Recent business and sports headlines in the US have been dominated by state and federal government efforts to assess whether daily fantasy sports (DFS) sites, such as FanDuel and DraftKings, should be treated and regulated like gambling. The New York State Attorney General recently issued cease-and-desist letters against DraftKings and FanDuel to stop accepting bets in the state, stating that DFS operations are illegal gambling.  

Last week, Massachusetts Attorney General Maura Healey announced a plan to allow DFS providers to operate in Massachusetts under certain provisions, such as:

·         Prohibiting anyone under 21 participating in DFS.

·         Prohibiting professional athletes and other employees of pro teams from participating in DFS.

·         Prohibiting employees of DFS providers from participating in games

·         Requiring DFS providers to identify ‘‘highly experienced’’ players on all contest platforms and offer ‘‘beginner’’ games that would be off limits to the more experienced players.

These provisions present a range of identity management and identity verification challenges and questions, such as:

·         How will sites verify the ages of online participants?

·         How will systems detect DFS employees?

·         How will DFS systems verify the identities of pro athletes? While athletes may be prohibiting from playing, can close friends and associates participate and (and leverage potential insider information for an advantage)? How will such associations be vetted online?

·         How will DFS systems detect that a new account is not a “highly experienced” player trying to register for a “beginner” game?

We have already seen evidence of the challenges involved in online identity verification for DFS sites. This fall, it was reported that an employee at one DFS provider leveraged information to profit on a competing DFS site, an action one gambling expert labeled as insider trading. DFS providers have since worked to prevent such scenarios from reoccurring, but this incident highlighted these identity-verification-related challenges.

The good news is that many services and data sources exist to help address this issue. After Congress passed the Children’s Online Privacy Protection Act (COPPA) in 1998 to help protect online privacy for minors, many websites were required to implement policies and age verification services to protect the online privacy of minors. Such verification services and data could be used to support such proposed DFS rules; the open question will be how easy it will be for fraudsters to defeat such measures and how much DFS providers will have to invest in verification and fraud management to defend against fraudsters.

The dust has not settled on the myriad of DFS issues, including state versus federal jurisdiction. As other states create their own DFS rules, compliance and enforcement efforts will become further complicated; this will increase likely demand for commercial solutions for identity verification, data protection, authentication, and fraud management to help address these online identity management and verification issues.