Security at North Carolina casinos is a trending topic in the industry following cyber attacks on Caesars and MGM properties across the United States.
Consumers and gaming regulators want to know: how safe is it to visit a casino and place bets? Is your personal information vulnerable when you become a customer at an NC casino?
Catawba Two Kings Casino in Kings Mountain is adopting a proactive approach to security. It is implementing systems and strategies to safeguard its computer infrastructure and private customer data.
NC casinos taking data security seriously
A question begs to be asked: with the security breaches at MGM and Caesars, what security measures are Catawba Two Kings Casino putting in place to protect players?
Understandably, casinos take precautions when sharing security details. However, we can glean information by examining the requirements from North Carolina’s Tribal Gaming Commission for the Catawba Indian Nation.
That body, which has an executive director and chairman appointed by the governor, is charged with “compliance of Catawba Nation and [Indian Gaming Regulatory Act] laws and regulations that fall upon the Catawba Gaming Commission,” according to the state website.
State regulations monitored by the Tribal Gaming Commission require Catawba Two Kings to have a cybersecurity plan. It must also have an executive-level compliance officer responsible for adhering to state laws for consumer protection. As frequently as once per quarter, the casino must present an update on security measures.
The law requires companies to hold customers’ personal data in secure, off-site servers. Companies must also use encryption and advanced security measures to protect customer data. Federal regulations require companies to keep consumer data private. Additionally, companies must inform customers if they use their personal data. These measures assist Catawba Two Kings Casino in protecting visitors and players from cyber fraud.
Catawba Two Kings rewards programs and personal information protection
The historic Catawba Indian Nation owns Catawba Two Kings Casino. Delaware North, a leading hospitality company, operates the casino and resort. The casino resort offers a loyalty/rewards program called the Lucky North Club. Each dollar spent at the venue earns points for the rewards member. Members can redeem points for food, perks, and resort stays, as well as free play on slots and at other selected gaming tables.
When customers join the Lucky North Club, they must register some of their personal information and a credit or debit card may be held on file. That information is encrypted and stored on secure servers. While the attacks on Caesars and MGM reportedly resulted in hackers gaining access to rewards program databases, there has been no such breach at Catawba Two Kings.
Does Two Kings Casino have plans to increase security protocol in light of the Caesars and MGM breaches?
Calls and emails went unanswered to the Catawba Two Kings communications department. Keep in mind that the company has never had a security breach since it opened for business in 2021.
We do not know at this time whether Catawba Two Kings has doubled down on efforts to enhance cybersecurity. Certainly, the venue, as well as any in the casino industry, are mindful of being vigilant to combat nefarious attempts to access data and systems.
National Indian Gaming Commission touts cyber security model
In response to the cyber attacks at Caesars and MGM resorts, the National Indian Gaming Commission, which governs all tribal casinos in the country, released a “tech alert,” describing the cybersecurity methods used at tribal casinos. The program, called Defense in Depth, provides what the NIGC calls a “castle approach” to security where layers of protection shield customers from attacks.
The alert reads:
“Within the Defense in Depth method to achieve security objectives, there are three critical control layers: physical controls, technical controls, and administrative controls.Physical controls are defense in depth layers implemented to prevent an attacker from gaining physical access into an organization’s IT network. They are traditional protections that can be used for anything, from access to the organization’s physical site, to protection from specific secured rooms inside an organization.”
Parts of this approach may already be in place at tribal casinos across the country, but the NIGC plans to see tribal entities increase its use until it covers the entire organization.