Preamble
These regulations apply only to the Electronic Games of Skill operations at licensed Pari-mutuel franchises, as authorized by Act 1151 of 2005. The provisions of this Act are located in the Arkansas Code and codified as A.C.A. § 23-113-201. They were developed by Gaming Laboratories International, Inc. with the input of the Arkansas Racing Commission, the staff of the Department of Finance and Administration. Comments from suppliers of electronic games of skill and the general public were also considered in the drafting of this document. The regulations were adopted under the provisions of A.C.A. §§ 25-15-201 through 25-15-218. Associated with, but not part of these regulations, are "appendices."
The purpose of the appendices is to provide pertinent material that is subject to frequent change, particularly forms that are related to licensing. Although appendices are documents that enable the enforcement of regulations, they are located outside the body of this document. This will permit the ability to change and update forms, procedures and processes to conform to changes without making policy/regulatory changes. Such changes are considered to be technical in nature and, therefore, will not necessitate invoking the rule making process.
The appendices are designated by a "P" followed by a hyphen, and then with a reference number of the Section number to which is refer or supports.
Example: P 1-13-17(a) would be a "Personal History Disclosure form.
Appendices contain such items as:
Index of forms and appendices
Forms
Examples
Instructions
Key to abbreviations and acronyms
Frequently asked questions (FAQs)
The Games of Skill Regulations and Appendices reside on the Department of Finance and Administration's (DFA), Racing Division's web site at http://www.arkansas.gov/dfa/racing/rc_index.html, and are also available in printed form upon request. Requests for printed copies may be made in the form of an e-mail to the Manager of the Racing Division (listed on web site) or by U.S. Mail at P.O Box 3076, Little Rock, AR 72203 or by telephone at 501-682-1467.
The Arkansas Racing Commission and the offices of the Department of Finance and Administration adhere to the spirit and letter of the Freedom of Information Act of 1967 as stated in ACA § 25-19-101 et seq.
The following words and terms, when used in these regulations, shall have the following meanings unless the context clearly indicates otherwise:
Except as otherwise approved by the Commission, any person or entity who carries out or will carry out, or has or will have any of the functions mentioned in Section 14.4 shall obtain a Key Employee License; or who carries out functions specified in Section 14.5 shall obtain a General Employee License before commencing work with a Franchise Holder. The lists contained in Sections 14.4 and 14.5 of these regulations are not all-inclusive but illustrative.
Any person or entity who is going to be employed by the Franchise Holder in a position which includes any of the following responsibilities or powers, independently of the title, shall obtain a Key Employee License:
Any natural person who is going to be employed by the Franchise Holder in a position which includes any of the following responsibilities related to the operations of the Franchise Holder, or whose responsibilities predominantly involve the maintenance or the operation of EGS gaming activities or equipment and assets associated with the same, or who is required to work regularly in restricted EGS areas shall obtain a General Employee License. Said persons shall include, but not be limited to, any person who:
Any holder of an Employee License shall renew his license by filing with the Commission an application for renewal of his Employee License. The completed renewal application shall be filed with the Commission no later than 60 days prior to expiration of the license.
Every applicant for an Employee License shall establish his/her identity with reasonable certainty by providing the necessary Identification Credentials.
The fees payable for the initial or renewal application for Employee Licenses shall be determined by the Commission. Applications for an initial license and every third year after initial license will be required to pay to the Commission a fee to cover the costs related to obtaining background investigations and reports. Applications for an initial license and every third year after initial license will be required to pay to the Commission a fee to cover the costs related to obtaining background investigations and reports.
No employee with an expired license shall work in a position or shall exercise functions for which such license is required, with the understanding that if such employee is found working without a current and valid license, the employee, as well as the Franchise Holder or person or entity employing the employee shall be subject to sanctions as established by the Commission.
The following words and terms, when used in this section, shall have the following meanings unless the context clearly indicates otherwise.
The Racing Commission shall, on its own initiative, or upon referral by the Franchise Holder, investigate or review any individual who would appear to be an appropriate candidate for placement on the exclusion list. An agent or other representative of the Racing Commission may conduct the investigation and place any candidate for exclusion on the list and notify that person. The Commission administrator or designee shall, within 30 days of placement thereon, affirm the decision of the Racing Commission representative to place an individual on the exclusion list, or the person's name shall be removed from the list.
Franchise Holder each quarter shall report and remit to the EGS Section of the Arkansas Racing Commission all winnings withheld from patrons who are determined to be less than 21 years of age.
The license of any person issued pursuant to the provisions of Act 1151 of 2005 or these regulations, who is found by the Racing Commission to have intentionally allowed a person less than 21 years of age to play or operate an EGS shall be subject to sanction including the implementation of a fine, suspension or revocation at the discretion of the Commission.
There shall be, for the exclusive use of the Commission agents, office space at each Franchise Holder's licensed premises for monitoring and recording purposes. The designation of the EGS office shall be approved by the Commission.
Commission, shall file annual reports of financial and statistical data as required by the Commission. The data may be used by the Commission to evaluate the financial position and operating performance of individual Franchise Holders and compile information regarding the performance and trends of the industry in the State of Arkansas.
Franchise Holders shall report to the Commission essential details of any loans, borrowings, significant installment contracts with a value of over $25,000 per year, guarantees, leases, or capital contributions at least annually.
Floor a physical structure known as a cashiers' cage ("cage") to house the cashiers and to serve as the central location.
The internal controls submitted and subsequently approved by the Commission must include the accounting controls to protect the cashier's cage and satellite cage assets.
A Franchise Holder shall not exchange cash for cash with or on behalf of a patron in any Transaction in which the amount of the exchange is more than $3,000.
Each Franchise Holder shall follow all Federal Law regarding SARC and FinCEN.
The EGS shall be robust enough to withstand forced illegal entry, unless such entry causes an error condition, and which does not affect the subsequent play or any other play, prize or aspect of the game. The following rules shall apply to the EGS access areas:
Electrical and mechanical parts and design principles of the EGS may not subject a player to any physical hazards.
The Laboratory will perform certain tests to determine whether or not outside influences affect EGS game fairness to the player or create cheating opportunities. Electrical Testing shall be performed by a Test Laboratory that specializes in that type of testing for health or safety matters. Electrical Testing is the responsibility of the Manufacturer, purchaser, and operator of the equipment. An EGS shall be able to withstand the following tests, resuming game play without operator intervention:
An EGS shall have a not easily removable, without leaving evidence of tampering, identification badge, permanently affixed to the exterior of the cabinet by the Manufacturer, and this badge shall include the following information:
The EGS must have a light located conspicuously on top of the EGS that automatically illuminates when a player is redeeming credits that the EGS cannot automatically pay, or an Error Condition has occurred, or a 'Call Attendant' condition has been initiated by the player. This requirement may be substituted for an audible alarm for 'bar-top' style games where multiple terminals share a common Tower Light.
An on/off switch that controls the electrical current shall be located in a place which is readily accessible within the interior of the machine so that power cannot be disconnected from outside of the machine using the on/off switch. The on/off positions of the switch shall be labeled.
The logic compartment is a locked cabinet area with its own locked door that is separate from any external door lock. Logic Compartment(s) are area(s) within an EGS that house(s) Critical Electronic Components (components that have the potential to significantly influence the operation of the EGS), which would include:
All currency compartments shall be locked separately from the main cabinet area. Currency Compartments must also meet the following rules:
The EGS shall be designed so that power and data cables into and out of the EGS can be routed so that they are not accessible to the general public. This is for game integrity reasons only, not for health and safety. Security-related wires and cables that are routed into a Logic Compartment shall not be able to be easily removed.
The EGS shall not be adversely affected, other than resets, by surges or dips of ± 20% of the supply voltage. It is acceptable for the equipment to reset provided no damage to the equipment or loss or corruption of data occurs.
EGS must be controlled by one (1) or more Microprocessors or the equivalent in such a manner that the game is controlled by the Microprocessor.
For printer games, the printer shall be located in a locked area of the EGS (e.g., require opening of the main door to access), with the exception of a logic area or the drop box. This requirement ensures that changing the paper does not require access to the drop (cash) or logic areas containing Critical Electronic Components. Ticket Printers shall be interfaced in such a way as to allow the EGS Control program to interpret and act when the Ticket Printer is out of paper or low on paper, there is a printer jam or failure or the printer is disconnected.
Each Printed Circuit Board (PCB) shall be identifiable by some sort of name (or number) and revision level and:
If the game has mechanical or electro-mechanical devices, which are used for displaying game outcomes, the following rules shall be observed:
Games that have video monitors must meet the following rules, as applicable:
All acceptance devices shall be able to detect the entry of valid bills, coupons, Ticket Vouchers, or other approved notes, and provide a method, utilizing a bidirectional communication protocol, to enable the EGS software to interpret and act appropriately upon a valid or invalid input. The acceptance device(s) shall be electronically-based and in a highly accurate manner, ensure that only valid bills of legal tender are accepted. The bill input system shall be constructed in a manner that protects against vandalism, abuse, or fraudulent activity. In addition, bill acceptance device(s) shall only register credits when:
If Bill Acceptors are designed to be factory set only, it shall not be possible to access or conduct maintenance or adjustments to those Bill Acceptors in the field, other than:
Payglasses or video displays shall be clearly identified and shall accurately state the rules of the game and the award that will be paid to the player when the player obtains a specific win. The payglasses or video displays shall clearly indicate whether awards are designated in credits, currency, or some other unit. The Denomination being played shall be clearly displayed. The EGS gaming device shall reflect any change in award value, which may occur in the course of play. This may be accomplished with a digital display in a conspicuous location of the EGS gaming device, and the game must clearly indicate as such. All paytable information should be able to be accessed by a player, prior to them committing to a bet. Pay glasses or video displays shall not be certified if the information is inaccurate or may cause confusion. The "reasonable player" standard shall be used for evaluation:
An EGS shall display, or shall have displayed on the glass, the following information to the player at all times the machine is available for player input:
Each individual line to be played shall be clearly indicated by the EGS so that the player is in no doubt as to which lines are being bet on. In addition, the winning playline(s) shall be clearly discernable to the player (e.g., on a video game it may be accomplished by drawing a line over the symbols on the playline(s) and/or the flashing of winning symbols and line selection box. Where there are wins on multiple lines, each winning playline may be indicated in turn. This would not apply to games that use mechanical reels).
The following rules apply to EGS that offer more than one (1) game to be played:
Games offering merchandise prizes shall display the amount of merchandise prize clearly to the player on the EGS that is offering the prize.
The highest single advertised payout on each gaming device shall occur, statistically, at least once in 100,000,000 games. This does not apply to multiple awards won together on the same game play where the aggregate prize is not advertised. This odds rule shall not apply to games which make it possible for a player to win the highest win multiple times through the use of free games. This rule does apply to each Wager that wins the maximum award.
Available credits may be collected from the EGS by the player pressing the 'COLLECT' button at any time other than during:
The credit meter shall be maintained in credits or cash value. In addition, it must meet the following, where applicable:
If credits are collected, and the total credit value is greater than or equal to a specific limit (e.g., Printer Limit for printer games, etc.), the game shall lock up until the credits have been paid, and the handpay is cleared by an Attendant.
The game shall be capable of entering a lock-up condition if the sum of awards from a single game is equal to the 'Taxation Limit' and which requires an Attendant to clear.
A game is considered completed when the final transfer to the player's credit meter takes place (in case of a win), or when all credits Wagered or won that have not been transferred to the credit meter, are lost. The following are all considered to be part of a single game:
An Electronic Game of Skill may have player assistance or 'Auto Hold' features provided that the features may be disabled using a secure method.
Cash Tickets can be generated at an EGS through an internal document printer. Additionally, cashier/change booth issuance is permitted, if supported by the validation system. Payment by ticket printer as a method of credit redemption is only permissible when the EGS gaming device is linked to a computerized 'Ticket Validation System', which allows validation of the printed ticket. Validation approval or information shall come from the Ticket Validation System in order to validate tickets. Tickets may be validated at any location, as long as it meets the standards in this section. Provisions must be made if communication is lost, and validation information cannot be sent to the central system, thereby requiring the Manufacturer to have an alternate method of payment. The validation system must be able to identify duplicate tickets to prevent fraud by reprinting and redeeming a ticket that was previously issued by the EGS gaming device. A ticket shall contain the following printed information at a minimum, some of which may also be part of the validation number or barcode:
Tickets may be inserted in any EGS gaming device participating in the validation system providing that no credits are issued to the EGS gaming device prior to confirmation of ticket validity. The patron may also redeem a ticket at a cashier/change booth or other approved validation terminal.
Where the authorized game or system uses a Random Number Generator (RNG) to make selections, such RNG and the selections shall:
The Financial, Security and Game Auditing information that is maintained by the EGS memory must only be available to authorized personnel.
Electronic accounting meters shall be at least seven (7) digits in length. If the meter is being used in dollars and cents, at least nine (9) digits must be used for the dollar amount. The meter must roll over to zero upon the next occurrence any time the meter is seven (7) digits or higher and after 9,999,999 has been reached (or any other value that is logical). Occurrence meters shall be at least three (3) digits in length and roll over to zero upon the next occurrence any time the meter is higher than the maximum number of digits for that meter. The required electronic meters are as follows (accounting meters are designated with an asterisk '*'):
In addition to the Electronic Accounting Meters required above, each individual game available for play shall have at least "Amount Bet" and "Amount Won" meters in either credits or dollars. Even if a double-up game is lost, the initial win amount/credits bet amount shall be recorded in the game specific meters. Alternatively, there can be separate meters that account for the double-up information. Either way, the method of metering must be understood on the screen.
For each type of Double-up offered, there shall be two meters to indicate the amount doubled and the amount won, which should increment every time a Double-up occurs. If the EGS does not supply accounting for the Double-Up information, the feature must not be enabled for use.
All EGS must have the capacity to display a complete Transaction history for the most recent Transaction with a cashless Wagering system (this would include Tickets, Coupons, electronically transferred Promotional and/or Bonusing credits, etc.), and the previous thirty-four Transactions prior to the most recent Transaction that incremented any of the Accounting Meters.
An EGS, which contains a Bill Acceptor device, shall maintain sufficient electronic metering to be able to report the following:
An EGS that uses a Bill Acceptor shall retain in its memory and display the denomination of the last five (5) items accepted by the Bill Acceptor (including U.S. currency, Ticket Vouchers, Coupons, etc.)
Information on at least the last ten (10) games is to always be retrievable on the operation of a suitable external key-switch, or another secure method that is not available to the player. Last play information shall provide all information required to fully reconstruct the last ten (10) plays. All values shall be displayed, including the initial credits, credits bet, credits won, and credits paid. If a progressive was awarded, it is sufficient to indicate the progressive was awarded and not display the value. This information should include the final game outcome, including all player choices and bonus features. The results of Double-up (if applicable) should also be included. The Last Game Recall shall reflect bonus rounds in their entirety. If a bonus round lasts 'x number of events,' each with separate outcomes, each of the 'x events' shall be displayed with its corresponding outcome if the outcome results in an award. The recall shall also reflect position-dependent events if the outcome results in an award. For games that may have infinite free games, there shall be a minimum of fifty (50) games recallable.
All Program Storage Media (Writable/Non-Writable), including EPROMs, DVD, CD-ROM, Compact Flash and any other type of Program Storage Devices shall be clearly marked with sufficient information to identify the software and revision level of the information stored in the devices and shall only be accessible with access to the locked logic compartment, where applicable. In addition, if the program is copied to and executed from RAM, the game shall have a method to display the Program Storage Media identification information, on demand.
For Program Storage Media that are written to once (i.e., EPROM, CD), the following rules shall be met:
The values in (i) and (ii), above will constantly be re-evaluated based on technology advancements and new security methods available.
This section does not apply to EGS that function as part of a Game Download System, as defined within section 30.0. This section applies to EGS where the control program is capable of being erased and re-programmed without being removed from the EGS, Bill Acceptor or other equipment or related device, and such control program shall meet the following requirements:
The control program shall ensure the integrity of all critical program components that operate the EGS. The integrity checks must at a minimum occur during the execution of said components and the first time the files are loaded for use (even if only partially loaded), where applicable.
RAM and PSD (Program Storage Device) space that is not critical to machine security (e.g., video or sound ROM) are not required to be validated, although the Test Laboratory recommends a method be in place for the files to be tested for corruption. If any of the video or sound files contain payout amounts or other information needed by the player, the files or program storage must have a secure method of verification.
Critical memory storage shall be maintained by a methodology that enables errors to be identified and corrected in most circumstances. This methodology may involve signatures, Checksums, partial Checksums, multiple copies, timestamps and/or effective use of validity codes. Critical memory is used to store all data that is considered vital to the continued operation of the EGS. This includes, but is not limited to:
Comprehensive checks of Critical Memory shall be made during each EGS restart (e.g., power-up cycle). The EGS Control Program shall test for possible corruption of Critical Memory. Test methodology shall detect 99.99 percent of all possible failures. In addition, all Critical Memory (Non-Volatile) shall:
Following the initiation of a RAM Clear procedure (utilizing a certified RAM Clear method), the Game Program (EGS Control Program) shall execute a routine, which initializes each and every bit in RAM to the default state. For games that allow for partial RAM clears, the methodology in doing so must be accurate and the game must validate the un-cleared portions of RAM. The default reel position or game display after a RAM reset shall not be the top award on any selectable line. The default game display, upon entering game play mode, shall also not be the top award. This applies to the base game only and not any secondary bonus devices.
EGSs shall be capable of detecting and displaying the following error conditions and illuminate the tower light for each or sound an audible alarm, unless otherwise noted. They shall be cleared either by an Attendant (denoted by '*' - in these cases the EGS must cease play) or upon initiation of a new play sequence and be communicated to an on-line monitoring system:
For games that use error codes, a description of EGS error codes and their meanings shall be affixed inside the EGS. This does not apply to video-based games; however, video-based games shall display meaningful text as to the error conditions.
After a program interruption (e.g., power down), the software shall be able to recover to the state it was in immediately prior to the interruption occurring and:
When the EGS main door is opened, the game shall cease play, enter an error condition, display an appropriate error message, disable bill acceptance, and either sound an alarm or illuminate the tower light or both. When the EGS main door is closed, the game shall return to its original state and display an appropriate error message, until the next game has ended. The software shall be able to detect any meter access to the following doors or secure areas:
Each EGS and/or Bill Acceptor shall have the capability of detecting and displaying an Error Condition, for the conditions below. It is acceptable for the Bill Acceptor to disable or flash a light or lights to indicate the error has occurred, provided the information is communicated to the EGS and the Bill Acceptor disables:
Any credits on the EGS that are attempted to be transferred to the host system that is unsuccessful must provide for an alternate payment method or must require the EGS to enter an Error Condition that requires a HandPay by an Attendant.
All EGS must accurately implement a 'general accepted' communication protocol that must be compatible with the systems used. EGS must, at a minimum, communicate with the facilities Central Monitoring System.
The following are the events that EGS must immediately report to the Central Monitoring System, in real-time. All Accounting and Occurrence meters and Error Conditions as defined within these regulations that are not listed below must also be communicated to the Central Monitoring System although, not in real-time unless requested by the system itself:
EGS containing Ticket Printers must be communicating to a Ticket Validation System, which records the ticket information. Validation approval or information shall come from the Ticket Validation System in order to validate tickets. Provisions must be made if Communication is lost, and validation information cannot be sent to the Ticket Validation System, thereby requiring the EGS or the Franchise Holder's operations to have an alternate method of payment. The Ticket Printer shall print on a ticket and must provide the ticket data to a Ticket Validation System that records the following information regarding each payout ticket printed:
It shall not be possible to change a Configuration setting that causes an obstruction to the electronic accounting meters, affect the integrity of the EGS or communications with any of the associated systems, without a RAM Clear. Notwithstanding, any such change must be done by a secure means, which includes access to the locked logic area.
If in a test mode the game shall clearly indicate that it is in a test mode, not normal play, and:
EGS Gaming at Pari-Mutuel Wagering Facilities must at a minimum utilize an On-Line Monitoring System that maintains all financial and security data. The rules outlined within this section apply to all Critical Systems (systems that have an effect on the integrity of EGS Gaming.)
All Critical Systems must endure the following phases of tests:
An Interface Element, where applicable, is any component within a system that is external to the operations of the EGS that assists in the collection and processing of data that is sent to a system. All critical Interface Elements shall:
i All critical data Communication shall be Protocol based and/or incorporate an error detection and correction scheme to ensure an accuracy of ninety-nine percent (99%) or better of messages received; and
ii All critical data Communication that may affect revenue and is unsecured either in transmission or implementation shall employ encryption. The encryption Algorithm shall employ variable keys or similar methodology to preserve secure Communication.
System Server(s), networked system(s) or distributed system(s) that directs the overall operation and an associated Database(s) that stores all entered and collected system information, is considered the 'Server'. In addition, the Server shall:
If supported, System(s) may utilize password controlled remote access, provided the following requirements are met:
The On-Line Monitoring System must support either a hierarchical role structure whereby user and password define program or individual menu item access or logon program/device security based strictly on user and password or PIN. In addition, the On-Line Monitoring System shall not permit the alteration of any significant log information communicated from the EGS. Additionally, there should be a provision for system administrator notification and user lockout or audit trail entry, after a set number of unsuccessful login attempts.
The On-Line Monitoring System shall not permit the alteration of any accounting or significant event log information that was properly communicated from the EGS without supervised access controls. In the event financial data is changed, an audit log must be capable of being produced to document:
The System(s) shall have sufficient redundancy and modularity so that if any single component or part of a component fails, gaming can continue. There shall be redundant copies of each log file or system Database or both, with open support for Backups and restoration.
In the event of a catastrophic failure when the System(s) cannot be restarted in any other way, it shall be possible to reload the system from the last viable Backup point and fully recover the contents of that Backup, recommended to consist of at least the following information:
If supported, a System may utilize writable program storage technology to update
Interface Element software if all of the following requirements are met:
The above refers to loading of new system executable code only. Other program parameters may be updated as long as the process is securely controlled and subject to audit. The parameters will have to be reviewed on an individual basis.
The Systems must implement self monitoring of all critical Interface Elements (e.g. Central hosts, network devices, firewalls, links to third parties, etc.) and shall have the ability to effectively notify the system administrator of the condition, provided the condition is not catastrophic.
The On-Line Monitoring System shall communicate to all EGS for the purpose of gathering all financial data and security events. The On-Line Monitoring System may perform this sole function or may also incorporate other system functions that are addressed within this document. For systems that serve multiple purposes, each of the relevant sections herein shall apply.
At a minimum, an On-Line Monitoring System shall provide for the following Security and Audit ability requirements:
Metering information is generated on an EGS and collected by the Interface Element and sent to the On-Line Monitoring System via a Communication Protocol. This information may be either read directly from the EGS or relayed using a delta function. The On-Line Monitoring System must collect and store the following meter information from each EGS:
Please refer to the EGS Software Electronic Accounting and Occurrence Metering requirements for more detailed descriptions of the above meters. While these electronic accounting meters should be communicated directly from the EGS to the On-Line Monitoring System, it is acceptable to use secondary OnLine Monitoring System calculations where appropriate.
Reports will be generated on a schedule determined by the Commission which typically consists of daily, monthly, yearly period, and life to date reports generated from stored Database information. These reports at minimum will consist of the following:
It is acceptable to combine reporting data where appropriate (e.g., revenue, theoretical/actual comparison).
An On-Line Monitoring System must have an application or facility that captures and processes every Handpay message from each EGS and meet the following rules:
A Ticket Validation System may be entirely integrated into an On-Line Monitoring System or exist as an entirely separate entity. Payment by ticket printer as a method of credit redemption on an EGS is only permissible when the EGS is linked to an approved Ticket Validation System. Validation information shall be communicated from the system to the EGS using a secure Communication Protocol. This section concerns bi-directional Ticket Validation System specific requirements where a Ticket Validation System that is independent of an On-Line Monitoring System would also require the Security and Integrity standards previously outlined within this document, would also apply.
In the event there is a loss of communication between the EGS and the Ticket Validation System, an alternate method of payment must be provided either by the validation system possessing unique features (e.g., validity checking of ticket information in conjunction with a local Database storage) to identify duplicate tickets and prevent fraud by reprinting and redeeming a ticket that was previously issued by the EGS; or by use of an approved alternative method that will accomplish the same. Where EGS ticket generation is to be supported while not connected to the validation system, a ticket system must generate two different types of tickets at minimum. On-line and off-line types are denoted respectively by ticket generation either when the validation system and EGS are properly communicating or the validation system and EGS are not communicating properly. When a patron cashes out of an EGS that has lost Communication with the validation system, the EGS must lock up and, after reset, may print an off-line ticket or handpay receipt. The ticket or handpay receipt must be visually distinct from an on-line ticket either in format or content while still maintaining all information required.
A ticket can be generated at an EGS through an internal document printer, at a player's request, by redeeming all credits. Tickets that reflect partial credits may be issued automatically from an EGS. Additionally, cashier/change booth issuance is allowed if supported by the validation system.
Tickets may be inserted in any EGS participating in the validation system providing that no credits are issued to the EGS prior to confirmation of ticket validity. The customer may also redeem a ticket at a validation terminal (i.e., cashier/change booth, Redemption Terminal or other approved methods.) All validation terminals shall be user and password-controlled with the exception of a Redemption Terminal that does not require human interaction. Where the Validation is to take place at a Cashier/Change Booth, the cashier shall:
The Ticket Validation System must have the ability to identify duplicate tickets invalid tickets and notify the EGS to 'Reject' the ticket or advise the cashier that one of the following conditions exists:
The following reports shall be generated at a minimum and reconciled with all validated/redeemed tickets:
The requirements for 'b' & 'd' are waived where two-part tickets exist for the EGS, and where the first part is dispensed as an original ticket to the patron and the second part remains attached to the printer mechanism as a copy (on a continuous roll) in the EGS.
Once the validation information is stored in the Database, the data may not be altered in any way. The validation system Database must be encrypted or password-protected and should possess a non-alterable user audit trail to prevent unauthorized access. Further, the normal operation of any device that holds ticket information shall not have any options or methods that may compromise ticket information. Any device that holds ticket information in its memory shall not allow removing of the information unless it has first transferred that information to the Database or other secured component(s) of the validation system.
A Cashless System may be entirely integrated into an On-Line Monitoring System or exist as an entirely separate entity. Cashless systems may include Promotional, Bonusing or Player Account based systems.
The following sections outline the Error Conditions that apply to the Cashless
System, which must be monitored, and a message must be displayed to the patron at the host Card Reader for the following:
If a player initiates a cashless Transaction and that Transaction would exceed game configured limits (i.e. the credit limit, etc) then this Transaction may only be processed provided that the patron is clearly notified that he/she has received or deposited less than requested to avoid patron disputes.
The Communication process used by the EGS and the host system must be robust and stable enough to secure each cashless Transaction such that failure event(s) can be identified and logged for subsequent audit and reconciliation. In addition, Cashless systems must conform to the following Security Requirements:
The following minimal controls shall be implemented by the host system to ensure that games are prevented from responding to commands for crediting outside of properly authorized Cashless Transactions (hacking):
Controls must be in place for any diagnostic functionality available at the device such that all activity must be reported to the system that would reflect the specific account(s) and the individual(s) tasked to perform these diagnostics. This would allow all Cashless diagnostic activity that affect the EGS associated electronic meters to be audited by the EGS Section.
The Cashless system shall have the ability to produce logs for all pending and completed Cashless Transactions. These logs shall be capable of being filtered by:
The system shall have the ability to produce the following financial and player reports:
Current account balance information should be available on demand from any participating EGS via the associated Card Reader (or equivalent) after confirmation of patron identity and be presented, in terms of currency, to the patron.
A Progressive System is a computerized system linking EGS in one or more licensed facilities within the State of Arkansas and offering one or more common progressive payouts based on the amounts Wagered.
A progressive meter/display can be one or more progressive EGS (s) that are linked, directly or indirectly, to a display (e.g., mechanical, electrical, or electronic device, including the video display, if applicable) that shows the payoff which increments at a set rate of progression as credits are Wagered. For games that have progressives such as 'Mystery Jackpot', the payoff does not have to be displayed to the player, although there should be an indication as to this type of feature on the game. The following rules apply to all Progressive Meter displays:
Any device that has a feature that doubles or triples, etc. any win shall have a sign that states the progressive award will not be doubled or tripled if won during the feature, if this is the intention.
The requirements of this Section are intended to apply equally to one progressive EGS linked to a Progressive Controller or is internally controlled, as well as several progressive EGS linked to one Progressive Controller within one track or multiple tracks. A Progressive Controller is all of the hardware and software that controls all Communications among the devices that calculates the values of the progressives and displays the information within a progressive EGS link (if applicable, progressive EGS (s) may be internally controlled) and the associated progressive meter. This equipment includes but is not limited to PC-based computers, wiring, and collection Nodes, etc. The method by which system jackpot parameter values are modified or entered is to be secure. Progressive Controllers shall:
Any change to the jackpot amount must conform to the local Internal Control procedures.
Each device on the link shall have the same probability of winning the progressive, adjusted for the Denomination played. For instance, the probability shall remain the same for multiple Denomination games, based on the monetary value of the Wager (e.g., A two (2) credit $1 game has the probability of one (1) in 10,000 and a two (2) credit, $2 game on the same link has the probability one (1) in 5,000.)
Multi-site progressive EGS are interconnected in more than one Franchise Holder in Arkansas. The purpose of a Multi-site Progressive System is to offer a common progressive jackpot (system jackpot) at all participating locations. Multi-Site Progressive Systems shall meet the following regulations:
A Server-Based Game Download System (SBGDS) is the combination of an on-site Central Server, EGS and all Interface Elements that function collectively for the purpose of downloading EGS Game Content from the system's Central Server to the EGS, which may include:
The 'host' computer or Central Server is the primary source of the system controls and information. The control program is the software that operates the EGS functions, including the paytable(s) for the game. The Control Program can run independently of the SBGDS or may require information generated by the system to perform the EGS functions.
Each component of a SBGDS must function as indicated by the communication protocol implemented. All protocols must use communication techniques that have proper error detection and/or recovery mechanisms which are designed to prevent unauthorized access or tampering, employing Data Encryption Standards (DES) or equivalent encryption with secure seeds or algorithms. Any alternative measures will be reviewed on a case-by-case basis, with regulator approval.
In the event the Central Server is utilized in conjunction with other systems (i.e. On-Line Monitoring and Control Systems, Ticket Validation Systems, Progressive Systems, etc.), all communications, including Remote Access, must pass through at least one approved application-level firewall and must not have a facility that allows for an alternate network path.
Each SBGDS as submitted to the Test Laboratory will be examined thoroughly to ensure that the proposed field configuration is secure. The Test Laboratory will provide additional security recommendations within the final certification and on-site training to the regulators, if requested.
The firewall application (Firewall Network security barrier. A firewall is a device that guards the entrance to a private network and keeps out unauthorized or unwanted traffic) must maintain an audit log of the following information and must disable all communications and generate an error event if the audit log becomes full:
Remote Access, where permitted, shall authenticate all computer systems based on the authorized settings of the SBGDS or firewall application that establishes a connection with the SBGDS. The security of Remote Access will be reviewed on a case-by-case basis, in conjunction with the current technology and:
It is acknowledged that the system Manufacturer may, as needed, remotely access the SBGDS and its associated components for the purpose of product and user support, if permitted.
The Central Server must maintain an activity log depicting all Remote Access information that is to include the:
This Section describes the SBGDS requirements pertaining to the Central Server where the Central Servers may be used locally and applies only to the download of EGS Game Contents (The downloading of any data, with the exception of the Game Program or Random Values (where a Random Number Generator is stored on the Central Server, and communicates random numbers to the EGS that are required for the EGS to function, where the EGS Control Program is not independent of the Central Server)) from the Central Server to the EGS . In the case where the SBGDS Central Server also performs tasks as required by other systems, (i.e. On-Line Monitoring and Control System, Ticket Validation System, etc) those portions do not apply to the these Technical Standards and would have to be evaluated against the appropriate standard.
Where applicable, the Game Program Library shall only be written to, with secure access that is controlled by the Commission or its designee, in which case the Manufacturer and/or operator will be able to access the Game Program Library, provided that this access does not permit adding or deleting Game Programs; or the Game Program Library shall only be written to using the method that is acceptable by the Test Laboratory and Commission.
Any changes that are made to the Game Program Library, including the addition, changing or deletion of Game Programs, must be stored in an un-alterable audit log, which shall include:
EGS used in a SBGDS environment that have alterable configurations that require Regulatory Control, as outlined within the EGS Requirements may be waived provided that the rules within this section are met.
EGS Control Programs that offer multiple paytables and/or Denominations that can be configured via the Central Server will not require Regulatory Control to change the paytable selected, provided:
The process of clearing RAM on the EGS via the SBGDS must utilize a secure method that would require Regulatory Control. For systems that do not comply with this rule, the method used must be approved by the Commission.
The Central Server generation of Random Values does not include the generation of game outcomes.
In the event the SBGDS has the ability to download Random Values to the EGS where Elements of a SBGDS that may be utilized for the generation of Random Values, which are subsequently communicated to the EGS Control Program that is required for the determination of game outcomes, the Random Number Generator shall function in accordance with the 99% confidence levels, as outlined within the Randomness Requirements of these Standards.
Kiosks are only to be used for the purpose of accepting, validating and providing payment for tickets inserted. Kiosks may incorporate other functions that would not have any effect on the integrity of gaming, with the exception of Automated Teller Machine functionality. Kiosks must use a Communication Protocol that will not permit the Kiosk to write directly to the system Database and only process payments based on commands from the system. Redemption Kiosks shall meet the EGS Hardware Requirements for Security and Player Safety, as previously outlined.
Kiosks must be capable of detecting and displaying the following Error Conditions. The Error Condition must illuminate the tower light or sound an audible alarm. This requirement may be substituted for a notification system that alerts staff of Error Conditions. The Kiosk shall be able to recover to the state it was in immediately prior to any interruption that occurred, including during payment. Error Conditions requiring Attendant intervention are denoted by '*':
If the Redemption Kiosk uses error codes instead of a text explanation of the Error Conditions, a description of error codes and their meanings must be affixed on the inside of the Redemption Kiosk.
If any of the above Error Conditions occur during the acceptance and/or escrowing of a ticket voucher, the ticket voucher must be returned to the patron without a status change on the Validation System or, once the Error Condition is cleared, proceed to pay the patron and have a status of 'Redeemed' on the system.
There shall be a maximum ticket value that can be paid by a kiosk or have available the ability to select the maximum amount.
Metering information is maintained in critical memory at the Redemption Kiosk. The Redemption Kiosk must maintain the following Meters, which can be by Denomination:
The Redemption Kiosk must not have a mechanism whereby an unauthorized user can cause the loss of stored accounting Meter information.
Logs must be maintained in critical memory or on a paper log (see NOTE, below within this section) housed within the Redemption Kiosk that consists of the following:
NOTE: If the device utilizes a printer to record the information required within this section, the printer must be capable of monitoring any Printer Fault (i.e., 'Printer Disconnected', 'Paper Jam', 'Out of Paper', etc.)
Tickets may only be accepted when the Kiosk is communicating with the system. Tickets inserted into a kiosk must be rejected when the system link is down and Payment shall only be made when the ticket is 'Stacked' within the Bill Stacker.
This section shall address security precautions and minimum recommendations that govern Wireless Networks.
Should a wireless Ethernet Communication solution be adopted, then additional security precautions must be taken. The current wireless Ethernet technology (Wi-Fi) is vulnerable and should not be considered secure. If Wi-Fi is chosen as the Communication method for your system, the following recommendations are to be considered minimum recommendations and not restrictions:
The wired LAN (Local Area Network) must be isolated from the wireless (WLAN) Network through the layering of additional Network security methods.
006.06.06 Ark. Code R. 001