006.06.10 Ark. Code R. 001
Preamble
These regulations apply only to the Electronic Games of Skill operations at licensed Pari-mutuel franchises, as authorized by Act 1151 of 2005. The provisions of this Act are located in the Arkansas Code and codified as A.C.A. § 23-113-201. They were developed by Gaming Laboratories International, Inc. with the input of the Arkansas Racing Commission, the staff of the Department of Finance and Administration. Comments from suppliers of electronic games of skill and the general public were also considered in the drafting of this document. The regulations were adopted under the provisions of A.C.A. §§ 25-15-201 through 25-15-218. Associated with, but not part of these regulations, are "appendices."
The purpose of the appendices is to provide pertinent material that is subject to frequent change, particularly forms that are related to licensing. Although appendices are documents that enable the enforcement of regulations, they are located outside the body of this document. This will permit the ability to change and update forms, procedures and processes to conform to changes without making policy/regulatory changes. Such changes are considered to be technical in nature and, therefore, will not necessitate invoking the rule making process.
The appendices are designated by a "P" followed by a hyphen, and then with a reference number of the Section number to which is refer or supports.
Example: P 1-13-17(a) would be a "Personal History Disclosure form.
Appendices contain such items as:
Index of forms and appendices
Forms
Examples
Instructions
Key to abbreviations and acronyms
Frequently asked questions (FAQs)
The Games of Skill Regulations and Appendices reside on the Department of Finance and Administration's (DFA), Racing Division's web site at http://www.arkansas.gov/dfa/racing/rc_index.html, and are also available in printed form upon request. Requests for printed copies may be made in the form of an e-mail to the Manager of the Racing Division (listed on web site) or by U.S. Mail at P.O Box 3076, Little Rock, AR 72203 or by telephone at 501-682-1467.
The Arkansas Racing Commission and the offices of the Department of Finance and Administration adhere to the spirit and letter of the Freedom of Information Act of 1967 as stated in ACA§ 25-19-101 et seq.
The following words and terms, when used in these regulations, shall have the following meanings unless the context clearly indicates otherwise:
License shall be determined by the Commission; provided that the application fee shall not be more than $1,000 a year. This does not include the actual cost of the investigation(s), which is to be billed to and paid by the applicant to the Commission.
Except as otherwise approved by the Commission, any person or entity who carries out or will carry out, or has or will have any of the functions mentioned in Section 14.4 shall obtain a Key Employee License; or who carries out functions specified in Section 14.5 shall obtain a General Employee License before commencing work with a Franchise Holder. The lists contained in Sections 14.4 and 14.5 of these regulations are not all-inclusive but illustrative.
Any person or entity who is going to be employed by the Franchise Holder in a position which includes any of the following responsibilities or powers, independently of the title, shall obtain a Key Employee License:
Any natural person who is going to be employed by the Franchise Holder in a position which includes any of the following responsibilities related to the operations of the Franchise Holder, or whose responsibilities predominantly involve the maintenance or the operation of EGS gaming activities or equipment and assets associated with the same, or who is required to work regularly in restricted EGS areas shall obtain a General Employee License. Said persons shall include, but not be limited to, any person who:
Any holder of an Employee License shall renew his license by filing with the Commission an application for renewal of his Employee License. The completed renewal application shall be filed with the Commission no later than 60 days prior to expiration of the license.
Every applicant for an Employee License shall establish his/her identity with reasonable certainty by providing the necessary Identification Credentials.
The fees payable for the initial or renewal application for Employee Licenses shall be determined by the Commission. Applications for an initial license and every third year after initial license will be required to pay to the Commission a fee to cover the costs related to obtaining background investigations and reports. Applications for an initial license and every third year after initial license will be required to pay to the Commission a fee to cover the costs related to obtaining background investigations and reports.
No employee with an expired license shall work in a position or shall exercise functions for which such license is required, with the understanding that if such employee is found working without a current and valid license, the employee, as well as the Franchise Holder or person or entity employing the employee shall be subject to sanctions as established by the Commission.
Such factors shall only-go to the degree of the civil penalty to be imposed by the Commission.
The following words and terms, when used in this section, shall have the following meanings unless the context clearly indicates otherwise.
Franchise Holder's premises.
The Racing Commission shall, on its own initiative, or upon referral by the Franchise Holder, investigate or review any individual who would appear to be an appropriate candidate for placement on the exclusion list. An agent or other representative of the Racing Commission may conduct the investigation and place any candidate for exclusion on the list and notify that person. The Commission administrator or designee shall, within 30 days of placement thereon, affirm the decision of the Racing Commission representative to place an individual on the exclusion list, or the person's name shall be removed from the list.
Franchise Holder each quarter shall report and remit to the EGS Section of the Arkansas Racing Commission all winnings withheld from patrons who are determined to be less than 21 years of age.
The license of any person issued pursuant to the provisions of Act 1151 of 2005 or these regulations, who is found by the Racing Commission to have intentionally allowed a person less than 21 years of age to play or operate an EGS shall be subject to sanction including the implementation of a fine, suspension or revocation at the discretion of the Commission.
There shall be, for the exclusive use of the Commission agents, office space at each Franchise Holder's licensed premises for monitoring and recording purposes. The designation of the EGS office shall be approved by the Commission.
each Franchise Holder shall maintain the following records regarding the equity structure and owners:
Franchise Holders shall report to the Commission essential details of any loans, borrowings, significant installment contracts with a value of over $25,000 per year, guarantees, leases, or capital contributions at least annually.
Commission. The log(s) shall be maintained by surveillance room personnel in the surveillance room. The Commission staff and other staff authorized by the Commission shall have access at all times to the log(s). A log(s) entry shall be made in the surveillance log(s) of each surveillance activity. The following information shall be recorded in the Surveillance Log(s):
The internal controls submitted and subsequently approved by the Commission must include the accounting controls to protect the cashier's cage and satellite cage assets.
A Franchise Holder shall not exchange cash for cash with or on behalf of a patron in any Transaction in which the amount of the exchange is more than $3,000.
Each Franchise Holder shall follow all Federal Law regarding SARC and FinCEN.
The EGS shall be robust enough to withstand forced illegal entry, unless such entry causes an error condition, and which does not affect the subsequent play or any other play, prize or aspect of the game. The following rules shall apply to the EGS access areas:
Electrical and mechanical parts and design principles of the EGS may not subject a player to any physical hazards.
The Laboratory will perform certain tests to determine whether or not outside influences affect EGS game fairness to the player or create cheating opportunities. Electrical Testing shall be performed by a Test Laboratory that specializes in that type of testing for health or safety matters. Electrical Testing is the responsibility of the Manufacturer, purchaser, and operator of the equipment. An EGS shall be able to withstand the following tests, resuming game play without operator intervention:
An EGS shall have a not easily removable, without leaving evidence of tampering, identification badge, permanently affixed to the exterior of the cabinet by the Manufacturer, and this badge shall include the following information:
The EGS must have a light located conspicuously on top of the EGS that automatically illuminates when a player is redeeming credits that the EGS cannot automatically pay, or an Error Condition has occurred, or a 'Call Attendant' condition has been initiated by the player. This requirement may be substituted for an audible alarm for 'bar-top' style games where multiple terminals share a common Tower Light.
An on/off switch that controls the electrical current shall be located in a place which is readily accessible within the interior of the machine so that power cannot be disconnected from outside of the machine using the on/off switch. The on/off positions of the switch shall be labeled.
The logic compartment is a locked cabinet area with its own locked door that is separate from any external door lock. Logic Compartment(s) are area(s) within an EGS that house(s) Critical Electronic Components (components that have the potential to significantly influence the operation of the EGS), which would include:
All currency compartments shall be locked separately from the main cabinet area. Currency Compartments must also meet the following rules:
The EGS shall be designed so that power and data cables into and out of the EGS can be routed so that they are not accessible to the general public. This is for game integrity reasons only, not for health and safety. Security-related wires and cables that are routed into a Logic Compartment shall not be able to be easily removed.
The EGS shall not be adversely affected, other than resets, by surges or dips of ± 20% of the supply voltage. It is acceptable for the equipment to reset provided no damage to the equipment or loss or corruption of data occurs.
EGS must be controlled by one (1) or more Microprocessors or the equivalent in such a manner that the game is controlled by the Microprocessor.
For printer games, the printer shall be located in a locked area of the EGS (e.g., require opening of the main door to access), with the exception of a logic area or the drop box. This requirement ensures that changing the paper does not require access to the drop (cash) or logic areas containing Critical Electronic Components. Ticket Printers shall be interfaced in such a way as to allow the EGS Control program to interpret and act when the Ticket Printer is out of paper or low on paper, there is a printer jam or failure or the printer is disconnected.
Each Printed Circuit Board (PCB) shall be identifiable by some sort of name (or number) and revision level and:
If the game has mechanical or electro-mechanical devices, which are used for displaying game outcomes, the following rules shall be observed:
Games that have video monitors must meet the following rules, as applicable:
All acceptance devices shall be able to detect the entry of valid bills, coupons, Ticket Vouchers, or other approved notes, and provide a method, utilizing a bidirectional communication protocol, to enable the EGS software to interpret and act appropriately upon a valid or invalid input. The acceptance device(s) shall be electronically-based and in a highly accurate manner, ensure that only valid bills of legal tender are accepted. The bill input system shall be constructed in a manner that protects against vandalism, abuse, or fraudulent activity. In addition, bill acceptance device(s) shall only register credits when:
If Bill Acceptors are designed to be factory set only, it shall not be possible to access or conduct maintenance or adjustments to those Bill Acceptors in the field, other than:
Payglasses or video displays shall be clearly identified and shall accurately state the rules of the game and the award that will be paid to the player when the player obtains a specific win. The payglasses or video displays shall clearly indicate whether awards are designated in credits, currency, or some other unit. The Denomination being played shall be clearly displayed. The EGS gaming device shall reflect any change in award value, which may occur in the course of play. This may be accomplished with a digital display in a conspicuous location of the EGS gaming device, and the game must clearly indicate as such. All paytable information should be able to be accessed by a player, prior to them committing to a bet. Pay glasses or video displays shall not be certified if the information is inaccurate or may cause confusion. The "reasonable player" standard shall be used for evaluation:
An EGS shall display, or shall have displayed on the glass, the following information to the player at all times the machine is available for player input:
Each individual line to be played shall be clearly indicated by the EGS so that the player is in no doubt as to which lines are being bet on. In addition, the winning playline(s) shall be clearly discernable to the player (e.g., on a video game it may be accomplished by drawing a line over the symbols on the playline(s) and/or the flashing of winning symbols and line selection box. Where there are wins on multiple lines, each winning playline may be indicated in turn. This would not apply to games that use mechanical reels).
The following rules apply to EGS that offer more than one (1) game to be played:
Games offering merchandise prizes shall display the amount of merchandise prize clearly to the player on the EGS that is offering the prize.
The highest single advertised payout on each gaming device shall occur, statistically, at least once in 100,000,000 games. This does not apply to multiple awards won together on the same game play where the aggregate prize is not advertised. This odds rule shall not apply to games which make it possible for a player to win the highest win multiple times through the use of free games. This rule does apply to each Wager that wins the maximum award.
Available credits may be collected from the EGS by the player pressing the 'COLLECT button at any time other than during:
The credit meter shall be maintained in credits or cash value. In addition, it must meet the following, where applicable:
If credits are collected, and the total credit value is greater than or equal to a specific limit (e.g., Printer Limit for printer games, etc.), the game shall lock up until the credits have been paid, and the handpay is cleared by an Attendant.
The game shall be capable of entering a lock-up condition if the sum of awards from a single game is equal to the Taxation Limit' and which requires an Attendant to clear.
A game is considered completed when the final transfer to the player's credit meter takes place (in case of a win), or when all credits Wagered or won that have not been transferred to the credit meter, are lost. The following are all considered to be part of a single game:
An Electronic Game of Skill may have player assistance or 'Auto Hold' features provided that the features may be disabled using a secure method.
Cash Tickets can be generated at an EGS through an internal document printer. Additionally, cashier/change booth issuance is permitted, if supported by the validation system. Payment by ticket printer as a method of credit redemption is only permissible when the EGS gaming device is linked to a computerized Ticket Validation System', which allows validation of the printed ticket. Validation approval or information shall come from the Ticket Validation System in order to validate tickets. Tickets may be validated at any location, as long as it meets the standards in this section. Provisions must be made if communication is lost, and validation information cannot be sent to the central system, thereby requiring the Manufacturer to have an alternate method of payment. The validation system -must be able to identify duplicate tickets to prevent fraud by reprinting and redeeming a ticket that was previously issued by the EGS gaming device. A ticket shall contain the following printed information at a minimum, some of which may also be part of the validation number or barcode:
Tickets may be inserted in any EGS gaming device participating in the validation system providing that no credits are issued to the EGS gaming device prior to confirmation of ticket validity. The patron may also redeem a ticket at a cashier/change booth or other approved validation terminal.
Where the authorized game or system uses a Random Number Generator (RNG) to make selections, such RNG and the selections shall:
The Financial, Security and Game Auditing information that is maintained by the EGS memory must only be available to authorized personnel.
Electronic accounting meters shall be at least seven (7) digits in length. If the meter is being used in dollars and cents, at least nine (9) digits must be used for the dollar amount. The meter must roll over to zero upon the next occurrence any time the meter is seven (7) digits or higher and after 9,999,999 has been reached (or any other value that is logical). Occurrence meters shall be at least three (3) digits in length and roll over to zero upon the next occurrence any time the meter is higher than the maximum number of digits for that meter. The required electronic meters are as follows (accounting meters are designated with an asterisk '*'):
In addition to the Electronic Accounting Meters required above, each individual game available for play shall have at least "Amount Bet" and "Amount Won" meters in either credits or dollars. Even if a double-up game is lost, the initial win amount/credits bet amount shall be recorded in the game specific meters. Alternatively, there can be separate meters that account for the double-up information. Either way, the method of metering must be understood on the screen.
For each type of Double-up offered, there shall be two meters to indicate the amount doubled and the amount won, which should increment every time a Double-up occurs. If the EGS does not supply accounting for the Double-Up information, the feature must not be enabled for use.
All EGS must have the capacity to display a complete Transaction history for the most recent Transaction with a cashless Wagering system (this would include Tickets, Coupons, electronically transferred Promotional and/or Bonusing credits, etc.), and the previous thirty-four Transactions prior to the most recent Transaction that incremented any of the Accounting Meters.
An EGS, which contains a Bill Acceptor device, shall maintain sufficient electronic metering to be able to report the following:
An EGS that uses a Bill Acceptor shall retain in its memory and display the denomination of the last five (5) items accepted by the Bill Acceptor (including U.S. currency, Ticket Vouchers, Coupons, etc.)
Information on at least the last ten (10) games is to always be retrievable on the operation of a suitable external key-switch, or another secure method that is not available to the player. Last play information shall provide all information required to fully reconstruct the last ten (10) plays. All values shall be displayed, including the initial credits, credits bet, credits won, and credits paid. If a progressive was awarded, it is sufficient to indicate the progressive was awarded and not display the value. This information should include the final game outcome, including all player choices and bonus features. The results of Double-up (if applicable) should also be included. The Last Game Recall shall reflect bonus rounds in their entirety. If a bonus round lasts 'x number of events,' each with separate outcomes, each of the 'x events' shall be displayed with its corresponding outcome if the outcome results in an award. The recall shall also reflect position-dependent events if the outcome results in an award. For games that may have infinite free games, there shall be a minimum of fifty (50) games recallable.
All Program Storage Media (Writable/Non-Writable), including EPROMs, DVD, CD-ROM, Compact Flash and any other type of Program Storage Devices shall be clearly marked with sufficient information to identify the software and revision level of the information stored in the devices and shall only be accessible with access to the locked logic compartment, where applicable. In addition, if the program is copied to and executed from RAM, the game shall have a method to display the Program Storage Media identification information, on demand.
For Program Storage Media that are written to once (i.e., EPROM, CD), the following rules shall be met:
The values in (i) and (ii), above will constantly be re-evaluated based on technology advancements and new security methods available.
This section does not apply to EGS that function as part of a Game Download System, as defined within section 30.0. This section applies to EGS where the control program is capable of being erased and re-programmed without being removed from the EGS, Bill Acceptor or other equipment or related device, and such control program shall meet the following requirements:
The control program shall ensure the integrity of all critical program components that operate the EGS. The integrity checks must at a minimum occur during the execution of said components and the first time the files are loaded for use (even if only partially loaded), where applicable.
RAM and PSD (Program Storage Device) space that is not critical to machine security (e.g., video or sound ROM) are not required to be validated, although the Test Laboratory recommends a method be in place for the files to be tested for corruption. If any of the video or sound files contain payout amounts or other information needed by the player, the files or program storage must have a secure method of verification.
Critical memory storage shall be maintained by a methodology that enables errors to be identified and corrected in most circumstances. This methodology may involve signatures, Checksums, partial Checksums, multiple copies, timestamps and/or effective use of validity codes. Critical memory is used to store all data that is considered vital to the continued operation of the EGS. This includes, but is not limited to:
Comprehensive checks of Critical Memory shall be made during each EGS restart (e.g., power-up cycle). The EGS Control Program shall be continuously monitored for possible corruption of Critical Memory. In addition, it is recommended that a trip redundancy check be implemented. Test methodology shall detect 99.99 percent of all possible failures. In addition, all Critical Memory (Non-Volatile) shall:
Following the initiation of a RAM Clear procedure (utilizing a certified RAM Clear method), the Game Program (EGS Control Program) shall execute a routine, which initializes each and every bit in RAM to the default state. For games that allow for partial RAM clears, the methodology in doing so must be accurate and the game must validate the un-cleared portions of RAM. The default reel position or game display after a RAM reset shall not be the top award on any selectable line. The default game display, upon entering game play mode, shall also not be the top award. This applies to the base game only and not any secondary bonus devices.
EGSs shall be capable of detecting and displaying the following error conditions and illuminate the tower light for each or sound an audible alarm, unless otherwise noted. They shall be cleared either by an Attendant (denoted by '*' - in these cases the EGS must cease play) or upon initiation of a new play sequence and be communicated to an on-line monitoring system:
For games that use error codes, a description of EGS error codes and their meanings shall be affixed inside the EGS. This does not apply to video-based games; however, video-based games shall display meaningful text as to the error conditions.
After a program interruption (e.g., power down), the software shall be able to recover to the state it was in immediately prior to the interruption occurring and:
When the EGS main door is opened, the game shall cease play, enter an error condition, display an appropriate error message, disable bill acceptance, and either sound an alarm or illuminate the tower light or both. When the EGS main door is closed, the game shall return to its original state and display an appropriate error message, until the next game has ended. The software shall be able to detect any meter access to the following doors or secure areas:
Each EGS and/or Bill Acceptor shall have the capability of detecting and displaying an Error Condition, for the conditions below. It is acceptable for the Bill Acceptor to disable or flash a light or lights to indicate the error has occurred, provided the information is communicated to the EGS and the Bill Acceptor disables:
Any credits on the EGS that are attempted to be transferred to the host system that is unsuccessful must provide for an alternate payment method or must require the EGS to enter an Error Condition that requires a HandPay by an Attendant.
All EGS must accurately implement a 'general accepted' communication protocol that must be compatible with the systems used. EGS must, at a minimum, communicate with the facilities Central Monitoring System.
The following are the events that EGS must immediately report to the Central Monitoring System, in real-time. All Accounting and Occurrence meters and Error Conditions as defined within these regulations that are not listed below must also be communicated to the Central Monitoring System although, not in real-time unless requested by the system itself:
EGS containing Ticket Printers must be communicating to a Ticket Validation System, which records the ticket information. Validation approval or information shall come from the Ticket Validation System in order to validate tickets. Provisions must be made if Communication is lost, and validation information cannot be sent to the Ticket Validation System, thereby requiring the EGS or the Franchise Holder's operations to have an alternate method of payment. The Ticket Printer shall print on a ticket and must provide the ticket data to a Ticket Validation System that records the following information regarding each payout ticket printed:
It shall not be possible to change a Configuration setting that causes an obstruction to the electronic accounting meters, affect the integrity of the EGS or communications with any of the associated systems, without a RAM Clear. Notwithstanding, any such change must be done by a secure means, which includes access to the locked logic area.
If in a test mode the game shall clearly indicate that it is in a test mode, not normal play, and:
If residual credits exist a Ticket/Voucher shall be printed to remove the residual credits or return the credits to the player's credit meter for betting.
If a residual credits removal game play feature exists the residual credits bet shall be added to the Amounts wagered or Cash in mater.
If a residual credits removal game play feature is won the credits won shall be either put back to the player's credit meter or automatically paid to the player by ticker/voucher and the value shall be added to the Amounts Won or Credit Out meter.
If residual credits are removed in other means (cancelled credit, handpay, etc.) the appropriate meters shall reflect the residual credit removal.
If residual credits removal play is available it must meet all payback percentage and game recall requirements outlined within this document.
EGS Gaming at Pari-Mutuel Wagering Facilities must at a minimum utilize an On-Line Monitoring System that maintains all financial and security data. The rules outlined within this section apply to all Critical Systems (systems that have an effect on the integrity of EGS Gaming.)
All Critical Systems must endure the following phases of tests:
An Interface Element, where applicable, is any component within a system that is external to the operations of the EGS that assists in the collection and processing of data that is sent to a system. All critical Interface Elements shall:
System Server(s), networked system(s) or distributed system(s) that directs the overall operation and an associated Database(s) that stores all entered and collected system information, is considered the 'Server'. In addition, the Server shall:
If supported, System(s) may utilize password controlled remote access, provided the following requirements are met:
The On-Line Monitoring System must support either a hierarchical role structure whereby user and password define program or individual menu item access or logon program/device security based strictly on user and password or PIN. In addition, the On-Line Monitoring System shall not permit the alteration of any significant log information communicated from the EGS. Additionally, there should be a provision for system administrator notification and user lockout or audit trail entry, after a set number of unsuccessful login attempts.
The On-Line Monitoring System shall not permit the alteration of any accounting or significant event log information that was properly communicated from the EGS without supervised access controls. In the event financial data is changed, an audit log must be capable of being produced to document:
The System(s) shall have sufficient redundancy and modularity so that if any single component or part of a component fails, gaming can continue. There shall be redundant copies of each log file or system Database or both, with open support for Backups and restoration.
In the event of a catastrophic failure when the System(s) cannot be restarted in any other way, it shall be possible to reload the system from the last viable Backup point and fully recover the contents of that Backup, recommended to consist of at least the following information:
If supported, a System may utilize writable program storage technology to update Interface Element software if all of the following requirements are met:
The above refers to loading of new system executable code only. Other program parameters may be updated as long as the process is securely controlled and subject to audit. The parameters will have to be reviewed on an individual basis.
The Systems must implement self monitoring of all critical Interface Elements (e.g. Central hosts, network devices, firewalls, links to third parties, etc.) and shall have the ability to effectively notify the system administrator of the condition, provided the condition is not catastrophic.
The On-Line Monitoring System shall communicate to all EGS for the purpose of gathering all financial data and security events. The On-Line Monitoring System may perform this sole function or may also incorporate other system functions that are addressed within this document. For systems that serve multiple purposes, each of the relevant sections herein shall apply.
At a minimum, an On-Line Monitoring System shall provide for the following Security and Audit ability requirements:
Metering information is generated on an EGS and collected by the Interface Element and sent to the On-Line Monitoring System via a Communication Protocol. This information may be either read directly from the EGS or relayed using a delta function. The On-Line Monitoring System must collect and store the following meter information from each EGS:
Please refer to the EGS Software Electronic Accounting and Occurrence Metering requirements for more detailed descriptions of the above meters. While these electronic accounting meters should be communicated directly from the EGS to the On-Line Monitoring System, it is acceptable to use secondary On-Line Monitoring System calculations where appropriate.
Reports will be generated on a schedule determined by the Commission which typically consists of daily, monthly, yearly period, and life to date reports generated from stored Database information. These reports at minimum will consist of the following:
It is acceptable to combine reporting data where appropriate (e.g., revenue, theoretical/actual comparison).
An On-Line Monitoring System must have an application or facility that captures and processes every Handpay message from each EGS and meet the following rules:
A Ticket Validation System may be entirely integrated into an On-Line Monitoring System or exist as an entirely separate entity. Payment by ticket printer as a method of credit redemption on an EGS is only permissible when the EGS is linked to an approved Ticket Validation System. Validation information shall be communicated from the system to the EGS using a secure Communication Protocol. This section concerns bi-directional Ticket Validation System specific requirements where a Ticket Validation System that is independent of an On-Line Monitoring System would also require the Security and Integrity standards previously outlined within this document, would also apply.
If communications between a gaming device or a gaming device interface component and a system are lost, the gaming device or the gaming device interface component may continue to issue tickets/vouchers provided that, printed on the instrument, there is an authentication code derived by a HASH, or other secure encryption method of at least 128 bits, that will:
For cases where a suitable authentication code is not printed on the voucher, the system must print at most one wagering instrument after the gaming device or gaming device interface component to system communications have been lost.
A ticket can be generated at an EGS through an internal document printer, at a player's request, by redeeming all credits. Tickets that reflect partial credits may be issued automatically from an EGS. Additionally, cashier/change booth issuance is allowed if supported by the validation system.
Tickets may be inserted in any EGS participating in the validation system providing that no credits are issued to the EGS prior to confirmation of ticket validity. The customer may also redeem a ticket at a validation terminal (i.e., cashier/change booth, Redemption Terminal or other approved methods.) All validation terminals shall be user and password-controlled with the exception of a Redemption Terminal that does not require human interaction. Where the Validation is to take place at a Cashier/Change Booth, the cashier shall:
The Ticket Validation System must have the ability to identify duplicate tickets invalid tickets and notify the EGS to 'Reject' the ticket or advise the cashier that one of the following conditions exists:
The following reports shall be generated at a minimum and reconciled with all validated/redeemed tickets:
The requirements for 'b' & 'd' are waived where two-part tickets exist for the EGS, and where the first part is dispensed as an original ticket to the patron and the second part remains attached to the printer mechanism as a copy (on a continuous roll) in the EGS.
Once the validation information is stored in the Database, the data may not be altered in any way. The validation system Database must be encrypted or password-protected and should possess a non-alterable user audit trail to prevent unauthorized access. Further, the normal operation of any device that holds ticket information shall not have any options or methods that may compromise ticket information. Any device that holds ticket information in its memory shall not allow removing of the information unless it has first transferred that information to the Database or other secured component(s) of the validation system.
Beginning January 1, 2010 and continuing on each January 1 annually thereafter all EGS tickets/vouchers that (i) are more than one year old as of such January 1 and (ii) have not been presented for payment or otherwise redeemed prior to such January 1 shall become void at 12:01 a.m. on such January 1 of each year. All tickets/vouchers declared void under this rule shall become part of the net win and thus "net wagering revenues from electronic games of skill" on such January 1 date for purposes of the Local Option Horse Racing and Greyhound Racing Electronic Games of Skill Act (Ark Code Ann Section 23-113-101et seq).
A Cashless System may be entirely integrated into an On-Line Monitoring System or exist as an entirely separate entity. Cashless systems may include Promotional, Bonusing or Player Account based systems.
The following sections outline the Error Conditions that apply to the Cashless System, which must be monitored, and a message must be displayed to the patron at the host Card Reader for the following:
If a player initiates a cashless Transaction and that Transaction would exceed game configured limits (i.e. the credit limit, etc) then this Transaction may only be processed provided that the patron is clearly notified that he/she has received or deposited less than requested to avoid patron disputes.
The Communication process used by the EGS and the host system must be robust and stable enough to secure each cashless Transaction such that failure event(s) can be identified and logged for subsequent audit and reconciliation. In addition, Cashless systems must conform to the following Security Requirements:
The following minimal controls shall be implemented by the host system to ensure that games are prevented from responding to commands for crediting outside of properly authorized Cashless Transactions (hacking):
Controls must be in place for any diagnostic functionality available at the device such that all activity must be reported to the system that would reflect the specific account(s) and the individual(s) tasked to perform these diagnostics. This would allow all Cashless diagnostic activity that affect the EGS associated electronic meters to be audited by the EGS Section.
The Cashless system shall have the ability to produce logs for all pending and completed Cashless Transactions. These logs shall be capable of being filtered by:
The system shall have the ability to produce the following financial and player reports:
Current account balance information should be available on demand from any participating EGS via the associated Card Reader (or equivalent) after confirmation of patron identity and be presented, in terms of currency, to the patron.
A Progressive System is a computerized system linking EGS in one or more licensed facilities within the State of Arkansas and offering one or more common progressive payouts based on the amounts Wagered.
A progressive meter/display can be one or more progressive EGS (s) that are linked, directly or indirectly, to a display (e.g., mechanical, electrical, or electronic device, including the video display, if applicable) that shows the payoff which increments at a set rate of progression as credits are Wagered. For games that have progressives such as 'Mystery Jackpot', the payoff does not have to be displayed to the player, although there should be an indication as to this type of feature on the game. The following rules apply to all Progressive Meter displays:
The requirements of this Section are intended to apply equally to one progressive EGS linked to a Progressive Controller or is internally controlled, as well as several progressive EGS linked to one Progressive Controller within one track or multiple tracks. A Progressive Controller is all of the hardware and software that controls all Communications among the devices that calculates the values of the progressives and displays the information within a progressive EGS link (if applicable, progressive EGS (s) may be internally controlled) and the associated progressive meter. This equipment includes but is not limited to PC-based computers, wiring, and collection Nodes, etc. The method by which system jackpot parameter values are modified or entered is to be secure. Progressive Controllers shall:
Any change to the jackpot amount must conform to the local Internal Control procedures.
Each device on the link shall have the same probability of winning the progressive, adjusted for the Denomination played. For instance, the probability shall remain the same for multiple Denomination games, based on the monetary value of the Wager (e.g., A two (2) credit $1 game has the probability of one (1) in 10,000 and a two (2) credit, $2 game on the same link has the probability one (1) in 5,000.)
Multi-site progressive EGS are interconnected in more than one Franchise Holder in Arkansas. The purpose of a Multi-site Progressive System is to offer a common progressive jackpot (system jackpot) at all participating locations. Multi-Site Progressive Systems shall meet the following regulations:
NOTE: Credits contributed to the system after the jackpot occurs in real-time, but during the same polling cycle, shall be deemed to have been contributed to the progressive amount prior to the jackpot. Credits contributed to the system subsequent to the jackpot message being received, as well as credits contributed to the system before the jackpot message is received by the system, but registered after the jackpot message is received at the system, will be deemed to have been contributed to the progressive amount of the next jackpot, if applicable.
A Client-Server System (CSS) can be fragmentally defined as a Server-Based Game System (SBGS), a Server-Supported Game System (SSGS) or a hybrid of the two, all of which can be defined as the combination of a Central Server, Client Terminals and all Interface Elements that function collectively for the purpose of linking the client terminal with the Central Server to perform a myriad of functions related to gaming, which may include, but are not limited to:
The communication network may be totally contained within a single venue (LAN) or over a wide area network (WAN) whereby a server in one location supports client terminals in multiple sites.
SBGS is the combination of a server and client terminals in which the entire or integral portion of game content resides on the server. This system works collectively in a fashion in which the client terminal will not be capable of functioning when disconnected from the system.
SSGS is the combination of a server and client terminal(s) which together allow the transfer of the entire control program and game content to the client terminal(s) for the purpose of downloading control programs and other software resources to the client terminal on an intermittent basis. The client terminals connected to the system are capable of operating independently from the system once the downloading process has been completed. This configuration encompasses cases where the system may take control of peripheral devices or associated equipment typically considered part of a conventional client terminal such as a bill validator or a printer. In a System Supported Game, game outcome is determined by the client terminals connected to the system and not by the system itself. The client terminal is capable of functioning if disconnected from the system.
Each component of a CSS must function as indicated by the communication protocol implemented. All protocols must use communication techniques that have proper error detection and/or recovery mechanisms, which are designed to prevent tempering. Information related, game outcome, financial transactions, and game recall information must be encrypted by a means approved by the Commission.
For a Server-Based Game System (SBGS), a client must be rendered unplayable if communication from the server or system portion of the client terminal is lost. If a game is in progress either the client terminal must have the capability to complete the game including accurate accounts of all records of the game or a mechanism must be provided to recover to the point of the game when communication was lost.
Alternatively, in a multi-player environment, a loss of communication can result in aborting the game and refunding player's wagers.
In the case of Client Terminals that have lost communication with the server, the CSS must provide a means, such as a hand pay, for patrons to cash out credits indicated on the Server-based client terminal at the time communication was lost.
In the event the CSS Server is utilized in conjunction with other networks; all communication, including Remote Access, must pass through at least one approved application-level firewall and must not have a facility that allows for an alternate network path. If an alternate network path exists for redundancy purposes, it must also pass through at least one application-level firewall.
The firewall application must maintain an audit log of the following information and must disable all communication and generate an error event if the audit log becomes full:
Remote Access is defined as any access to the system outside of the Trusted' Network. Remote Access, where permitted, shall authenticate all computer systems based on the authorized settings of the CSS or firewall application that establishes a connection with the CSS.
The security of Remote Access will be reviewed on a case-by-case basis, in conjunction with the current technology and approval from the Commission. The following are additional requirements:
The CSS Server must maintain an activity log either automatically or have the ability to manually enter the logs depicting all Remote Access information that includes:
Wide Area Network (WAN) communication within the CSS is permitted provided that the following criteria is met:
This section covers the elements common to the "back of the house" operations of a CSS. The Game Server(s) may be located locally, within a single facility or may be remotely located outside of the facility such as over a Wide Area Network (WAN). In the case where a CSS Server also performs tasks as required by other systems, (i.e. On-Line Monitoring and Control System, Ticket Validation System, etc) those portions would have to be evaluated against the appropriate Arkansas regulation.
A CSS may in fact be a collection of servers for load balancing, redundancy or functionality reasons. For example, there might be two or more game servers, a finance server, monitoring server, download server, etc. The system as a whole, which may be a collection of such servers, must meet the full requirements of this specification but not necessarily each server.
For a Server-Based Game System and hybrid systems as applicable, the Game Server shall generate and transmit to the Client Terminals; control, configuration and information data, depending upon the actual implementation. Examples include: credit movement, random numbers, game result components (e.g. balls, cards or reel stop positions), actual game results or updates to the credit meter for winning games.
For a System-Supported Game System and hybrid systems as applicable, the Game Server will not participate in the game determination process i.e. the primary functions will be that of downloading control programs and other software resources, or providing command and control instruction that may change the configuration of the software already loaded on the client terminal, on an intermittent basis.
All servers shall have sufficient physical/logical intrusion protection against unauthorized access.
The CSS interface element setup/configuration menu(s) must not be available unless using an authorized access method that is secure.
There shall be no means available for an Operator to conduct programming on the server in any configuration (e.g. the Operator should not be able to perform SQL statements to modify the database). However, it is acceptable for a Network Administrator to perform authorized network infrastructure maintenance with the sufficient access rights that would include the use of SQL statements that were already resident on the system.
It is recommended all servers and client devices should have adequate virus protection.
Copy protection to prevent unauthorized proliferation or modification of software, for servers or clients, may be implemented provided that the method of copy protection is fully documented and provided to a third party independent test laboratory and the commission, who will verify that the protection works as described.
The CSS shall be designed to protect the integrity of pertinent data in the event of a failure. Audit logs, system databases, and any other pertinent data must be stored using reasonable protection methods. If hard disk drives are used as storage media, data integrity must be assured in the event of a disk failure. Acceptable methods include, but are not limited to, multiple hard drives in an acceptable RAID configuration, or mirroring data over two or more hard drives. The method used must also provide open support for backups and restoration. Backup scheme implementation must occur at least once every day, although all methods will be reviewed on a case-by-case basis by the commission.
In the event of a catastrophic failure where the CSS cannot be restarted in any other way, it shall be possible to reload the database from the last viable backup point. This must fully recover the contents of that backup and shall consist of at least the Significant events, Auditing information and Specific site information such as game configuration, security accounts, etc.
The CSS must implement self-monitoring of all critical Interface Elements (e.g. Central hosts, network devices, firewalls, links to third parties, etc.) and shall have the ability to effectively notify the system administrator of the condition, provided the condition is not catastrophic.
The CSS shall be able to perform this operation with a frequency of at least once in every 24-hour period. The implementation of self-monitoring schemes will be reviewed on a case-by-case basis by the commission and the test laboratory. Additionally, all critical interface elements will be reviewed on a case per case basis and may require further action by the system depending upon the severity of the failure.
Each integral component of the CSS must have a method to be verified via a "third-party" verification procedure.
The Client Terminal and/or the applicable Server Side critical Game components shall provide the ability to conduct an independent integrity check of the control programs, from a third-party outside source. The verification program used for the integrity check may be embedded within the game software or have an interface port that is used to authenticate the media with the verification program.
The third-party verification process must not include any process or security software provided by the gaming manufacturer.
Program devices that cannot be interrogated, such as Smart cards, may be used provided they are able to be verified by the following methodology:
The Server that supports a Server-Based Game must be able to provide the following game history information. In the case of a hybrid system it is allowable for this information to be stored either on the server or at the client terminal as long as all information is accounted for.
The Download Data Library refers to the formal storage of all approved data files that may be downloaded to Client Terminals including control and game software, peripheral firmware, configuration data, etc.
Where applicable, the CSS Download Data Library shall only be written to, with secure access that is controlled by the commission, in which case the manufacturer and/or operator will be able to access the Download Data Library, provided that this access does not permit adding or deleting Download Data Files; or the Download Data Library shall only be written to using a method that is acceptable by an independent test laboratory and the commission.
Any changes that are made to the Download Data Library, including the addition, changing or deletion of Game Programs, must be stored in an un-alterable audit log, which shall include:
Any record of activity between the Server and the Client that involves the downloading of program logic, the adjustment of client settings/configurations, or the activation of previously downloaded program logic, must be stored in an unalterable audit log. This log shall include the Client Terminal(s) which the Game Program was downloaded to and, if applicable, the program it replaced. In addition the log shall include the Client Terminal(s) which the Game Program was activated on, the program it replaced and Changes to the Client Terminal configuration settings/configurations and what the changes were.
This will outline the requirements of the CSS when downloading software, games and other configuration data to Client Terminals, if the Server provides the functionality of downloading control programs and other software resources, whether for a Server-Based Game System, a System Supported Game System or a hybrid system.
The CSS shall authenticate all critical files including, but not limited to, executables, data, and other files, which may affect the game outcome or the compliant operation of the CSS during the following:
The CSS shall employ an industry standard secure hashing algorithm (e.g. MD-5 orSHA-1).
In the event of failed authentication the player terminal should immediately enter an Error Condition with the appropriate audio and visual indicator. This Error shall require operator intervention.
The CSS shall display specific error information and shall not clear until either the file authenticates properly, following the operator intervention, or the medium is replaced or corrected, and the memory is cleared (if applicable), the component is restarted, and all files authenticate correctly.
These minimum technical regulations shall be met, where applicable, when downloading/activating control programs from the CSS Server to the Client Terminal.
Client Terminals used in a CSS environment that have alterable configurations that require Regulatory Control, as outlined within Arkansas EGS regulations, may be waived provided that the rules within this section are met.
Client Terminal Control Programs that offer multiple paytables and/or denominations that can be configured via the CSS Server will not require Regulatory Control to change the paytable selected, provided the following rules be met.
The process of clearing memory on the Client Terminals via the CSS must utilize a secure method that would require Regulatory Control. For systems that do not comply with this rule, the commission must approve the method used.
A CSS may be utilized for the generation of Random Values, which are subsequently communicated to the Client Terminal's Control Program that is required for the determination of game outcomes. The CSS Server generation of Random Values shall not include the generation of finite pools of game outcomes. In the event the CSS has the ability to download Random Values to the Client Terminal, the Random Number Generator shall function in accordance with the Randomness Requirements as outlined in the Arkansas EGS regulation.
Systems utilizing finite pools of game outcomes (i.e. Electronic Pull-Tab Systems) shall dispense upon request from a Client Terminal an Electronic Ticket or Game Outcome. All finite games must be played without replacement. Once dispensed such ticket or outcome must not be reused until the Game Set is replenished.
The system shall utilize randomizing procedures in the creation of the Game Sets for Electronic Tickets or Game Outcomes. The randomizing procedure shall be in accordance with the RNG requirements stated in the Arkansas EGS regulation with the exception of mechanical based RNG games.
This terminal is used by the player to place wagers, play the game(s) on offer and win prizes (when applicable). The Player Terminal may receive game play information from the Game Server, in the case of System Based Game System (SBGS) or make it own determination in the case of a System Supported Game System (SSGS), and then displays the information to the player. Game play and other functionality may be separated in parts, where some components may be generated within or outside the Player Terminal (e.g., Player Terminals that function with a system). A client terminal shall be robust enough to resist forced illegal entry unless such entry causes an error condition, and which does not affect the subsequent play or any other play, prize or aspect of the game.
Prior to execution of updated software, the Client Terminal must be in an Idle State for a time fame determined by the Commission and the software is successfully authenticated, as defined within Arkansas regulation.
Kiosks are only to be used for the purpose of accepting, validating and providing payment for tickets inserted. Kiosks may incorporate other functions that would not have any effect on the integrity of gaming, with the exception of Automated Teller Machine functionality. Kiosks must use a Communication Protocol that will not permit the Kiosk to write directly to the system Database and only process payments based on commands from the system. Redemption Kiosks shall meet the EGS Hardware Requirements for Security and Player Safety, as previously outlined.
Kiosks must be capable of detecting and displaying the following Error Conditions. The Error Condition must illuminate the tower light or sound an audible alarm. This requirement may be substituted for a notification system that alerts staff of Error Conditions. The Kiosk shall be able to recover to the state it was in immediately prior to any interruption that occurred, including during payment. Error Conditions requiring Attendant intervention are denoted by :
If the Redemption Kiosk uses error codes instead of a text explanation of the Error Conditions, a description of error codes and their meanings must be affixed on the inside of the Redemption Kiosk.
If any of the above Error Conditions occur during the acceptance and/or escrowing of a ticket voucher, the ticket voucher must be returned to the patron without a status change on the Validation System or, once the Error Condition is cleared, proceed to pay the patron and have a status of 'Redeemed' on the system.
There shall be a maximum ticket value that can be paid by a kiosk or have available the ability to select the maximum amount.
Metering information is maintained in critical memory at the Redemption Kiosk.
The Redemption Kiosk must maintain the following Meters, which can be by Denomination:
The Redemption Kiosk must not have a mechanism whereby an unauthorized user can cause the loss of stored accounting Meter information.
Logs must be maintained in critical memory or on a paper log (see NOTE, below within this section) housed within the Redemption Kiosk that consists of the following:
NOTE: If the device utilizes a printer to record the information required within this section, the printer must be capable of monitoring any Printer Fault (i.e., 'Printer Disconnected', 'Paper Jam', 'Out of Paper', etc.)
Tickets may only be accepted when the Kiosk is communicating with the system.
Tickets inserted into a kiosk must be rejected when the system link is down and Payment shall only be made when the ticket is 'Stacked' within the Bill Stacker.
This section shall address security precautions and minimum recommendations that govern Wireless Networks.
Should a wireless Ethernet Communication solution be adopted, then additional security precautions must be taken. The current wireless Ethernet technology (Wi-Fi) is vulnerable and should not be considered secure. If Wi-Fi is chosen as the Communication method for your system, the following recommendations are to be considered minimum recommendations and not restrictions:
The wired LAN (Local Area Network) must be isolated from the wireless (WLAN)
Network through the layering of additional Network security methods.
006.06.10 Ark. Code R. 001