(a) An interactive gaming system must utilize sufficient security to ensure player access is appropriately limited to the registered account holder. Unless otherwise authorized by the Board, security measures must include, at a minimum, all of the following:
- (1) A username.
- (2) A password of sufficient length and complexity to ensure its effectiveness.
- (3) Upon account creation, the option for users to choose strong authentication login protection.
- (4) When a player logs into his registered interactive gaming account, the system must display the date and time of the player’s previous log on.
- (5) An option to permit a player to elect to receive an electronic notification to the player’s registered e-mail address, cellular phone or other device each time an interactive gaming account is accessed.
- (6) The interactive gaming system must require a player to re-enter his username and password after 15 minutes of user inactivity.