers not only have to know or guess your username and password, but also guess an additional one-time password, which changes every 30 seconds.
It’s very difficult to perform this type of attack due to the computational complexity it carries. With two-step authentication your Betfair account will have the best protection available.
If you are logged into your account for 24 hours without using it, the system will automatically log you out for security reasons. We recommend that you change your password every four to six months. Your password should be unique (a mixture of numbers, letters and characters) and known only to you.
We also recommend that you run do regular scans for malware on your device with an Antivirus to make sure it’s protected against the latest threats.
Like other betting and gaming companies, Betfair is required to collect personal information during the registration process, in order comply with legal and regulatory requirements. We are very aware that we have a responsibility to protect your personal information and maintain your privacy. Within Betfair, only employees that have a genuine business need to see your personal details are allowed access, and access to any personal information is fully monitored.
We will never use your personal information for purposes other than those necessary to operate our website and products. We sometimes use data processing agencies and, where we do, we perform rigorous checks to make sure that these companies are reputable and will look after your data.
Whenever you register, login, make payments or send us other sensitive information we use SSL/TLS technology to make sure the information you are entering is encrypted in transit.
Betfair employs numerous technologies to help protect our customers from attackers on the Internet. At every stage, from product design and development through to operations, we have security in our minds. We use a number of enterprise-class technologies to provide a high level of security. The servers in our data centres are physically secured with biometrics, guards and cameras. Our systems are separated with firewalls, intrusion detection systems and traffic analysis solutions that examine every byte of data as it enters and then moves around within our data centres. We monitor for unauthorised changes, tampering and viruses. Automated tools continuously scan our IT systems looking for any problems where software needs patching, or where security configuration could be improved. We scan all of our software using specialist tools and perform penetration tests, or ethical hacking, against everything before it goes live on our site. All of this technology means you can be confident that using Betfair's products has the same level of safety you'd normally associate with online banking or large financial services companies.
Betfair is proud to be ISO27001 certified, the de-facto global standard for Information Security Management. This means we have looked at our business and identified the necessary security management, policies, standards and procedures to protect our customers and our business. ISO27001 certification demonstrates that we are serious about delivering premium quality security, that we willing to undergo regular independent audit and that we are committed to reviewing and maintaining our security features in the future.
Betfair is also PCI certified and, as a Level 1 merchant, we undergo annual PCI validation by an external and independent PCI Qualified Security Assessor (QSA). You can have confidence that your payment card details are stored and used securely.
Once we receive your card details, we will carry out a check of your card with our credit card checking facility. This ensures that the number you entered actually corresponds to a real credit card number and is not one that has been made up. We also do random security checks on a continuous basis to ensure that a card is not being fraudulently used. Card data is, at no time, sent over the internet during the validation. Incorrect details associated with your card will result in your account being suspended for security reasons.
We take the security of our customers and employees’ data very seriously. If you believe you have discovered a potential security vulnerability on any of our Betfair applications or services, please help us fix it as quickly as possible by reporting your findings in our public bug bounty program available in HackerOne.
Publicly disclosing a vulnerability can put the community at risk, so we urge you to keep matters private until we are able to resolve the issue.