S.D. Admin. R. 20:18:17:41.04

Current through Register Vol. 51, page 67, December 16, 2024
Section 20:18:17:41.04 - Prevention of unauthorized access or transactions

The following minimal internal controls must be implemented to ensure that each game is prevented from responding to any command for crediting outside of a properly authorized cashless transaction:

(1) Secure the hubs, services, and connection ports in a locked and monitored room or area to prevent unauthorized access to the network and prevent access to any node without valid login and password;
(2) Limit the number of stations where critical cashless applications or associated databases may be accessed;
(3) Limit the number of users that have permission to adjust critical parameters; and
(4) Identify and flag suspect wagering accounts to prevent unauthorized use by:
(A) Establishing a maximum of three successive, incorrect secure personal identification code or number entries before account lockout;
(B) Flagging hot accounts where cards or authentication credentials have been stolen;
(C) Invalidating accounts and transferring balances into a new account;
(D) Establishing limits for maximum cashless activity or overall gaming activities in and out as a global or individual variable to preclude money laundering.
(E) Monitoring cashless devices for funds transferred into the cashless device from one wagering account, then transferred out to another wagering account; and
(F) Monitoring wagering accounts for opening and closing in short time frames and for deposits and withdrawal without associated game play transactions.

S.D. Admin. R. 20:18:17:41.04

36 SDR 22, effective 8/18/2009; 48 SDR 014, effective 8/22/2021

General Authority: SDCL 42-7B-7, 42-7B-11(13).

Law Implemented: SDCL 42-7B-2.1(1), 42-7B-43.