Scratchcard Testing. Guideline



Similar documents
Security Control Standard

INSTANT TICKET GAME RULES AND GUIDELINES

MINNESOTA STATE LOTTERY GAME PROCEDURES BINGO SCRATCH GAME NO. 974 ADOPTED: AUGUST 5, 2014

XONYX Solid Surface Owner's Manual

<p>a. The name of Instant Game No is CAESARS. The play style is multiple games.

Smartstrand Cleaning Guidelines

MINNESOTA STATE LOTTERY GAME PROCEDURES LUCKY BUCK$ SCRATCH GAME NO. 514

Sports Betting Guideline The Security and Risk Management Guideline on Sports Betting for the Lottery Industry worldwide

Minnesota State Lottery Game Procedures Scratch Game No. 593 Lucky Numbers Adopted: February 23, 2016

INSTANT TICKET GAME RULES AND GUIDELINES

Copyright 2011 TROY Group Inc.

TGSNE2 Technical Gaming Standards for Non-Electronic Scratch and Win Tickets.

SENTRY SECURITY MODULE

MAKING A BETTER MARK WITH INK JET As substrates, industry regulations and customer demands change, fluids are also evolving

Acrylic Walls Installation Instructions

RECOATING AND RENEWING SPF ROOFING SYSTEMS

Columbia flooring will resist fading from exposure to sunlight or artificial light.

3. Maintenance of Laboratory Equipment

TAKING A HOLISTIC APPROACH BEST PRACTICES FOR OVER-THE-COUNTER GOVERNMENT ID CARD PROGRAMS. Mary Olson, Senior Marketing Manager, Citizen Solutions

How To Get A Warranty From Shaw Industries

DOCUMENT SECURITY ISSUES

WORKSHEET: ph and Water 23 Lab Instructor: Lab Day & Time: Student name(s): drain cleaner flat soda pop window cleaner ammonia.

Shaw Limited Lifetime Stain Warranty

Basic Properties and Application of Auto Enamels

SIENA HARDWOOD FLOORING 6 COLLECTION FINISH WARRANTY

SIGMACOVER 300. PRODUCT DATA SHEET December 12, 2014 (Revision of November 1, 2013) DESCRIPTION

Owner s Guide to Understanding Checks in Glued Laminated Timber

It s Not Just a Label It s Your Business. Why the right barcode label is essential to your success

Keeping your Carpet Beautiful

INSTALLATION MANUAL. Glass Vessel Sink. I toll free: I Kraus USA Inc.

Product Warranty and Replacement Procedure Forme Limited Warranty

Polarity and Properties Lab PURPOSE: To investigate polar and non-polar molecules and the affect of polarity on molecular properties.

1.4 Metallic Impurities Iron must not exceed 150 ppm and copper shall not exceed 6 ppm when tested according to TAPPI T 266.

T H A N K Y OU F O R Y OUR P U R C H A S E O F A N E S S E N T I A V A N I T Y, P L E A S E R E A D T H E S E V A N I T Y C A R E A N D I N S T A L L

TEKA RESIDENTIAL WARRANTY PROGRAM LIMITED WARRANTIES. February, 2004

Thank you for choosing Austin Concrete to create your unique one of a kind concrete countertop!! We enjoyed creating this new unique kitchen with

THERMAL TRANSFER SOLUTIONS

EXCLUSIONS CARPET WARRANTY AND CARPET CHARACTERISTIC EXCLUSIONS

Enhanced Check Security Features Padlock Icon

THERMAL TRANSFER SOLUTIONS

CARPET WARRANTY GUIDE

Dot matrix Label ID Products. C Vinyl cloth labels. Dot Matrix. Features and benefits. Part numbering system

Laser Checks. High Security Blank Check Stock

Stone Developments. Caring for Irish Blue Limestone Products. Irish Blue Limestone Maintenance Guide

Limited Warranties STAINMASTER Carpet. stainmaster.com

Mobile Deposit Policy

ROTOR LOADER OWNER S MANUAL

the Company will not warrant ANSI A156.2 Grade 2 lever Product installed in educational facilities and student housing.

WATER BATH CANNER Instruction Manual

Why do you need to Barcode your Fixed Assets

SkiLift LAX D25. ChemCo. Label & Tag papers. Hibiscus Flower GREE CHEMICALS. EXPOSURE Shade. that overcome the elements

Queensland Office of Liquor and Gaming Regulation

QWALL 4 ACRYLIC SHOWER WALL INSTALLATION INSTRUCTIONS

EzFlex Combustible Gas Leak Detector Model EZ40

IOWA LOTTERY AUTHORITY BID Security Assessment Services

SMOOTHMOVE INSTRUCTIONS FURNITURE VAN EPOXY FLOOR FINISH KIT VOC-FREE - NO SOLVENT GENERAL INFORMATION KEY 87269AB

Warranty. 1/5. Warranty

Sunbrella Care and Cleaning Instructions

25 Year Limited Warranty INCLUDED

MEDIA BINGO TERMS AND CONDITIONS

Sto Specification No. RC100 Guideline Specifications for Cleaning Wall Surfaces

North American Stainless

Hazardous materials can be silent killers. Almost every household and workplace has varying amounts of chemicals that, if spilled or combined, will

Profiles for floors of same height Cerfix Projoint

Common Defects in Digital Printing. Paul Geldenhuys & Amir Shapira January, 2009

tretford Maintenance Instructions

Can RFID Tags Work Inside Metal?

PERSONAL PROTECTIVE EQUIPMENT (PPE)

SOUTH CAROLINA EDUCATION LOTTERY INSTANT TICKET GAME RULES AND GUIDELINES INSTANT GAME NO. 460 LUCKY MONEY

Foodservice Equipment Specialists P.O. Box 880 Saco, ME. / U.S.A * FAX (207)

Black epoxy paste adhesive system

Epoxy Floor Coating Problem Solving Guide

OFFICIAL GAME RULES 5 Card Cash. Table of Contents Page Number

Select Radiators Installation Guide

BIG MONEY BINGO 2015

Note: Minor color change may occur in exposed service, but corrosion protection will not be compromised

English. Symbols used to mark instructions...3. Congratulations...5 Getting the best results...5. Warnings...6 Operating Procedure...

Sun Vinyl New Construction Windows Homeowner's Warranty

Republic of Panama Superintendency of Banks

Combating Fraud on Corporate Checking Accounts

Issue 3. Robinhood 60cm 10 Function Pyrolytic Oven

Objective: Preparation of Materials Lesson Instructions

Waterproofing System for Wastewater Tanks in Petrochemical Industries and Refineries

543.7 What are the minimum internal control standards for bingo?

DuPont Corian Use & Care Guidelines

4. Cryogenic gloves are generally designed to protect the hands from intense cold or heat.

Scotch-Weld TM. Acrylic Adhesives. DP8405NS Green. Product Data Sheet. Date: March 2014 Supersedes: August 2013

Quick Start Guide See Inside for Use and Safety Information

CARING FOR WATER DAMAGED PAINTINGS

Hazardous materials can be silent killers. Almost every household and workplace has varying amounts of chemicals that, if spilled or combined, will

Instruction Manual. Image of SP-3015 & SP Important Safeguards. Automatic Dispensing Hot Water Pot with Reboil Function

NORTH CAROLINA EDUCATION LOTTERY POLICIES AND PROCEDURES MANUAL CHAPTER 2 GAME RULES 2.02 ONLINE TICKET GAME RULES

Polyimide labels for Printed Circuit Boards

Transcription:

WORLD LOTTERY ASSOCIATION GUIDELINES Scratchcard Testing Guideline The Security and Risk Management Guideline on Scratchcard Testing and Design for the Lottery Industry worldwide Issued by the WLA Security and Risk Management Committee March 2008 This guideline is the property of the World Lottery Association WLA World Lottery Association Lange Gasse 20 CH-4002 Basel, Switzerland http://www.world-lotteries.org 1

Contents Page FOREWORD...3 1 INTRODUCTION...4 Scope...4 2 SECURITY THREATS...5 3 TESTING OVERVIEW...6 4 LEGAL AGREEMENT WITH TEST LABORATORY...6 5 TESTING OBJECTIVES...7 6 PHYSICAL TICKET CHARACTERISTICS...7 7 ENVIRONMENTAL TESTS...8 8 CHEMICALS AND SOLVENTS...9 9 OPTICAL EXAMINATION...9 10 MECHANICAL INTERFERENCE...9 11 TICKET FORGERY...9 APPENDIX A: SECURITY THREAT MITIGATION...10 Ticket Design...10 Retailer Inspection...10 2

Foreword The World Lottery Association has recognized the need for adequate security standards from its very beginning and further developed the work started by its predecessor organizations. The first Security and Risk Management Committee was established in 1989 and is currently known as the WLA Security & Risk Management Committee (SRMC). Representatives and security specialists from lottery organizations around the world are members of the committee and actively participate in the development of these standards. One of its most important areas of responsibility is the WLA Security Control Standard (WLA-SCS), the lottery sector's only internationally recognized security standard. The committee reviews security standards for use by the lottery sector and acts as a focal point for the sector on security issues. In order to further support member organizations in implementing the WLA-SCS, the SRMC has prepared these guidelines for scratchcard testing and design. Any comments or suggestions regarding these guidelines should be directed to the WLA Security & Risk Management Committee. 3

1 Introduction The ever-increasing popularity of lottery scratchcards (Instant tickets) increases the risk of fraud through ticket manipulation by retailers and purchasers. Attempts may be made to discover whether a ticket is a winner without doing damage to the ticket or attempts may be made at outright ticket forgery. To defend against these threats, it is prudent on lottery organizations to submit samples of scratchcards for thorough testing prior to distributing the tickets to retailers. Control and direction of testing activities is at the discretion of the lottery and not the printer. This document provides guidelines on: The types of tests that could be carried out. Legal requirements. Mitigation of security threats through game design and retailer (agent) inspection. Scope The scope of this document is as follows: Security Threats: A list of the principal threats that can compromise the integrity of scratchcards / Instant tickets. Testing Overview: A summary of the overall testing process and the minimum requirements for the final testing report. Legal Agreement: A summary of the legal requirements of the agreement between the lottery organization and testing authorities. Testing Objectives: A summary of the testing categories. Physical Ticket Characteristics: A list of tests that examine the physical details of the scratchcards. Environmental Tests: A list of tests that involve exposing the tickets to extreme temperatures, humidity and environmental condition. Chemicals and Solvents: A list of tests where tickets are exposed to common chemicals and household solvents. Optical Examination: A list of tests where tickets are scrutinized by concentrated light sources. Mechanical Interference: A list of tests that submit tickets to mechanical interference. Ticket Forgery: A list of techniques that can be used in attempts to forge winning tickets. There is also an appendix that contains: Guidelines on designing scratchcards to minimize the risk of compromise. A list of scratchcard / Instant ticket based checks that can be carried out in unannounced visits / inspections of retailer premises. 4

2 Security Threats There are several security threats associated with the sale and use of scratchcards: Covert discovery of winning tickets: Attempts are made to discover winning tickets by covert means (for example, by lifting the latex), without changing the information printed on the tickets and without causing any obvious damage to the tickets. This threat would typically be associated with retailers who attempt to keep the winning tickets for themselves and then sell the losing tickets to customers. Re-sale of losing tickets: Attempts are made to re-apply the latex cover/overprinting of known losing tickets for re-sale by retailers to unsuspecting customers. Fraudulent creation of winning tickets: Attempts are made to alter losing tickets, to make them appear as if they are winning tickets. This threat may be perpetrated both by retailers and by customers. Fraudulent claims: Tickets may be damaged or rendered unusable through faulty manufacturing processes. This may present opportunities to attempt fraudulent claims. In assessing the security risks associated with these threats, any of the following compromise factors may give rise to a security issue. For a ticket to be considered a serious security risk all of the following criteria must be met: A compromise reveals enough information to determine if a ticket is a winner. A compromise is completed fairly rapidly and easily (within 5 minutes). A compromise and repair leaves the ticket in saleable condition. A compromise involves the use of readily available resources. A compromise is easily repeatable and does not require specialized knowledge. A compromise is not rated as a serious security issue if it meets any one of the following criteria: Reveals too little data to determine winning status. Cannot be completed within 5 minutes. Does damage that would not allow the ticket to be sold. Needs exotic equipment. Is not easily repeatable or requires specialized knowledge. 5

3 Testing Overview Prior to the distribution of scratchcards in bulk to retailers, samples should be submitted for testing. The primary objective of testing is to examine the sample tickets to assess their security, durability and alterability, with a view to determining their effectiveness in mitigating the threats defined earlier. On completion of testing, the testing authority should submit a report containing at least the following: Testing objectives. A list of the serial numbers of the test tickets. A detailed physical description of the tickets, with commentary on any observed defects or anomalies. Detailed description and results of the tests. Conclusions, to include: o Whether the ticket has passed or failed the testing to which it was subjected. o If a ticket fails a test, the reasons why it failed and suggestions for ticket improvement. o Potential marketing issues. 4 Legal Agreement with Test Laboratory Before testing commences, if an independent laboratory is used, the lottery organization should enter into a legal agreement with the test authority. In addition to the usual commercial and legal considerations, the agreement should specifically address the following issues: Physical security of the laboratory. Screening of laboratory personnel (for example, for criminal history). Roles and responsibilities of laboratory personnel. Secure transportation of test tickets to and from the laboratory. Secure check-in, storage and check-out of test tickets within the laboratory. Approval of relevant laboratory procedures by the lottery organization. Confidentiality in all matters regarding the laboratory and the lottery organization. Confidentiality in sensitive communications between the laboratory and the lottery organization (for example, through the use of encrypted e-mail). Liability of the laboratory. The above list is not exhaustive and local requirements may add to the list. 6

5 Testing Objectives The objectives for testing the sample tickets should be specified. Typically these will include tests that attempt to alter tickets and read covered information on them, such as: Subjecting all tickets to extreme environmental conditions. Subjecting all tickets to a wide range of common chemicals and solvents. Subjecting all tickets to different ambient light situations. Subjecting all tickets to mechanical interference. Forging new tickets by modifying existing ones. These tests may be conducted on whole tickets and on de-laminated portions of tickets. The sample tickets should be marked Void sample or specimen to reduce the risk of their misuse. 6 Physical Ticket Characteristics The following physical ticket characteristics should be subjected to a detailed examination to identify potential security vulnerabilities or marketing issues: Ticket dimensions and thickness Method of folding and perforation Propensity to unprovoked de-lamination Ticket stock Background primer Use of Benday patterns (pattern characteristics and repeat sequences) Play symbols (type and positioning on the ticket) Play surface Scratch-off layer (type and ease/difficulty of scratching) Overprinting, print layer registration Reverse side (easy-to-follow instructions, ticket validation information, bar codes) Use of color Print quality (typographical clarity, variable density, smudging, missing ink, pinholes) Ticket numbering Testing abrasion resistance 7

7 Environmental Tests The test tickets should be subject to a range of extreme environmental conditions, to ascertain if it is possible to discover the play information without obvious ticket damage. Such environments may include: Very high temperature (e.g. 80 C/176 F) Very low temperature (e.g. -18 C/0 F) Vapor (steam, vodka, ammonia) Humidity changes Submersion testing hot water, soapy water, etc. 8 Chemicals and Solvents The test tickets should be subjected to a wide range of household and other generally available chemicals and solvents, to establish their effect on ticket security readability, color change, ink bleed and ticket damage. For example: Acetone (e.g. nail polish remover) Alcohol (e.g. vodka) Ammonia Antiseptic wash (first aid and/or mouth wash) Bleach Cooking oil Ethanol Ethyl Acetate Drain cleaners Gasoline Hand creams Hydrogen peroxide Paint thinner Stain removers Turpentine/white spirit Vinegar Water (hot, cold, salty, soapy) Window cleaners Windscreen washing solution 8

9 Optical Examination The test tickets should be subjected to different sources of light and non-visible radiation to assess their effect on ticket readability, opacity etc. For example: High intensity visible light Infra-red/ultra-violet light 10 Mechanical Interference The test tickets should be subjected to different kinds of mechanical interference, to assess how easy this is to do and how easy it is to restore the tickets to their original condition afterwards. Examples of mechanical interference include: Lifting the scratch-off layer Thinning the scratch-off layer Pin pricking the scratch-off layer 11 Ticket Forgery Within the testing, efforts should be made to create new winning tickets by modifying some of the sample test tickets. Such forgery attempts may include combinations of the following: Cut-and-paste Altering the shape of play symbols Removing /replacement of play symbols Altering the printed text Altering the security code Altering the bar code Altering the ticket color Replacing the back of the ticket Color copying Computer copying 9

Appendix A: Security Threat Mitigation There are two distinct areas that can be addressed to mitigate the threats to scratchcard security: Game design Retailer inspection Ticket Design The following guidelines for design can help greatly with ticket security, particularly in reducing the risk of discovering the play data by pin pricking: When designing a ticket, be cautious in how it is designed to play. Ensure that the play instructions are simple to understand and are not ambiguous. The play area should not be too busy (lending itself to cut-and-paste). Dividing lines should be dotted, not solid. Any symbol should be consistent in design, format, shape and color with the other play symbols. The Bonus Box should not have one designated symbol that shows whether it is a winning ticket. The play data should always float from side to side or top to bottom. Ensure the overprint on the VIRN (void if removed number) is sufficiently camouflaged. Ensure the winning symbol appears on all tickets, not just winning tickets. Overprint designs should be printed using multiple colors, both solid and screened. Overprint graphics should incorporate wavy/squiggly lines or various nonrectangular shapes. Overprint graphics should not be similar as playing icon graphics. Security digits and other retailer validation codes should be randomly situated within the body of the play area independent of the validation number. Retailer Inspection Unannounced inspection visits to points of sale at retailers can help to mitigate the threats to scratchcard security arising from retailer fraud. Inspection checks can include: Obvious damage to tickets. Tickets missing from a sequence. Packs of tickets split in an unexpected way. Tickets folded in an unexpected way. Tickets stored in unexpected (out of the way) places. Unaccountable discrepancies between actual and claimed ticket sales. Monitor activations terminals for unusual activity. i.e. scanning of non-winners 10