Our Approach To Security Is Comprehensive, Multifaceted, Says MPL's Namratha Swamy

The Indian gaming industry's stance on cyber security has only strengthened with time and Indian real money gaming unicorn MPL's case goes on to prove this. The company has recently received certifications from six independent global security organizations for its player-first efforts. The latest among these is the ISO/IEC 27001:2013 certification which is based on the security and efficiency of its games and services across various domains from customer data to infrastructure. 

In this interview, BW Businessworld interacts with Namratha Swamy, Chief Operating Officer, MPL and talks about MPL's efforts in securing its platform for users. Swamy elaborates exactly how MPL is making sure that the online gaming experience for users is free from fraudulent activities. 

Could you provide insights into MPL's security strategy and the specific measures implemented to ensure the platform's safety?

MPL’s approach to security is comprehensive and multifaceted. We utilize GPS identification to prevent collusion—users within proximity are not allowed to join the same table. Furthermore, dynamic table allocation ensures that players who frequently play together and consistently win or lose are placed on different tables. 

To block fraudulent activities at the root, we implement mechanisms such as KYC and Documentation checks. The platform permanently blocks users who attempt to create multiple profiles using the same KYC document. Additionally, MPL blocks users who sign in from devices previously flagged for fraudulent activity. 

Leveraging machine learning, MPL proactively identifies and flags users displaying suspicious playing patterns. This helps prevent bad actors from engaging in unfair practices. The platform also detects intentional manipulation, where users purposely do not declare or lose games despite having the potential to win. Repeated instances of such behaviour lead to permanent account blocks.

Considering the growing risks in online gaming, how does MPL view the current gaming and security landscape? What obstacles does the company have to tackle to bolster cybersecurity?

Cyber fraud instances in general are rising in India. Back in 2020, Norton LifeLock conducted a survey which highlighted a significant loss of Rs 1.24 trillion due to cybercrimes, with 63 per cent of victims facing financial consequences. Since then, the fraud landscape has expanded in scale and sophistication.

Given how mainstream gaming has become, these frauds have now permeated this space exponentially. Experian, a data analysis and consumer credit rating company, found that 30 per cent of Indian consumers said they are vulnerable to fraud in gaming. 

India's booming gaming market, projected to hit USD 8.6 billion by the financial year 2027, has become a prime target for cybercriminals. The spectrum of threats is broad. From commonplace issues like multiple logins and chargebacks to more sophisticated challenges like DDoS attacks, collusion and phishing attempts. Given the ever-evolving nature of these threats, a comprehensive and adaptive security approach is crucial to continuously safeguard the gaming experience for users.

What tactics does MPL employ to stay ahead of new cyber threats in the gaming industry?

For us, staying ahead of evolving cyber threats is a continuous effort that involves a combination of vigilance, cutting-edge technology, and a proactive mindset. We understand that the landscape of cybersecurity is dynamic, and as such, our approach encompasses ongoing monitoring, threat intelligence analysis and regular updates to our defence mechanisms.

We run a global bug bounty program, where we invite security researchers worldwide to identify any potential vulnerabilities in our systems so that our team can then devise a timely resolution to tackle them.

We also conduct regular security audits and red-teaming exercises to test how well our security protocols can withstand real-world threats and make changes as necessary. 

Our programs are also validated by external security organizations. We firmly believe that this exercise is critical for any company. It ensures that our security measures meet industry standards and provides an unbiased evaluation of our systems. 

Could you elaborate on the role of external security organizations?

Our security programs go through a meticulous review by external organizations both in India and globally. We have received certifications from six such organizations in total.

The most recent one is an ISO certification (ISO/IEC 27001:2013) which evaluated our policies and practices when it comes to customer journey, customer payments, KYC, fraud and customer support, among other things.

Beyond ISO, we have other certifications such as one from Arthur D’ Little, a global consulting firm, which audited our platform on parameters like user verification standards, player protection, financial integrity, conflict redressal, etc.

We also were awarded SHIELD Trust Certification with a trust score of 95.95% by SHIELD, a global risk intelligence company. They consider metrics such as the number of genuine users, user-to-device ratio, and the prevalence of malicious tools used for this. In India, we have an 'AIGF Approved Games Certification' from the All India Gaming Federation (AIGF). 

Testing and certification laboratory for online gaming systems, iTech Labs has given us the 'no bot' policy certification and 'Random Number (RNG) Certification' both of which ensure that MPL's gaming environment is free from automated bots and manipulation in card games. 

Apart from all this, we conduct annual third-party audits of our entire system to make sure that our platform is secure. Cybersecurity solutions provider, RedHuntLabs, did the most recent assessment. These seven layers of security are a testament to MPL's unwavering dedication to providing a secure and trustworthy gaming platform.