Section 248.07 - Account Access(1) Upon opening a Sports Wagering Account, the Sports Wagering Operator shall allow each patron to establish a password to be used in conjunction with a username, or an alternative secure authentication credential, for use by the patron to assure that only the patron has access to the Sports Wagering Account. The Operator may make more than one permitted method of authentication available for a patron to access their account.(2) If the system does not recognize the authentication credentials when entered, an explanatory message shall be displayed to the patron which prompts the patron to try again. The error message shall be the same regardless of which authentication credential is incorrect.(3) Patrons must be given the option to use a multi-factor authentication process when accessing their account. In addition, a multi-authentication process shall be employed for the retrieval or reset of a patron's forgotten or lost authentication credentials.(4) Current account balance information, including any restricted wagering credits and unrestricted funds, and transaction options shall be available to the patron once the patron has been authenticated. All restricted wagering credits and unrestricted funds that may expire shall be identified separately.(5) The Operator shall employ a mechanism allowing for an account to be locked in the event that suspicious authentication activity is detected including, but not limited to, three consecutive failed access attempts in a 30-minute period. A multi-factor authentication process shall be employed for the account to be unlocked.Adopted by Mass Register Issue 1486, eff. 12/22/2022 (EMERGENCY).Amended by Mass Register Issue 1492, eff. 3/9/2023 (EMERGENCY).Amended by Mass Register Issue 1494, eff. 3/9/2023 (COMPLIANCE).Amended by Mass Register Issue 1498, eff. 6/7/2023 (EMERGENCY).Amended by Mass Register Issue 1503, eff. 9/1/2023.