500 likes | 609 Views
Implementing a Converged Identification, Compliance and Reporting Strategy for Gaming Environments The Technologies and Considerations at Play Gaming Security Professionals of Canada Vancouver, British Columbia June 2012. Overview. Information and Today’s Security & Surveillance Concerns
E N D
Implementing a Converged Identification, Compliance and Reporting Strategy for Gaming EnvironmentsThe Technologies and Considerations at PlayGaming Security Professionals of CanadaVancouver, British ColumbiaJune 2012
Overview Information and Today’s Security & Surveillance Concerns A Day in the Life of a Casino Layers of Security Licence Plate Recognition / ID Recognition / Reporting Challenges and Obstacles of Information Report Automation in the Gaming Environment Considerations for Reporting Personal Information Protection AML Reporting, Self Exclusion and Investigations Intelligent Interfaces, Security, Notification, Alerting, Best Practices Business Intelligence Tracking Outcomes Reporting – Results/Conclusions
Information - What's Going on! • The roles of Surveillance, Security, Compliance, and Risk Management in the modern gaming environment are complex and varied • The challenge is to provide a high level of protection to the assets and employees of the casino in a busy public environment • In order to control and manage the associated risks, we have to have effective tools to do the job! • The primary tool of Surveillance , Security and Risk Management is Information!
Today’s Security & Surveillance Concerns • Volume of Data • Cameras are installed everywhere but who is watching • Large Groups of Undesirables • To many faces to remember • Multi-location environments (subjects can move from location to location) • After the Fact (Post Event) • Need an easier way to search if individuals were in the building post event • Requirement to add individuals to an undesirables list • Lack of Available Manpower • Budget cuts • Doing more with less • Increased work loads on security/surveillance operations
The Consequence of Information • In today’s Gaming environments, the sheer volume of people in contrast to available security & surveillance resources poses unique issues: • Stand alone video is no longer the main viable basis for action • Communication has increased between the various departments in casinos but there is still a time lag and/or disconnect • Gaming regulations are ever tightening with higher expectations put on operators • Post event analysis is often too late to reduce loses via theft, trespass, self exclusion or criminal activity • Gaming facilities need tools to be pro-active and prevent issues before they happen
A Day in the Life of a Casino Distraction / Collusion Violence Criminal Activity / Money Laundering Harassment Theft (Internal / External) Fraud / Cheating Slot Investigations, Audits Counterfeits (Tokens, Currency, Credit) Trespass Management / Ban Re-entry Player / Dealer Tracking (Reviews and Audits)
“I’m Positive We’ve Got A File On That Guy” “It’s in here somewhere . . .”
“ And I’m sure his picture is here somewhere?! And where is the report ? ”
Layers of Security and Finding “that” Guy • Breaking down the Gaming facility into logical layers based on location based subject identification provides: • Opportunity for better identification and associated best practices • Trespass/self exclusion management, under age enforcement • Risk and harm reduction by providing choke points for matching and identification • Validation (watch list), authentication (valid ID), Verification (under age), Anti Money Laundering, Fraud • Best use of manned and unmanned space • Exterior, interior
What are Logical Available Pro Active Layers Licence Plate Recognition ID Recognition Reporting
License Plate Recognition (ANPR, LPR) • The intent of License Plate Recognition is to provide fully integrated recognition technology for aiding in reading, logging and identifying vehicles • Additionally LPR systems should allow for management of selected hotlist vehicles to issue automatic alerts when a registered vehicle enters or leaves a physical location • Integrated Patron linkages between persons of interest, vehicles, events (trespass, self exclusion, etc.), ID
Today’s Edge LPR Camera Features Perfect read rate performance is around 90+% Internal 1024x768 high resolution LPR context camera Internal standard resolution color overview camera (640x480) Pulsed LED IR illuminator for effective use in 0 lux (total darkness) Up to 92-foot (28-meter) range with reflective license plates Embedded processors and LPR engines Reads up to 225 km/h (140MPH) Pan-tilt mount/Magnetic mount Tamper resistant with impact-proof capabilities Waterproof to IP67, -40C to 50C operating temperature ranges
Dedicated LPR Solutions LPR Server IP LPR Cameras Alert/Reporting Clients Network Alerts against enrolled license plates in Patron Management Platform Unlimited Vehicle/Plate Support Unlimited Subject Support Subjects can be related to more than one vehicle Real-time Alert shows/links live plate, matched plate, vehicle, subject and subject ban status
Types of ID Drivers Licence Birth Certificate Passport Military Visas Voter ID Employment Identification Old Age Security Alien Registration Permanent Resident Card Government (PIV)
ID Standards • International Civil Aviation Organization • ID-1, ID-2, ID-3 and ID-000 • American Association of Motor Vehicle Administrators • North American (US/Canada) Licenses and IDs • Layout as ID-1 • Barcode, Magnetic Stripe • Federal Information Processing Standards 201 (USA) • Personal Identity Verification (PIV) • Physical access to Federally controlled facilities and logical access to Federally controlled information systems • Government Programs • Smart Cards (integrated circuit card [ICC]) - ID-1, ID-000 • Smart cards can provide identification, authentication, data storage and application processing (Contact, contactless or hybrid formats • Near Field Communication (NFC) • Short-range wireless technologies, typically requiring a distance of 4 cm or less • Likely to be used for purchasing from Smart Phones (BlackBerry Bold, Samsung, Google, Nokia)
Reading and Authenticating ID (Readers) • Remove problems of human vulnerability to: • Fatigue, Distraction, etc. • Allow more focus on: • Human Behaviour, Facial Matching • Transaction Volumes • Multiple Types of IDs (Passports, Visas, DL, Other)
Types of ID Readers Low Price Performance High Magnetic Stripe OCR/Bar Code (1D/2D) MRZ (Passport) Smart Card (Chip) All-in-One (Selected Features)
Reader Data Extraction Reading and identifying document type Collecting information from document Confirming presence of known features Reference-checking information Presenting biometric for comparison
ID Acquisition Technology Today Easy to use Touch screen integration Easy operation for non-experienced users Install on existing PCs and hardware Limited training required Full user/password security and Active Directory support
Multiple ID Requirements (AML, Investigations) Enhanced Customer Due Diligence (CDD) Ability to support multiple IDs per patron Ability to scan and maintain copies of IDs as required for compliance Fully Searchable
Subject Centric Requirements At any given time, individual departments need to isolate subject specific events and activities These subject driven events and activities may need to be expanded as additional information/reporting is required (AML, Visitor Management, Responsible Gaming, License Plate Reporting, etc.) This provides investigators, analysts and departmental staff the ability to analyze patron behaviour for their specific requirements in isolation or as a whole
Incidents (Including Bans and Suspicious Transaction Reports) AML Large Cash Transactions, Disbursements Gaming Disputes Vehicle, License Plate Information
Challenges and Obstacles of Information • Cost • Securing access to data • Aggregation of data from different systems • Interdepartmental cooperation • Compliance
Key Benefits of Report Automation in the Gaming Environment • Cost Savings • Secure Interdepartmental Information Sharing • Total Trespass & Self Exclusion Management • Savings & Loss Tracking • Risk Management & Analysis • Compliance • Peace of Mind
Information – The Key to Effective Risk Management • Information management is the key to any efficient security and compliance operation • To be effective the information collected must be: • Timely • Accurate • Consistent • Rapidly retrievable • Subject to logical work flow • The need for an efficient integrated system to provide a solution for incident data collection, analysis, management, report generation, distribution and rapid access to subject and incident related data is paramount in modern gaming environments
Interdepartmental Information - Operational Considerations • Information originates from a variety of sources, some shared by default, others on an as required or need to know basis • Access to specific information / records must be controlled on a departmental, positional and individual level • Sensitive information (i.e. internal investigations) must be able to be restricted on a “need to know” basis • All data must be subject to a detailed audit procedure • Data flow and access must be configurable to comply with internal policies / procedures and best practices
Considerations for Reporting • Multiple information, reporting and processes: • Personnel Management & Dispatch • Detailed Investigations • Security Reporting (Under Age, Assault, etc.) • Surveillance Reporting (Game/Player/Dealer Audits, etc.) • Self Exclusion & Responsible Gaming Reporting • Compliance Reporting (AML, etc.) • Suspicious Transaction Reporting • Patron Trespass Management • Patron/Activity Monitoring , Alerting and Custom Notification • System Interfacing
Personal Information Protection & Electronic Documents Act (PIPEDA) & Privacy The use of personal information in Canadian commercial activities is protected by PIPEDA, or by substantially similar provincial legislation. You have to inform individuals concerning the collection of personal information about them. However, you do not have to inform individuals when you include personal information about them in any of the reports that you are required to make to FINTRAC. How organizations should collect, use and disclose personal information. They also address an individual's right to access his/her personal information and have it amended for commercial purposes. Accountability, Identifying Use, Consent , Limiting Collection, Limiting Use, Disclosure and Retention, Accuracy, Safeguarding Patron Information, Openness, Patron Access
AML Reporting (Canada as an Example) Large Cash Transactions (LCTs) must be reported to Canada's Financial Transactions and Reports Analysis Centre (FINTRAC). FINTRAC receives, analyzes, assesses and discloses financial intelligence on suspected money laundering, terrorist financing, and threats to the security of Canada. The Centre is an integral part of our country's commitment to the fight against money laundering and terrorist activity financing. Canadian businesses must report LCTs to FINTRAC within 15 days of the transaction. An LCT is defined as one or more transactions, received from a single party, and totalling $10,000 or more.
AML Expanding Reporting Requirements • Globally, reporting requirements year over year are increasing and becoming more granular • Full Time Compliance; • Expanded reporting requirements; • Expanded record keeping requirements; • Expanded client identification (ID) requirements; • Moving towards the need for self-assessment of risk and mitigation
AML Expanded Reporting Requirements Receipt of Funds Records must be completed for every transaction; Suspicious ATTEMPTED transactions must be reported. You must not “tip off” the individual that you have, or intend to file, a report
AML Expanded Record Keeping • Additional information must be kept: • Large Cash Transactions • Receipt of Funds Records • Client Information Records • Suspicious Transaction Records
AML Expanded Record Keeping Detailed individual information must now be obtained and kept on file; Detailed account identification must be obtained and kept on file; All reports must be secured, in electronic or hard copy, for X years; If requested by AML agency– all records must be produced within X days.
AML ID Requirements Casinos must : Verify client ID, date of birth, and occupation; Confirm the existence of the entity they represent; Attempt to collect identification and record findings; If suspicious, report to AML Agency (AUSTRAC, FINTRAC, FIU, etc.)
AML Third Party ID Requirements If the client is not present, you must use a third party or entity to identify clients Existence of third party must also be confirmed Question of third party involvement in transaction must be asked of individual Third parties defined by AML entities as someone issuing instructions
AML Self-Assessment of Risk This is a new requirement of compliance Engaging senior management in the detection and deterrence of money laundering and terrorist financing Built on a Risk-Based Approach Risk assessment/mitigation of your business Patron screening Ongoing monitoring of higher risk transactions
AML Supported Transactions Buy-Ins - cash paid by the subject to the FINTRAC reporting entity Foreign Exchange - cash changed from one currency to another by the subject Deposits - cash deposited into the subject's account Disbursement - cash or merchandise paid to the subject by the FINTRAC reporting entity
Investigations & Self Exclusion Link investigations to people, places, vehicles, etc. Drilldown to find historical information on individuals involved. Collect images, videos, word documents, emails, etc. in a single case Track Saving & Losses for each investigation Collect additional officers supplemental information
Intelligent Data Interfaces (IT requirements) • Support for multiple Interfaces including PeopleSoft, Dacom, Bally’s, etc. • Business and importer workflow logic built in and configurable • i.e. Join or separate first and last name, remove spaces in names, clean-up data between systems • Configured for scheduled directory scans/imports for data automatic acquisition and updates
Enhanced Security & Privacy Encrypt data at rest, in transit and at field level for ultimate protection Document assignment at the user and department level Ability to make confidential to specific users, provide a high level of document security and protection Complex Permissions to control access to information Property, Department and rolebased security levels
Notifications • Alert key individuals as activities happen • Keep information flowing with “real-time” updates • Multiple Notifications Type (Alert, e-mail, etc.) • Send notifications to blackberry, iPhone and PDA’s • Used to integrate into 3rd party systems (Access Control, Alarm Management, etc)
Integrated Alerting with open Architectures • Manage multiple system alerts • CMS Player Card Insertions • Escalation of alerts into security dispatches, investigations , etc. • Outbound notificationsto 3rd Party Systems (HR, Access Control, CMS, etc.)
Best Practices (SOP, Rules of the Game, etc.) Departmental specific documentation needs to be maintained including: Standard operating procedures Rules of the game Compliance requirements
Overlay Business Intelligence • BI delivers a unique approach to interactive data visualization. Using advanced link analysis - complemented by charts, timelines and other views - investigative analysts can discover non-obvious relationships and significant insights within their data more quickly than with other data visualization or business intelligence technology. • It allows analysts to easily combine disparate data sources and explore multiple visualizations in a single integrated workspace. • Connect to data for analysis, visualize hidden insights across disparate data, and share analysis results through collaboration. • Facebook, LinkedIn, etc.
Tracking Outcomes Actions Taken • Integrated Outcomes can be documented • Multiple Entries • Denied Paid Outs • Trespass • Under Age Refusals • Vehicle Towing • Incident Reporting • Flag for follow-up actions
Reporting – Results/Conclusions • Efficiency • Centralized shared information enhances productivity, allowing staff to work more effectively • Communication Among Groups, Departments And Agencies • Security, Surveillance, Risk Management, Legal, Health & Safety, Human Resources and Outside Agencies • Best Practices • Consistent documentation across departments ensures everyone is on the same page, avoiding conflicting reports on the same incident • Liability • Reduction in exposure • Solid trial / legal documentation • Reduction In Costs • Paper, storage, faxing, management • Recovery • Civil recovery and restitution • Tangible reportable savings and losses for budgeting purposes and action
Questions & Answers James Moore – iView Systems jmoore@iviewsystems.com 905 829-2500 / 1-866-705-9671