Implementing a Converged Identification,
Compliance and Reporting Strategy for Gaming
Environments
The Technologies and Considerations at Play
Gaming Security Professionals of Canada
Vancouver, British Columbia
June 2012
Overview
•
•
•
•
•
•
•
•
•
•
•
•
•
Information and Today’s Security & Surveillance Concerns
A Day in the Life of a Casino
Layers of Security
Licence Plate Recognition / ID Recognition / Reporting
Challenges and Obstacles of Information
Report Automation in the Gaming Environment
Considerations for Reporting
Personal Information Protection
AML Reporting, Self Exclusion and Investigations
Intelligent Interfaces, Security, Notification, Alerting, Best Practices
Business Intelligence
Tracking Outcomes
Reporting – Results/Conclusions
Information - What's Going on!
•
•
•
•
The roles of Surveillance, Security,
Compliance, and Risk
Management in
Customer Assistance
Logs
the modern gamingDaily
environment
are
Dispatches
complex and variedExclusion enforcement
Exclusion management
Audits
The challenge is toGame
provide
a high level
Game Protection
Reports
of protection to theIncident
assets
and
Lost and Found
Patrols
employees of the casino
in a busy
Reports
public environmentSubject information
Subject profiling and management
Subject manage
Surveillance
In order to control and
the
Trespasses
associated risks, we
have
to have
Visitor
Management
effective tools to doInvestigations
the job!
The primary tool of Surveillance ,
Security and Risk Management is
Information!
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
Customer
Assistance
Investigations
Visitor
Management
Trespasses
Subject
Surveillance
Subject profiling
and management
Subject
information
Reports
Lost and Found
Patrols
Today’s Security & Surveillance Concerns
• Volume of Data
» Cameras are installed everywhere but who is watching
• Large Groups of Undesirables
» To many faces to remember
» Multi-location environments (subjects can move from location to location)
• After the Fact (Post Event)
» Need an easier way to search if individuals were in the building post event
» Requirement to add individuals to an undesirables list
• Lack of Available Manpower
» Budget cuts
» Doing more with less
» Increased work loads on security/surveillance operations
The Consequence of Information
•
In today’s Gaming environments, the sheer volume of people in contrast
to available security & surveillance resources poses unique issues:
•
•
Stand alone video is no longer the main viable basis for action
Communication has increased between the various departments in
casinos but there is still a time lag and/or disconnect
Gaming regulations are ever tightening with higher expectations put on
operators
Post event analysis is often too late to reduce loses via theft, trespass,
self exclusion or criminal activity
Gaming facilities need tools to be pro-active and prevent issues before
they happen
•
•
•
A Day in the Life of a Casino
•
•
•
•
•
•
•
•
•
•
Distraction / Collusion
Violence
Criminal Activity / Money Laundering
Harassment
Theft (Internal / External)
Fraud / Cheating
Slot Investigations, Audits
Counterfeits (Tokens, Currency, Credit)
Trespass Management / Ban Re-entry
Player / Dealer Tracking (Reviews and Audits)
“I’m Positive We’ve Got A File
On That Guy”
“It’s in here somewhere
. . .”
“ Or is it in one of these
boxes? ”
“ And I’m sure his picture is
here somewhere?!
And where is the report ? ”
Which scenario have you been faced with?
Layers of Security and Finding “that” Guy
• Breaking down the Gaming facility into logical layers based on
location based subject identification provides:
• Opportunity for better identification and associated best practices
» Trespass/self exclusion management, under age enforcement
• Risk and harm reduction by providing choke points for matching
and identification
» Validation (watch list), authentication (valid ID), Verification (under age), Anti
Money Laundering, Fraud
• Best use of manned and unmanned space
» Exterior, interior
What are Logical Available Pro Active Layers
• Licence Plate Recognition
• ID Recognition
• Reporting
License Plate Recognition (ANPR, LPR)
• The intent of License Plate Recognition is to provide fully integrated
recognition technology for aiding in reading, logging and identifying
vehicles
• Additionally LPR systems should allow for management of selected
hotlist vehicles to issue automatic alerts when a registered vehicle
enters or leaves a physical location
• Integrated Patron linkages between persons of interest, vehicles,
events (trespass, self exclusion, etc.), ID
Today’s Edge LPR Camera Features
•
•
•
•
•
•
•
•
•
•
Perfect read rate performance is around 90+%
Internal 1024x768 high resolution LPR context camera
Internal standard resolution color overview camera (640x480)
Pulsed LED IR illuminator for effective use in 0 lux (total darkness)
Up to 92-foot (28-meter) range with reflective license plates
Embedded processors and LPR engines
Reads up to 225 km/h (140MPH)
Pan-tilt mount/Magnetic mount
Tamper resistant with impact-proof capabilities
Waterproof to IP67, -40C to 50C operating temperature ranges
Dedicated LPR Solutions
LPR Server
IP LPR Cameras
Alert/Reporting
Clients
Network
•
Alerts against enrolled license plates in Patron
Management Platform
•
Unlimited Vehicle/Plate Support
•
Unlimited Subject Support
•
Subjects can be related to more than one vehicle
•
Real-time Alert shows/links live plate, matched plate,
vehicle, subject and subject ban status
Types of ID
•
•
•
•
•
•
•
•
•
•
•
Drivers Licence
Birth Certificate
Passport
Military
Visas
Voter ID
Employment Identification
Old Age Security
Alien Registration
Permanent Resident Card
Government (PIV)
ID Standards
•
International Civil Aviation Organization
» ID-1, ID-2, ID-3 and ID-000
•
American Association of Motor Vehicle Administrators
» North American (US/Canada) Licenses and IDs
» Layout as ID-1
•
•
Federal Information Processing Standards 201 (USA)
»
»
»
•
Personal Identity Verification (PIV)
Physical access to Federally controlled facilities and logical access to Federally controlled information
systems
Government Programs
Smart Cards (integrated circuit card [ICC]) - ID-1, ID-000
»
•
Barcode, Magnetic Stripe
Smart cards can provide identification, authentication, data storage and application processing (Contact,
contactless or hybrid formats
Near Field Communication (NFC)
»
»
Short-range wireless technologies, typically requiring a distance of 4 cm or less
Likely to be used for purchasing from Smart Phones (BlackBerry Bold, Samsung, Google, Nokia)
Reading and Authenticating ID (Readers)
• Remove problems of human vulnerability to:
» Fatigue, Distraction, etc.
• Allow more focus on:
» Human Behaviour, Facial Matching
• Transaction Volumes
• Multiple Types of IDs (Passports, Visas, DL,
Other)
Types of ID Readers
•
•
•
•
•
Low
Magnetic Stripe
OCR/Bar Code (1D/2D)
MRZ (Passport)
Smart Card (Chip)
All-in-One (Selected Features)
Price
Performance
High
Reader Data Extraction
•
•
•
•
•
Reading and identifying document type
Collecting information from document
Confirming presence of known features
Reference-checking information
Presenting biometric for comparison
ID Acquisition Technology Today
• Easy to use
• Touch screen integration
• Easy operation for
non-experienced users
• Install on existing PCs
and hardware
• Limited training required
• Full user/password
security and Active
Directory support
Multiple ID Requirements (AML, Investigations)
• Enhanced Customer
Due Diligence (CDD)
• Ability to support
multiple IDs per patron
• Ability to scan and
maintain copies of IDs
as required for
compliance
• Fully Searchable
Subject Centric Requirements
• At any given time, individual departments need to
isolate subject specific events and activities
• These subject driven events and activities may need to
be expanded as additional information/reporting is
required (AML, Visitor Management, Responsible
Gaming, License Plate Reporting, etc.)
• This provides investigators, analysts and departmental
staff the ability to analyze patron behaviour for their
specific requirements in isolation or as a whole
• Incidents
(Including Bans
and Suspicious
Transaction
Reports)
• AML Large Cash
Transactions,
Disbursements
• Gaming Disputes
• Vehicle, License
Plate Information
Challenges and Obstacles of Information
•
•
•
•
•
Cost
Securing access to data
Aggregation of data from different systems
Interdepartmental cooperation
Compliance
Key Benefits of Report Automation
in the Gaming Environment
•
•
•
•
•
•
•
Cost Savings
Secure Interdepartmental Information Sharing
Total Trespass & Self Exclusion Management
Savings & Loss Tracking
Risk Management & Analysis
Compliance
Peace of Mind
Information – The Key to Effective
Risk Management
•
•
Information management is the key to any efficient security
and compliance operation
To be effective the information collected must be:
»
»
»
»
»
•
Timely
Accurate
Consistent
Rapidly retrievable
Subject to logical work flow
The need for an efficient integrated system to provide a
solution for incident data collection, analysis, management,
report generation, distribution and rapid access to subject and
incident related data is paramount in modern gaming
environments
Interdepartmental Information Operational Considerations
•
•
•
•
•
Information originates from a variety of
sources, some shared by default,
others on an as required or need to
know basis
Access to specific information /
records must be controlled on a
departmental, positional and individual
level
Sensitive information (i.e. internal
investigations) must be able to be
restricted on a “need to know” basis
All data must be subject to a detailed
audit procedure
Data flow and access must be
configurable to comply with internal
policies / procedures and best
practices
Surveillance
Security
Investigations
Daily Logs
Incident
Reports
As required
Daily Logs
As required
As required
As required
Incident
Reports
As required
As required
Subject
Information
System
Daily Logs
Incident
Reports
Considerations for Reporting
• Multiple information, reporting and processes:
»
»
»
»
»
»
»
»
»
»
Personnel Management & Dispatch
Detailed Investigations
Security Reporting (Under Age, Assault, etc.)
Surveillance Reporting (Game/Player/Dealer Audits, etc.)
Self Exclusion & Responsible Gaming Reporting
Compliance Reporting (AML, etc.)
Suspicious Transaction Reporting
Patron Trespass Management
Patron/Activity Monitoring , Alerting and Custom Notification
System Interfacing
Personal Information Protection & Electronic
Documents Act (PIPEDA) & Privacy
• The use of personal information in Canadian commercial activities is
protected by PIPEDA, or by substantially similar provincial legislation.
• You have to inform individuals concerning the collection of personal
information about them. However, you do not have to inform
individuals when you include personal information about them in any
of the reports that you are required to make to FINTRAC.
• How organizations should collect, use and disclose personal
information. They also address an individual's right to access his/her
personal information and have it amended for commercial purposes.
Accountability, Identifying Use, Consent , Limiting Collection, Limiting
Use, Disclosure and Retention, Accuracy, Safeguarding Patron
Information, Openness, Patron Access
AML Reporting (Canada as an Example)
• Large Cash Transactions (LCTs) must be reported to Canada's
Financial Transactions and Reports Analysis Centre (FINTRAC).
• FINTRAC receives, analyzes, assesses and discloses financial
intelligence on suspected money laundering, terrorist financing,
and threats to the security of Canada. The Centre is an integral
part of our country's commitment to the fight against money
laundering and terrorist activity financing.
• Canadian businesses must report LCTs to FINTRAC within 15
days of the transaction. An LCT is defined as one or more
transactions, received from a single party, and totalling $10,000 or
more.
AML Expanding Reporting Requirements
• Globally, reporting requirements year over year
are increasing and becoming more granular
»
»
»
»
Full Time Compliance;
Expanded reporting requirements;
Expanded record keeping requirements;
Expanded client identification (ID) requirements;
• Moving towards the need for self-assessment
of risk and mitigation
AML Expanded Reporting Requirements
• Receipt of Funds Records must be completed
for every transaction;
• Suspicious ATTEMPTED transactions must be
reported.
• You must not “tip off” the individual that you
have, or intend to file, a report
AML Expanded Record Keeping
• Additional information must be kept:
» Large Cash Transactions
» Receipt of Funds Records
» Client Information Records
» Suspicious Transaction Records
AML Expanded Record Keeping
• Detailed individual information must now be obtained
and kept on file;
• Detailed account identification must be obtained and
kept on file;
• All reports must be secured, in electronic or hard copy,
for X years;
• If requested by AML agency– all records must be
produced within X days.
AML ID Requirements
• Casinos must :
• Verify client ID, date of birth, and occupation;
• Confirm the existence of the entity they
represent;
• Attempt to collect identification and record
findings;
• If suspicious, report to AML Agency
(AUSTRAC, FINTRAC, FIU, etc.)
AML Third Party ID Requirements
• If the client is not present, you must use a third party or
entity to identify clients
• Existence of third party must also be confirmed
• Question of third party involvement in transaction must
be asked of individual
• Third parties defined by AML entities as someone
issuing instructions
AML Self-Assessment of Risk
• This is a new requirement of compliance
• Engaging senior management in the detection
and deterrence of money laundering and
terrorist financing
• Built on a Risk-Based Approach
• Risk assessment/mitigation of your business
• Patron screening
• Ongoing monitoring of higher risk transactions
AML Supported Transactions
• Buy-Ins - cash paid by the subject to the FINTRAC
reporting entity
• Foreign Exchange - cash changed from one currency
to another by the subject
• Deposits - cash deposited into the subject's account
• Disbursement - cash or merchandise paid to the
subject by the FINTRAC reporting entity
Investigations & Self Exclusion
•
•
•
•
•
Link investigations to people,
places, vehicles, etc.
Drilldown to find historical
information on individuals
involved.
Collect images, videos, word
documents, emails, etc. in a
single case
Track Saving & Losses for
each investigation
Collect additional officers
supplemental information
Intelligent Data Interfaces (IT requirements)
• Support for multiple Interfaces
including PeopleSoft, Dacom,
Bally’s, etc.
• Business and importer workflow
logic built in and configurable
» i.e. Join or separate first and last
name, remove spaces in names,
clean-up data between systems
• Configured for scheduled
directory scans/imports for data
automatic acquisition and
updates
Enhanced Security & Privacy
•
•
•
•
•
Encrypt data at rest, in transit
and at field level for ultimate
protection
Document assignment at the
user and department level
Ability to make confidential to
specific users, provide a high
level of document security and
protection
Complex Permissions to
control access to information
Property, Department and role
based security levels
Notifications
• Alert key individuals as activities
happen
• Keep information flowing with “realtime” updates
• Multiple Notifications Type (Alert, email, etc.)
• Send notifications to blackberry,
iPhone and PDA’s
• Used to integrate into 3rd party
systems (Access Control, Alarm
Management, etc)
Integrated Alerting with open Architectures
• Manage multiple system
alerts
• CMS Player Card Insertions
• Escalation of alerts into
security dispatches,
investigations , etc.
• Outbound notifications to 3rd
Party Systems (HR, Access
Control, CMS, etc.)
Incident
Reporting
External
System Alerts
iTrak
Platform
Daily Activity
Management
Dispatching
Best Practices (SOP, Rules of the Game, etc.)
• Departmental
specific
documentation
needs to be
maintained including:
• Standard operating
procedures
• Rules of the game
• Compliance
requirements
Overlay Business Intelligence
• BI delivers a unique approach to interactive data visualization. Using
advanced link analysis - complemented by charts, timelines and
other views - investigative analysts can discover non-obvious
relationships and significant insights within their data more quickly
than with other data visualization or business intelligence
technology.
• It allows analysts to easily combine disparate data sources and
explore multiple visualizations in a single integrated workspace.
• Connect to data for analysis, visualize hidden insights across
disparate data, and share analysis results through collaboration.
• Facebook, LinkedIn, etc.
Tracking Outcomes Actions Taken
• Integrated Outcomes can
be documented
• Multiple Entries
• Denied Paid Outs
• Trespass
• Under Age Refusals
• Vehicle Towing
• Incident Reporting
• Flag for follow-up actions
Reporting – Results/Conclusions
•
Efficiency
» Centralized shared information enhances productivity, allowing staff to
work more effectively
•
Communication Among Groups, Departments And Agencies
» Security, Surveillance, Risk Management, Legal, Health & Safety,
Human Resources and Outside Agencies
•
Best Practices
» Consistent documentation across departments ensures everyone is on
the same page, avoiding conflicting reports on the same incident
•
Liability
» Reduction in exposure
» Solid trial / legal documentation
•
Reduction In Costs
» Paper, storage, faxing, management
•
Recovery
» Civil recovery and restitution
» Tangible reportable savings and losses for budgeting purposes and
action
Questions & Answers
James Moore – iView Systems
jmoore@iviewsystems.com
905 829-2500 / 1-866-705-9671