Paddy Power Cyber Security

The internet’s great. But it’ll come as news to nobody that there are bad apples out there, who will try and trick you out of your hard-earned money and data. Here is where you’ll find information put together by our security team, that can help you to defend against security threats online. We’ve also outlined the way we store and protect your information, and how you can responsibly let us know about any vulnerabilities in our security.

The Basics

There are basic security principals that you abide by when using Paddy Power’s website (and it’s no harm keeping them in mind everywhere else):

If you are logged into your account for 24 hours without using it the system will automatically log you out. We recommend that you change your password every four to six months. Your password should be unique (a mixture of numbers, letters and characters) and known only to you.
We also recommend that you run do regular scans for malware on your device with an Antivirus to ensure that it is protected against the latest threats.

How do we store your information?

ImageLike other gambling and gaming companies, Paddy Power is required to collect personal information during the registration process in order comply with legal and regulatory requirements. We are very aware that we have a responsibility to protect your personal information and maintain your privacy. Within Paddy Power, only those employees that have a genuine business need to see your personal details are allowed access, and in all cases access to personal information is fully monitored.

We’ll never use your personal information for purposes other than those necessary to operate our website and products. We sometimes use data processing agencies and, where we do, we perform rigorous checks to make sure that these companies are reputable and will look after your data.

Whenever you register, login, make payments or send us other sensitive information we use SSL/TLS technology to make sure the information you are entering is encrypted in transit. Every transaction made with Paddy Power can be made with the utmost confidence, because every piece of information you enter will be garbled so that, in the unlikely event that it does fall into the wrong hands, will be unreadable. For more information on this matter visit Paddy Power Privacy Policy page.

How we protect your information

ImagePaddy Power employs numerous technologies to help protect our customers from attackers on the Internet. We like to think of them as our Internet Bouncers. At every stage of developing our apps and website we have security in our minds. We use a number of enterprise-class technologies to provide a high level of security. The servers in our data centres are physically secured with biometrics, guards and cameras. Our systems are separated with firewalls, intrusion detection systems and traffic analysis solutions that examine every byte of data as it enters and then moves around within our data centres. We monitor for unauthorised changes, tampering and viruses. Automated tools continuously scan our IT systems looking for any problems where software needs patching or where security configuration could be improved. We scan all of our software using specialist tools and perform penetration tests, or ethical hacking, against everything before it goes live on our site. Basically, we use a lot. All of this technology means you can be confident that using Paddy Power products has the same level of safety you'd normally associate with online banking or large financial services companies.

Having never gotten our football coaching badges, Paddy Power is proud to be ISO27001 certified, the de-facto global standard for Information Security Management. This means we have looked at our business and identified the necessary security management, policies, standards and procedures to protect our customers and our business. ISO27001 certification shows that we are serious about delivering premium quality security, that we willing to undergo regular independent audit and that we are committed to reviewing and maintaining our security features in the future.

ImagePaddy Power is also PCI certified and, as a Level 1 merchant, we undergo annual PCI validation by an external and independent PCI Qualified Security Assessor (QSA). You can have confidence that your payment card details are stored and used securely.

Once we receive your card details, we will carry out a check of your card with our credit card checking facility. This ensures that the number you entered actually corresponds to a real credit card number and is not one that has been made up. We also do random security checks on a continuous basis to ensure that a card is not being fraudulently used. Card data is, at no time, sent over the internet during the validation. Incorrect details associated with your card will result in your account being suspended for security reasons.

Responsible disclosure

We take the security of our customers and employees’ data very seriously. If you reckon you’ve discovered a potential security vulnerability on any of our apps or services, we pay up! Report it as quickly as possible on our public bug bounty program available in HackerOne.


Publicly disclosing a vulnerability can put our customers at risk, so we urge you to keep it under your hat, until we are able to resolve the issue.