Implementing a Converged Identification, Compliance and Reporting Strategy for Gaming

Environments

The Technologies and Considerations at Play

Gaming Security Professionals of Canada

Vancouver, British ColumbiaJune 2012

Overview• Information and Today’s Security & Surveillance Concerns• A Day in the Life of a Casino• Layers of Security• Licence Plate Recognition / ID Recognition / Reporting• Challenges and Obstacles of Information• Report Automation in the Gaming Environment• Considerations for Reporting• Personal Information Protection• AML Reporting, Self Exclusion and Investigations• Intelligent Interfaces, Security, Notification, Alerting, Best Practices• Business Intelligence• Tracking Outcomes• Reporting – Results/Conclusions

Information - What's Going on!• The roles of Surveillance, Security,

Compliance, and Risk Management in the modern gaming environment are complex and varied

• The challenge is to provide a high level of protection to the assets and employees of the casino in a busy public environment

• In order to control and manage the associated risks, we have to have effective tools to do the job!

• The primary tool of Surveillance , Security and Risk Management is

Information!

Customer Assistance 1Daily Logs 1Dispatches 1Exclusion enforcement 1Exclusion management 1Game Audits 1Game Protection 1Incident Reports 1Lost and Found 1Patrols 1Reports 1Subject information 1Subject profiling and management 1Subject Surveillance 1Trespasses 1Visitor Management 1Investigations 1

Lost and FoundPatrols

Reports

Subjectinformation

Subject profilingand management

SubjectSurveillance

Trespasses

VisitorManagement

Investigations

CustomerAssistance

Today’s Security & Surveillance Concerns

• Volume of Data» Cameras are installed everywhere but who is watching

• Large Groups of Undesirables» To many faces to remember» Multi-location environments (subjects can move from location to location)

• After the Fact (Post Event)» Need an easier way to search if individuals were in the building post event» Requirement to add individuals to an undesirables list

• Lack of Available Manpower» Budget cuts» Doing more with less» Increased work loads on security/surveillance operations

The Consequence of Information

• In today’s Gaming environments, the sheer volume of people in contrast to available security & surveillance resources poses unique issues:

• Stand alone video is no longer the main viable basis for action• Communication has increased between the various departments in

casinos but there is still a time lag and/or disconnect• Gaming regulations are ever tightening with higher expectations put on

operators• Post event analysis is often too late to reduce loses via theft, trespass,

self exclusion or criminal activity• Gaming facilities need tools to be pro-active and prevent issues before

they happen

A Day in the Life of a Casino• Distraction / Collusion• Violence• Criminal Activity / Money Laundering• Harassment• Theft (Internal / External)• Fraud / Cheating• Slot Investigations, Audits• Counterfeits (Tokens, Currency, Credit)• Trespass Management / Ban Re-entry• Player / Dealer Tracking (Reviews and Audits)

“I’m Positive We’ve Got A File On That Guy”

“It’s in here somewhere . . .”

“ Or is it in one of these boxes? ”

“ And I’m sure his picture is here somewhere?!

And where is the report ? ”

Which scenario have you been faced with?

Layers of Security and Finding “that” Guy

• Breaking down the Gaming facility into logical layers based on location based subject identification provides:

• Opportunity for better identification and associated best practices » Trespass/self exclusion management, under age enforcement

• Risk and harm reduction by providing choke points for matching and identification» Validation (watch list), authentication (valid ID), Verification (under age), Anti

Money Laundering, Fraud

• Best use of manned and unmanned space» Exterior, interior

What are Logical Available Pro Active Layers

• Licence Plate Recognition• ID Recognition • Reporting

License Plate Recognition (ANPR, LPR)• The intent of License Plate Recognition is to provide fully integrated

recognition technology for aiding in reading, logging and identifying vehicles

• Additionally LPR systems should allow for management of selected hotlist vehicles to issue automatic alerts when a registered vehicle enters or leaves a physical location

• Integrated Patron linkages between persons of interest, vehicles, events (trespass, self exclusion, etc.), ID

Today’s Edge LPR Camera Features

• Perfect read rate performance is around 90+%• Internal 1024x768 high resolution LPR context camera• Internal standard resolution color overview camera (640x480) • Pulsed LED IR illuminator for effective use in 0 lux (total darkness)• Up to 92-foot (28-meter) range with reflective license plates• Embedded processors and LPR engines• Reads up to 225 km/h (140MPH)• Pan-tilt mount/Magnetic mount• Tamper resistant with impact-proof capabilities• Waterproof to IP67, -40C to 50C operating temperature ranges

Dedicated LPR Solutions

• Alerts against enrolled license plates in Patron Management Platform

• Unlimited Vehicle/Plate Support• Unlimited Subject Support• Subjects can be related to more than one vehicle • Real-time Alert shows/links live plate, matched plate,

vehicle, subject and subject ban status

LPR Server

Network

IP LPR Cameras Alert/Reporting Clients

Types of ID

• Drivers Licence• Birth Certificate• Passport• Military• Visas• Voter ID• Employment Identification• Old Age Security• Alien Registration• Permanent Resident Card• Government (PIV)

ID Standards• International Civil Aviation Organization

» ID-1, ID-2, ID-3 and ID-000• American Association of Motor Vehicle Administrators

» North American (US/Canada) Licenses and IDs» Layout as ID-1

• Barcode, Magnetic Stripe

• Federal Information Processing Standards 201 (USA)» Personal Identity Verification (PIV) » Physical access to Federally controlled facilities and logical access to Federally controlled information

systems» Government Programs

• Smart Cards (integrated circuit card [ICC]) - ID-1, ID-000» Smart cards can provide identification, authentication, data storage and application processing (Contact,

contactless or hybrid formats

• Near Field Communication (NFC)» Short-range wireless technologies, typically requiring a distance of 4 cm or less» Likely to be used for purchasing from Smart Phones (BlackBerry Bold, Samsung, Google, Nokia)

Reading and Authenticating ID (Readers)

• Remove problems of human vulnerability to:» Fatigue, Distraction, etc.

• Allow more focus on:» Human Behaviour, Facial Matching

• Transaction Volumes• Multiple Types of IDs (Passports, Visas, DL,

Other)

Types of ID Readers

• Magnetic Stripe• OCR/Bar Code (1D/2D)• MRZ (Passport)• Smart Card (Chip)• All-in-One (Selected Features)

PricePerformance

High

Low

Reader Data Extraction

• Reading and identifying document type• Collecting information from document• Confirming presence of known features• Reference-checking information• Presenting biometric for comparison

ID Acquisition Technology Today• Easy to use• Touch screen integration• Easy operation for

non-experienced users• Install on existing PCs

and hardware• Limited training required• Full user/password

security and Active Directory support

Multiple ID Requirements (AML, Investigations)

• Enhanced Customer Due Diligence (CDD)

• Ability to support multiple IDs per patron

• Ability to scan and maintain copies of IDs as required for compliance

• Fully Searchable

Subject Centric Requirements

• At any given time, individual departments need to isolate subject specific events and activities

• These subject driven events and activities may need to be expanded as additional information/reporting is required (AML, Visitor Management, Responsible Gaming, License Plate Reporting, etc.)

• This provides investigators, analysts and departmental staff the ability to analyze patron behaviour for their specific requirements in isolation or as a whole

• Incidents (Including Bans and Suspicious Transaction Reports)

• AML Large Cash Transactions, Disbursements

• Gaming Disputes

• Vehicle, License Plate Information

Challenges and Obstacles of Information

• Cost• Securing access to data • Aggregation of data from different systems• Interdepartmental cooperation• Compliance

Key Benefits of Report Automation in the Gaming Environment

• Cost Savings• Secure Interdepartmental Information Sharing• Total Trespass & Self Exclusion Management• Savings & Loss Tracking• Risk Management & Analysis• Compliance• Peace of Mind

Information – The Key to Effective Risk Management

• Information management is the key to any efficient security and compliance operation

• To be effective the information collected must be:» Timely» Accurate » Consistent » Rapidly retrievable» Subject to logical work flow

• The need for an efficient integrated system to provide a solution for incident data collection, analysis, management, report generation, distribution and rapid access to subject and incident related data is paramount in modern gaming environments

Interdepartmental Information - Operational Considerations

• Information originates from a variety of sources, some shared by default, others on an as required or need to know basis

• Access to specific information / records must be controlled on a departmental, positional and individual level

• Sensitive information (i.e. internal investigations) must be able to be restricted on a “need to know” basis

• All data must be subject to a detailed audit procedure

• Data flow and access must be configurable to comply with internal policies / procedures and best practices

Surveillance Security Investigations

Daily Logs

Incident Reports

As required Daily Logs

As required As required Daily Logs

As required Incident Reports

As required As required Incident Reports

Subject Information System

Considerations for Reporting• Multiple information, reporting and processes:

» Personnel Management & Dispatch» Detailed Investigations» Security Reporting (Under Age, Assault, etc.)» Surveillance Reporting (Game/Player/Dealer Audits, etc.)» Self Exclusion & Responsible Gaming Reporting» Compliance Reporting (AML, etc.)» Suspicious Transaction Reporting» Patron Trespass Management» Patron/Activity Monitoring , Alerting and Custom Notification» System Interfacing

Personal Information Protection & Electronic Documents Act (PIPEDA) & Privacy

• The use of personal information in Canadian commercial activities is protected by PIPEDA, or by substantially similar provincial legislation.

• You have to inform individuals concerning the collection of personal information about them. However, you do not have to inform individuals when you include personal information about them in any of the reports that you are required to make to FINTRAC.

• How organizations should collect, use and disclose personal information. They also address an individual's right to access his/her personal information and have it amended for commercial purposes. Accountability, Identifying Use, Consent , Limiting Collection, Limiting Use, Disclosure and Retention, Accuracy, Safeguarding Patron Information, Openness, Patron Access

AML Reporting (Canada as an Example)

• Large Cash Transactions (LCTs) must be reported to Canada's Financial Transactions and Reports Analysis Centre (FINTRAC).

• FINTRAC receives, analyzes, assesses and discloses financial intelligence on suspected money laundering, terrorist financing, and threats to the security of Canada. The Centre is an integral part of our country's commitment to the fight against money laundering and terrorist activity financing.

• Canadian businesses must report LCTs to FINTRAC within 15 days of the transaction. An LCT is defined as one or more transactions, received from a single party, and totalling $10,000 or more.

AML Expanding Reporting Requirements

• Globally, reporting requirements year over year are increasing and becoming more granular» Full Time Compliance;» Expanded reporting requirements;» Expanded record keeping requirements;» Expanded client identification (ID) requirements;

• Moving towards the need for self-assessment of risk and mitigation

AML Expanded Reporting Requirements

• Receipt of Funds Records must be completed for every transaction;

• Suspicious ATTEMPTED transactions must be reported.

• You must not “tip off” the individual that you have, or intend to file, a report

AML Expanded Record Keeping

• Additional information must be kept:» Large Cash Transactions» Receipt of Funds Records» Client Information Records» Suspicious Transaction Records

AML Expanded Record Keeping

• Detailed individual information must now be obtained and kept on file;

• Detailed account identification must be obtained and kept on file;

• All reports must be secured, in electronic or hard copy, for X years;

• If requested by AML agency– all records must be produced within X days.

AML ID Requirements

• Casinos must :• Verify client ID, date of birth, and occupation;• Confirm the existence of the entity they

represent;• Attempt to collect identification and record

findings;• If suspicious, report to AML Agency

(AUSTRAC, FINTRAC, FIU, etc.)

AML Third Party ID Requirements

• If the client is not present, you must use a third party or entity to identify clients

• Existence of third party must also be confirmed• Question of third party involvement in transaction must

be asked of individual • Third parties defined by AML entities as someone

issuing instructions

AML Self-Assessment of Risk

• This is a new requirement of compliance• Engaging senior management in the detection

and deterrence of money laundering and terrorist financing

• Built on a Risk-Based Approach• Risk assessment/mitigation of your business• Patron screening• Ongoing monitoring of higher risk transactions

AML Supported Transactions

• Buy-Ins - cash paid by the subject to the FINTRAC reporting entity

• Foreign Exchange - cash changed from one currency to another by the subject

• Deposits - cash deposited into the subject's account• Disbursement - cash or merchandise paid to the

subject by the FINTRAC reporting entity

• Link investigations to people, places, vehicles, etc.

• Drilldown to find historical information on individuals involved.

• Collect images, videos, word documents, emails, etc. in a single case

• Track Saving & Losses for each investigation

• Collect additional officers supplemental information

Investigations & Self Exclusion

Intelligent Data Interfaces (IT requirements)

• Support for multiple Interfaces including PeopleSoft, Dacom, Bally’s, etc.

• Business and importer workflow logic built in and configurable» i.e. Join or separate first and last

name, remove spaces in names, clean-up data between systems

• Configured for scheduled directory scans/imports for data automatic acquisition and updates

Enhanced Security & Privacy• Encrypt data at rest, in transit

and at field level for ultimate protection

• Document assignment at the user and department level

• Ability to make confidential to specific users, provide a high level of document security and protection

• Complex Permissions to control access to information

• Property, Department and rolebased security levels

Notifications• Alert key individuals as activities

happen• Keep information flowing with “real-

time” updates• Multiple Notifications Type (Alert, e-

mail, etc.)• Send notifications to blackberry,

iPhone and PDA’s• Used to integrate into 3rd party

systems (Access Control, Alarm Management, etc)

Integrated Alerting with open Architectures

iTrak Platform

Incident Reporting

Dispatching

Daily Activity Management

External System Alerts

• Manage multiple system alerts

• CMS Player Card Insertions• Escalation of alerts into

security dispatches, investigations , etc.

• Outbound notifications to 3rd Party Systems (HR, Access Control, CMS, etc.)

Best Practices (SOP, Rules of the Game, etc.)

• Departmental specific documentation needs to be maintained including:

• Standard operating procedures

• Rules of the game• Compliance

requirements

Overlay Business Intelligence• BI delivers a unique approach to interactive data visualization. Using

advanced link analysis - complemented by charts, timelines and other views - investigative analysts can discover non-obvious relationships and significant insights within their data more quickly than with other data visualization or business intelligence technology.

• It allows analysts to easily combine disparate data sources and explore multiple visualizations in a single integrated workspace.

• Connect to data for analysis, visualize hidden insights across disparate data, and share analysis results through collaboration.

• Facebook, LinkedIn, etc.

Tracking Outcomes Actions Taken

• Integrated Outcomes can be documented

• Multiple Entries• Denied Paid Outs• Trespass• Under Age Refusals• Vehicle Towing• Incident Reporting• Flag for follow-up actions

Reporting – Results/Conclusions• Efficiency

» Centralized shared information enhances productivity, allowing staff to work more effectively

• Communication Among Groups, Departments And Agencies» Security, Surveillance, Risk Management, Legal, Health & Safety,

Human Resources and Outside Agencies• Best Practices

» Consistent documentation across departments ensures everyone is on the same page, avoiding conflicting reports on the same incident

• Liability» Reduction in exposure» Solid trial / legal documentation

• Reduction In Costs» Paper, storage, faxing, management

• Recovery» Civil recovery and restitution» Tangible reportable savings and losses for budgeting purposes and

action

Questions & Answers

James Moore – iView Systems

jmoore@iviewsystems.com

905 829-2500 / 1-866-705-9671