Supplement to Gaming Machine Technical Standards Consultation



Similar documents
Bingo and Casino Equipment Technical Requirements

Bingo and casino equipment technical requirements and related issues

Machine Standards Non-Complex Category D

Testing strategy for compliance with remote gambling and software technical standards. First published August 2009

Gaming Machine Type I Gaming Machine Type II

Machine Standards Category B3, B4, C & D (Legacy machines)

How To Know If Bingo Is Gambling

Security audit advice For holders of all remote gambling operator licences including specified remote lottery licences

1.3 If you are responding on behalf of an organisation, please indicate which type of organisation:

What is gambling software?

Betting: advice for remote, non-remote and betting intermediaries Advice note

Customer funds: segregation, disclosure to customers and reporting requirements

Licence conditions and codes of practice. February 2015 (Updated April 2015)

Remote gambling equipment Guidance note

Casino gaming reserve

Spillemyndigheden s Certification Programme Information Security Management System

543.7 What are the minimum internal control standards for bingo?

STANDARD SERIES GLI-18: Promotional Systems in Casinos. Version: 2.1

HIPAA Security Alert

CyberSource Payment Security. with PCI DSS Tokenization Guidelines

Cloud Software Services for Schools

Information Security Policies. Version 6.1

Briefing note on the national online self-exclusion scheme

Newcastle University Information Security Procedures Version 3

STATUTORY INSTRUMENTS 2012 No. _

Approval of test houses Application form guidance notes

IBM Connections Cloud Security

Spillemyndigheden s Certification Programme Information Security Management System

BUSINESS ONLINE BANKING AGREEMENT

MEDIA BINGO TERMS AND CONDITIONS

Standard conditions of the Electricity Distribution Licence

<Choose> Addendum Windows Azure Data Processing Agreement Amendment ID M129

Complying with PCI Data Security

Kinetic Internet Limited

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

G4 Responsible e-gambling Code of Practice Version G02/

Did you know your security solution can help with PCI compliance too?

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Promoting society and local authority lotteries

INTEGRITY CERTIFICATION REQUIREMENTS: CENTRAL SYSTEMS FOR SLOT MACHINES

Social Responsibility in Gambling

Gambling Protections and Controls. April 2014

University of Sunderland Business Assurance Information Security Policy

ONE TO ONE LAPTOP PROGRAMME POLICY

TRUE TITLE BEST PRACTICES

Catapult PCI Compliance

Data Protection Act Guidance on the use of cloud computing

INFORMATION TECHNOLOGY MANAGEMENT CONTENTS. CHAPTER C RISKS Risk Assessment 357-7

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2

Leveraging Dedicated Servers and Dedicated Private Cloud for HIPAA Security and Compliance

ELECTRONIC COMMERCE AND ELECTRONIC SIGNATURE ACT (ZEPEP-UPB1) (Official consolidated text)

6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Managed Hosting & Datacentre PCI DSS v2.0 Obligations

Social Responsibility in Gambling

Review of remote casino, betting and bingo regulatory return and gambling software regulatory return. Consultation document

Service Level Agreement (SLA) Arcplace Backup Enterprise Service

Vehicle Tracking System,

Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4

Appendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice

ACT GAMBLING AND RACING COMMISSION

The Gambling Act 2005 received Royal Assent in April 2005.

CHIS, Inc. Privacy General Guidelines

MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE

HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE

HIPAA Security COMPLIANCE Checklist For Employers

Guidance for Industry Computerized Systems Used in Clinical Investigations

G4 Responsible Casino Code of Practice Version G02/

Virginia Commonwealth University School of Medicine Information Security Standard

Exhibit to Data Center Services Service Component Provider Master Services Agreement

PA-DSS Implementation Guide for. Sage MAS 90 and 200 ERP. Credit Card Processing

HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER

Security Control Standard

---Information Technology (IT) Specialist (GS-2210) IT Security Competency Model---

SafeNet Authentication Manager Express. Upgrade Instructions All versions

Use of Exchange Mail and Diary Service Code of Practice

Information Crib Sheet Internet Access Service Agreement

Payment Card Industry (PCI) Data Security Standard. Summary of Changes from PCI DSS Version 2.0 to 3.0

PRIVACY IMPACT ASSESSMENT

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

How To Secure An Rsa Authentication Agent

ELECTRONIC PULL-TAB GAME SYSTEM STANDARDS AND REQUIREMENTS. Checklist. Manufacturing standards for the design and manufacture of:

REMOTE WORKING POLICY

Declaration of Conformity 21 CFR Part 11 SIMATIC WinCC flexible 2007

Supplier Information Security Addendum for GE Restricted Data

Guidance for Data Users on the Collection and Use of Personal Data through the Internet 1

Lotteries and the Law (Gambling Act 2005)

NO PURCHASE NECESSARY TO ENTER OR WIN. A PURCHASE WILL NOT INCREASE YOUR CHANCES OF WINNING. VOID WHERE PROHIBITED.

"Broadband Voice Telephone Adapter" a broadband voice telephone adapter or BT Voyager 220V which may be bought from BT.

Cathay Business Online Banking

HMRC Secure Electronic Transfer (SET)

ECSA EuroCloud Star Audit Data Privacy Audit Guide

Transcription:

Supplement to Gaming Machine Technical Standards Consultation Downloadable, Wireless and Cashless Gaming Machine Systems Consultation paper, September 2006 Introduction 1. This paper is a supplement to Gaming Machine Technical Standards, issued in June 2006. In that paper, we consulted on the general requirements that will apply to all gaming machines (categories A to D). It was stated in the paper that the requirements for server based, downloadable and wireless gaming machines, and for cashless payment systems would be released for consultation at a later date. 2. This document sets out our proposals for these remaining technical issues relating to gaming machines and invites comments. It should be read in conjunction with the general requirements for gaming machines set out in Gaming Machine Technical Standards, issued in June 2006. You can access that document via the press release on our website at: http://www.gamblingcommission.gov.uk/client/news/pressrelease_detail.asp?id=17 Information about how to respond is available at paragraph 23. 3. The standards proposed here will in future be incorporated into the overall machine technical standards for each category of gaming machine. We have therefore continued the numbering from our earlier document this document consults on Sections 10 and 11 from the overall technical standards for gaming machines. Section 10. Server Networked and Downloadable Game Requirements Section 11. Wireless Network Systems Please note that these proposed standards apply only to gaming machines, and not to other machines or systems that use remote communication. Section 12. Cashless payment systems 4. We have included a short explanation of the aims of each of sections and the approach we have taken. However, it will be particularly important for manufacturers and suppliers to consider the draft requirements themselves, rather than rely on our short explanation. Victoria Square House Victoria Square Birmingham B2 4BP T 0121 230 6500 F 0121 237 2236 www.gamblingcommission.gov.uk

Background and context 5. The Gambling Act 2005 gives the Commission, as part of its statutory role, the responsibility to license operators that manufacture, supply, install, adapt, maintain or repair gaming machines. The Commission has the power to set standards for gaming machines and provide for their enforcement by way of licence conditions. The Act enables the Commission to require licensees and applicants for licences to submit to machine testing, including testing by external bodies. 6. The current gaming machine guidelines agreed with BACTA (British Amusement Catering Trade Association) do not include guidelines for server based, downloadable or wireless systems. BACTA s own technical standards, which are adopted by its members, do not currently cover this issue. However in Britain, there are systems in use (and more are being developed) to take advantage of the flexibility and efficiency of such technologies. The Commission welcomes these developments provided that there are adequate safeguards to protect the interests of the player, ensure transparency and game fairness. 7. The current machine guidelines cover cashless payment systems. However, many of the issues covered in those sections of the guidelines are likely to be addressed by regulations under Section 240 of the Act, on which the Department for Culture, Media and Sport intend to consult separately. Therefore, these issues will not be covered in our technical standards. 8. Internationally there are moves towards regulating wireless, downloadable and server based gaming systems. We have taken note of the standards produced by GLI and BMM, and our proposed standards aim to be appropriate for the machines which are and will be based in Britain. Overall aims 9. In drafting these sections of the standards, our overall aim was to ensure the integrity of communications, and that the systems maintain fairness for players. As indicated in our consultation on Licence Conditions and Codes of Practice (issued in March 2006), we also propose some measures that would enable a customer to track and control their spend when using cashless payment systems. We believe that our proposed requirements are reasonable to implement, especially since cashless systems also bring with them increased marketing opportunities. Section 10: Server Network and Downloadable Game Requirements 10. Section 10 of the proposed standards is designed to capture systems (becoming more common in Britain) that utilise a network or other means - such as a hand held portable device - to modify the game content or configuration setting on a gaming machine, such as the percentage return to player. 11. A general definition is given in section 10.1. Section 10.2 and 10.3 are intended to ensure that the means of communication between the terminal and any external device is secure and that there are sufficient safeguards to verify that any modifications or additions to the 2

control software has been carried out without tampering or data corruption. The Commission does not intend to specify the manner in which this should be achieved, leaving flexibility for the industry to update their systems as technology in this field evolves and improves. 12. Section 10.4 requires an audit of the type of activity carried out during any remote access to the gaming terminal, so that alterations can be tracked and investigated where necessary. Section 10.5 requires additional auditing and controls where the player s likely percentage return or other game configurations can be modified remotely. 13. Where a gaming system utilises a component external to the player terminal such as a RNG (Random Number Generator) it must comply with the requirements of section 10.6, which requires secure data transmission and audit of significant events. This is primarily to ensure game fairness it provides a means to help resolve player disputes, and to investigate any issues of non-compliance. Again the Commission has left flexibility in the manner in which this achieved. TECHNICAL STANDARD PROVISION All categories of gaming machine 10.0 Server networked and downloadable game requirements 10.1 Section 10 applies where any of the following systems are in place: Any element of the gaming process that may determine the game outcome is executed on a device external to the player s terminal and requires a communication link (networked) in order for the system to operate. The control software can be modified, removed or added to the player terminal via a network or; The control software can be modified, removed or added to the player terminal using a portable device requiring a temporary communication link or other means. Examples of such systems are where the terminal control program, randomly generated game determinants or other game content is generated by a central server and downloaded to the player terminal for the operation of the game. 10.2 Communication requirements All communication protocols must have proper error detection and/or recovery mechanisms which are designed to prevent unauthorised access or tampering, employing Data Encryption Standards (DES) or equivalent encryption with secure seeds or algorithms. 10.3 Software verification Where any control software is modified or downloaded onto the player s terminal the following requirements shall be met: The system responsible for the software upload must be capable of verifying that all control programs installed are true and exact replications of those communicated to the device in order to ensure game integrity. Where any error is detected an appropriate action must be taken to either remedy the fault or disable the game. There are sufficient security measures to ensure that any control software residing on 3

the player s terminal remain true and exact replications of those communicated to the device. 10.4 Remote access and audit requirements Where the player terminal has the facility for remote access for the purpose of control software modifications, deletions, additions or product support, the following shall be met: There shall be sufficient security measures to prohibit non-authorised access. An audit log of the following should be retained for a minimum of twelve months a) Log on name; b) Time and date the connection was made; c) Game program ID numbers added, changed, or deleted; d) Duration of connection; e) The player terminal(s) which the game program was downloaded to and the program it replaced or amended (if applicable); f) Packet size(s) of data uploaded and downloaded; g) List of game directories and/or operational parameters modified; and h) Any non authorised access attempted (or successful). The upload facilitator or operator should also keep records for a minimum of 12 months detailing specific areas accessed and changes that were made and the reason for doing so. The audit log(s) and any applicable records should be available for inspection. 10.5 Pay table/denomination configuration changes Player terminal control programs that offer multiple pay tables and/or denominations that can be configured via an external communication must comply with the following: a) Information relating to the player s likely return (%RTP) must be transparent to the player for the pay table in operation and in particular where any changes occur at times when the system is available for play. b) The game is in an idle state when any update occurs; and c) Any change to the pay table will not cause inaccurate crediting or payment. 10.6 External random number generator Where a random value or other element used to determine the game outcome is uploaded to the player terminal from a device external to its cabinet by means of communication then it shall comply with the following: a) The method of transmission shall be secure, employing Data Encryption Standards (DES) or equivalent; b) There shall be a means of authentication which would alert the operator to any external tampering, modification or interception and replacement of the transmitted random variable that may be used to determine a game outcome; c) Where an error occurs the terminal must display an error message with the appropriate audio and visual indicator, and record the details, including time and date of the error in a log. Correcting such an error shall require operator intervention unless there is a secure automated process to do so; and d) An audit log of the following should be retained for a minimum of one month: Sufficient time stamping of significant events so as to be able to resolve any player disputes arising as a result of timing issues. For example: i) Time stamp of final stake being placed within the game. ii) Time stamp as to when winning determinant(s) was received by 4

terminal. iii) Time stamp of point within the game at which no more stakes can be placed. iv) Time stamp of any warnings given that no more stakes would be accepted. Winning determinant as displayed to the player (if presented differently to that received from external source) Total stake including any combinations placed with sufficient information to be able to determine win/loss from winning determinant. The audit log should be available for inspection on request. The Commission does not intend to set out exact requirements for time stamping of significant events as it is considered better that the manufacturer do so on the basis of the overall system design. Section 11: Wireless Network Systems 14. Our priority in setting standards for wireless network systems (communication between devices using radio waves) is to ensure game integrity, fairness and transparency. We have therefore required that such devices be limited to use where they are operationally reliable as described in sections 11.1. 15. We have set minimum requirements for instances where network failures occur (section 11.2) with a view to protecting the player s interests but do not intend to prescribe as to how operators should deal with voided games. Operators should make it transparent to the player prior to the use of such devices as to how voided games will be dealt with. We have again set a requirement for a secure means to transmit data, section 11.3, but have not stated how this should be achieved for same reasons previously given. 16. Section 11.4 requires that the player is able to determine the time available for play (battery life or other power source) for transparency purposes and section 11.5 requires audit information, again to ensure game fairness where disputes or other non-compliance issues arise. 11.0 WIRELESS NETWORK SYSTEMS 11.1 Network Coverage If a gaming machine is designed to allow players to participate using a wireless network the following shall be complied with: a) Unless denoted by clear signage there shall be no areas where players may participate in any gambling using such a device where the communication signal is; i) Not available ii) Of poor quality such that interruptions in play would be likely b) There shall be adequate wireless coverage so that the failure of a single transmitter does not significantly reduce the players ability to participate in gambling. 11.2 Network Failure Where a network failure occurs: a) The device shall alert the player within 10 seconds of it occurring. It is permissible for the device to continue with any gambling if the network connection is restored provided 5

that the player is not disadvantaged in any way. b) A manual alternative method of play (e.g. keying in game outcome or other element as opposed to an automatic download via wireless network) is permissible where there is no disadvantage to the player and that there is adequate time to do so. Catch up facilities (e.g. button pressed to bring device up to current position within game) may only be used where the game in which the credit was taken has not been completed. The Commission does not intend to set any rules pertaining to voided games as a result of communication loss or other device malfunctions as it is expected that the operator will do so in their terms and conditions which should be transparent to the player prior to its use. 11.3 Communication requirements All protocols must use communication techniques that have proper error detection and/or recovery mechanisms which are designed to prevent unauthorized access or tampering, employing Data Encryption Standards (DES) or equivalent encryption with secure seeds or algorithms. 11.4 Power level display requirements Portable devices should ensure that players have adequate information as to the likely battery life (preferably in hours/minutes) and give additional warnings when this reaches a low level (e.g. 10 minutes charge remaining). 11.5 Audit requirements An audit log of the following should be retained for a minimum of one month: Sufficient time stamping of significant events so as to be able to resolve any player disputes arising as a result of timing issues. For example: i) Time stamp of final stake being placed within the game. ii) Time stamp as to when winning determinant(s) was received by terminal. iii) Time stamp of point within the game at which no more stakes can be placed. iv) Time stamp of any warnings given that no more stakes would be accepted. Winning determinant as displayed to the player (if presented differently to that received from external source). Total stake including any combinations placed with sufficient information to be able to determine win/loss from winning determinant(s). The audit log should be available for inspection on request. The Commission does not intend to set out exact requirements for time stamping of significant events as it is considered better that the manufacturer do so on the basis of the overall system design. Section 12: Cashless Payment Systems 17. This section covers cashless payment systems such as smart cards. We have included a general statement on what the Commission considers to be a cashless system (section 6

12.1). This excludes ticket in and out systems (TITO) and tokens, as these forms of payment are covered in our earlier consultation document. We propose to require that funds on a smart card or other payment systems can be retrieved at any time if they have not been committed to play (section 12.2) and also that the customer should have easy access to information about the funds on their card. 18. We have also included in sections 12.4 to 12.6 additional requirements that would allow the player to set deposit limits and track the amount they are spending. The player will also be able to self exclude and the card or other payment mechanism must not be able to credit a gaming machine during a self-exclusion period. Technical Standard provision All categories of gaming machine 12.0 Cashless payment system requirements 12.1 General statement Where the gaming machine has the facility to take credit and make payment to the same medium (e.g. smartcard) then the requirements of this section must be complied with. TITO systems (ticket in and out) and tokens are not required to comply with this section. The term token for the purpose of this section refers to an object with a fixed monetary value, usually exchanged for cash that may be used for the purpose of crediting the gaming machine. 12.2 Cashing out The player shall have the facility to cash out in full all non-committed funds to the medium from which they originated, where capacity allows. The system may allow the player to cash out a portion of the funds held on the machine if they so choose, but they should always be given the option to cash out in full. 12.3 Viewing funds held A facility must be available on the premises which will show the player their current monetary balance held on the medium without the requirement to transfer funds or a game having to be played. Such a facility shall not offer any inducements to the player to commit money for play or further play. 12.4 Self exclusion The player shall have the opportunity to be able to self exclude from machine gaming at any reasonable time. A gaming machine shall not accept funds from a medium where the account holder has self excluded themselves. 12.5 Reversal of self exclusion For a gaming machine to accept funds from a medium where the player has self excluded shall require an action by the site operator. It shall not be possible to reverse a decision by the player to self exclude within the agreed period of self-exclusion. (The minimum period for selfexclusion is set out in the relevant operator s Licence Conditions and Codes of Practice.) 12.6 Deposit Limits The player shall have the facility to track and/or limit the amount of money they are able to deposit onto the medium over a given period of time. The limit that the individual chooses to impose may only be set or modified once in any 24 hour period. 7

Next Steps 19. We are currently considering the responses which we have received in relation to our earlier Gaming Machine Technical Standards Consultation. During October, we intend to hold several seminars to discuss the issues raised during the consultation - and will invite representatives from each of the relevant trade associations and other bodies with an interest in machine technical standards to attend. We intend to issue a final consolidated version of the standards, including the sections in our earlier consultation and those set out in this paper, in November. 20. We will also be working further on the testing procedures that will apply to various categories of machine and back office systems and will issue a separate consultation on those processes later in the year. 21. It is intended that compliance with the Commission s technical standards will be a requirement for all new machines from 1 September 2007. In our earlier consultation, we received responses to indicate that it would be extremely difficult and costly for machines that exist in the market currently to be brought into line with all aspects of these standards. We are therefore in the process of identifying any areas with which all machines, including legacy machines, should be required to comply from September 2007. We may allow a reasonable period for machines in the market to be adapted or replaced to comply with other areas relating to the standards. We will discuss these issues with the industry. Responses to this document and further information 22. For more information on the Commission, including on licence conditions and codes of practice, please visit www.gamblingcommission.gov.uk 23. This consultation paper is seen as supplementary to our main consultations. It is aimed at a specialist audience, exploring specific technical issues arising form the main consultation. Therefore the consultation period for this paper will be six weeks. The consultation period for this document will close on 27 October 2006. Please send your comments to consultation@gamblingcommission.gov.uk, or by post to: Consultation Coordinator Gambling Commission Victoria Square House Victoria Square Birmingham B2 4BP T 0121 230 6500 F 0121 237 2236 E consultation@gamblingcommission.gov.uk Gambling Commission, September 2006 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information