Security

Your security is our number one priority

At Betfair, the security of your account and personal information is a top priority. Our security team is always looking for proven methods and new ideas to ensure that our security systems are world-class. Here are some of the initiatives we are already taking to help protect you:

2-Step Authentication

Betfair's 2-Step Authentication reduces the chance of having your account compromised. That's because in an addition to your username and password Betfair will ask you to enter a one-time code, which will be sent to your phone via SMS or displayed by the Google Authenticator application for iPhone, Android, Blackberry and Windows Phone, either for every login or only for new devices depending on your settings.

This authentication scheme protects against a range of attacks and eliminates the risk of insecure/easily guessable passwords or shared password being leaked from other websites you use. When you have enabled Betfair's 2-Step Authentication, attackers not only have to know/guess your username and password but also guess an additional one-time password, which changes every 30 seconds. It is very difficult to perform this type of attack due to the computational complexity it carries. With two-step authentication your Betfair account will have the best protection available.

For more information on 2-Step Authentication please take the opportunity to review the frequently asked questions and videos in our help section.

Security Compliance

Betfair is proud to be ISO27001 certified, the de-facto global standard for Information Security Management. This means we have looked at our business and identified the necessary security management, policies, standards and procedures to protect our customers and our business. ISO27001 certification demonstrates that we are serious about delivering premium quality security, that we willing to under go regular independent audit and that we are committed to reviewing and maintaining our security features in the future.

Betfair is PCI certified and, as a Level 1 merchant, we undergo annual PCI validation by an external and independent PCI Qualified Security Assessor (QSA). You can have confidence that your payment card details are stored and used securely.

Security Technologies

Betfair employs numerous technologies to help protect our customers from attackers on the Internet. At every stage, from product design and development through to operations, we have security in our minds. We use a number of enterprise-class technologies to provide a high level of security.

Here are some examples:

  1. The servers in our data centres are physically secured with biometrics, guards and cameras. Our systems are separated with firewalls, intrusion detection systems and traffic analysis solutions that examine every byte of data as it enters and then moves around within our data centres. We monitor for unauthorised changes, tampering and viruses. Automated tools continuously scan our IT systems looking for any problems where software needs patching or where security configuration could be improved. We scan all of our software using specialist tools and perform penetration tests, or ethical hacking, against everything before it goes live on our site.

  2. All of this technology means you can be confident that using Betfair's products has the same level of safety you'd normally associate with online banking or large financial services companies.

Your Personal Information

Like other gambling and gaming companies, Betfair is required to collect personal information during the registration process in order comply with legal and regulatory requirements. We are very aware that we have a responsibility to protect your personal information and maintain your privacy. Within Betfair, only those employees that have a genuine business need to see your personal details are allowed access, and in all cases access to personal information is fully monitored.

We will never use your personal information for purposes other than those necessary to operate our website and products. We sometimes use data processing agencies and, where we do, we perform rigorous checks to make sure that these companies are reputable and will look after your data.

Whenever you register, login, make payments or send us other sensitive information we use SSL technology to make sure the information you are entering is protected. SSL is a well known standard which encrypts data before it leaves your computer in a way that can only be decrypted by Betfair's servers. Similarly the web pages you view are encrypted by Betfair's servers and only your computer can decrypt and then display them. If you have a relatively new browser like Chrome, Firefox or Opera, then this encryption is "military grade" 256-bit AES. Our servers won't accept connections from your web browser if it is unable to meet the minimum requirement for good security: 128-bit encryption.

Please refer to the Security FAQ for more information.

Responsible Disclosure

At Betfair we take the security of our customer’s data very seriously. If you believe you have discovered a potential security vulnerability on any of our Betfair web sites, services, apps or API’s, please help us fix it as quickly as possible by reporting your findings to vulnerabilities@betfair.com.
Publicly disclosing a vulnerability can put the entire community at risk, so we urge you to keep matters private until we are able to resolve the issue. We take security very seriously and investigate all reported vulnerabilities. We will keep in touch with you during the entire process. Our PGP public key for secure transmission can be seen below.


PGP Key
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsFNBFk6SokBEACq+MLsxy4LqIKavcPZ3DSYzf9FxFcKRj56EGtsU29s7yac
Uz59uV3GMB1wFST5GG4dqsWAoBq9lt6/L7yCeHJ/OzssUSTGE0D2B1+NXhBL
MWw0gvueBMHP2iAWnS3q2c58/32bMXc1+3lzD1sddw7NFvQug3ehaZucbSw7
wS94tPPDCUo6yQhzFV7q4+CajipHcf8kgo4363ADkwHEfijEUoos7n9LPA7c
LZABSCM5keY4FF8zwZXxNWVq7mG3o2EWHPqaL+U+rfbdGxj9v9WxC1a7A2MH
rmDSpua4BNhiykShE7Ihc+99x1SlfYBkV6vPDlSMO8WabScqXhFJv446JfdQ
94lq1zJkozP0tikamupTJjNbrs1zHSmUFktwpahwFRGU+zUUbxZaBn5BO8Ex
MNfE3KTNSnvTKNU84aGzLg0xXD8Ux/8pGhVjluHO3RjJWXIRFJp9lq/u/tB3
dcCuo7XOwc06pdP5yluz8bNoO7xzAQhZVtzZCVHwFBPEMCEUK3o8pVxEg+49
c6FLAbX9BGOEGro35G88v5wxateuBQk0vL6TTZkfK9AlJ4o5SKE7ISpdhmm2
vTG6WQqinAC3Ep7vt9uzxmJsgZfQZkySqZw4Ozxns5qrYM9OQIDYlV4MCfXR
IVVT2JQ3MCezAZT4XJxrfARYIHG9yBciqqB1MwARAQABzU8idnVsbmVyYWJp
bGl0aWVzQHBhZGR5cG93ZXJiZXRmYWlyLmNvbSIgPHZ1bG5lcmFiaWxpdGll
c0BwYWRkeXBvd2VyYmV0ZmFpci5jb20+wsF1BBABCAApBQJZOkqMBgsJCAcD
AgkQzR+W9eD1IC0EFQgCCgMWAgECGQECGwMCHgEAAJhVEACj5YmjLW7BXC8E
TywzN6VHSQBZYXZ0brUi11MpmYjmlvNNXM84/xaZc2QzeK3tal0skBClQj8h
YizjqjEdGyDBX85T9uYOR3c4Ioj3/a4+43YeddQIlqrNNjFMbt3Xjalu/tQ/
lzWch4baaM1e3l5PHDz9Tt8efL2VPTKDnNjmnjiL3JPVao/ODhgR6t2PrsOa
fZs1GJ7TXbSSlq838s+uiVqR9/qd/uQ2+VnMPKMe3UhzOJ+pfh209F3UP9rx
kmRwggG2QTsT5GOkO5xEywI+MIw0oWwd/YZk3v7931wko9XPEMqQNxscMCk/
lyOGtMbFAEFrd89656X+QdPC8u1ir1SFe4zh7aOaHkgu/ia7VqvuQLlF6Bm8
Gdk9PJmRZMuvM5ERe9SIhjj5Wx92/Ljo7ZGFztNTyGnQW1SIxdQpJVEYhsmM
Wzr61AIBs7nEXYaNbZVMq3mVLN+u5Fpzx+PEFH3jPuqCp9szxKuVH+yPrFbU
cO8lsOvG9W/VclX4nSR2I/nFIlyad4JQyhanU77AdwogaEYWHm0WdgF+ShPO
F+WmMAhdayP5KNCriq2MAL01i3cxrfdak/Cg9tNdkixxzjbYyVscQe9xGNry
PdSQcgAW/B8nQiY4G2xyab/hSSKlHAkR4fN4vvo/eJczl2c5Ox9ji8BrPqTE
si2cksjMtM7BTQRZOkqJARAA3nMNCehspJ5bsq1/pEP1HKVOwq7rWAWVQitH
TL5NN1lwaClo1bnI1NJR47iv/psryF9DhIRO6eRG0WFe6OyeyrdqxT07kvOh
hwonBuq0xKtOyGYNXJHF8mG/RT4Z5lX70K70mXWkX5HF3j/FuKRlLWVCSo0w
44xS8IYgL7EuMDI3QMERa/B6LdFtPFDX/F4pJ8MSwJQlNzLtuoeQ7JZ0u8MD
FbQdbrZvaz3+hFkRy9+/GgwR8ZKMMPO5d4mQ5PpF/xelzQNtx83SBtznsAnq
EKE6MPRlwKTJrAUJil+EC+VSVox4NhRq2JMxXnI5OxC3ttjKlrR7V0GRnSCi
5vm86gBNhWFSpGEONtZa71H1aRcvNY8mWN4s7pNGQ9dgj7QkBBVpY8LjwcRJ
9Cxr/oNG/y6N/G3KDYv3ZKgJIDUNvat3Oi+0iSJQ1xcXEmhLHgiQED0J+jpb
0Wy2fgwTvyn0Sh3Psu1YQ2ntlScD8BUzE1aZTaen1RlQaHjcoObjglaW7OVo
A1Jdn0chvhEUEO0OFrnEKK+Nh14+jIMqpN4RdQ2JSs2ej59uATeBR54iGray
y9emOLkiWJhr5zLtMakHRhtyTLDpo4Xt/x/zdZ0xgDAH5pyJf6bWr/BoR3UO
SHzXeSgkwho8onuijfHaBlgNn1NYjYDEve6zD+Pn51P9z2EAEQEAAcLBXwQY
AQgAEwUCWTpKjgkQzR+W9eD1IC0CGwwAAN/TD/49gXaxJ5MD8tXyQVAdM5SG
YDRWxyMrLjRWpq5CIcbO4uVvBg6/vse8abdISv0tNq7ZFf+KpIsssm44vsVL
a9IjjJzH3ux1iJPKDHP0wPle3j/D7IrZbEv7xTN1Q9FWj5IG1FMvc0mLqiV5
SVN+4E0vZRjFzURUe2LC4aooJkfhVvYDnPWsXyfcI3lwhiWkzRd8M4Qc6bKT
QcQtJ5ria4+W7GZowmqLPliUGBuzh1Rd+UE9OqwbKlXOXkdif1o8H7ZZcemW
SCjrEP9eCn92sZs0imZbBAcQ52EEOlsqlefmKo3z8R7ROmnxfIwC2QQqeJRR
uZo27iLMZYHjFbTrwctYGaW6ZUaijZoB4UcaTCb8C8OmIbyYL6W5GNqnozX/
mh369saTQiMIABEDSeo9ggmnbzz6OBGX++sypUVx+UHC5pe3DPIBYuBfVb8S
mkIRpqkVO8PRzLXjUjdfHwrwZWtYJTsIQQHQ5tI0Y7WU3NNaXYVgJIoHpM5N
wVjdBvMISV/+UjJj9qatV23EQ31yQxaGu1jrxXS/k41XabZK32rNkU8EekN3
y7SYgWZwfZOCwUKdF4h/9chp6bUV+C6FCI5/yL6b3f6cV1VANRDtgeI2a7z5
7nHb99m9gsYM+WvRGbZ5lbZeP/v5pGhH7bRrj4k04595JH2zZ+ScMczb992a
5w==
=b+UO
-----END PGP PUBLIC KEY BLOCK-----