Category: Casinos and Gaming

Cybersecurity Awareness Month

September 29, 2022 at 7:27 pm by Amanda Canale

In 2004, the U.S. President and Congress declared Cybersecurity Awareness Month to be held every October. This would heavily encourage, educate, and assist citizens in staying safe online and teach them how to protect their information. Every year, the NCSA creates an engaging and informative campaign in order to raise awareness about cybersecurity and this year’s theme is “See Yourself in Cyber.”

Enable Multi-Factor Authentication

While data privacy and data security are not interchangeable, they are in fact a packaged deal. Implement and enforce best practices such as creating long and intricate passwords and utilizing multi-factor authentication when possible. What is multi-factor authentication? It’s just adding one more small step of the login process. 

First step: log in as usual. 

Second step: complete a second task to confirm your identity. (Think of it as bringing your license and a recent utility bill to confirm your identity at the bank.)  

The second step in the multi-factor authentication process is usually providing a special PIN code that was texted or emailed to you, or opening an authentication app. This is just an extra layer of security you can use when accessing sensitive information.

 

Use Strong Passwords

Verizon Data Breach Investigations found in a 2020 study that approximately 81% of all data breaches are caused by hackers easily accessing their sought after accounts. How are they able to easily access them, you ask? Two words: weak passwords. 

When companies, managers, and individuals fail to adhere to password guidelines, do not offer password training to your team and fail to educate themselves, and forgo multi-factor authentication procedures, businesses continue to put their cybersecurity at risk.

If you’re now second guessing your own passwords, good. If you’re not, we’re judging you a bit. (Don’t worry, we won’t leave you stranded.) Weak passwords are any sort of phrase or term that is common, short, and/or predictable such as the owner’s name, birthday, or the literal word, “password.” Instead, experiment with a longer password made up of a mix of upper and lowercase letters, numbers, and symbols to help keep your password and data safe. Essentially, the more complex the password, the harder it is for cybercriminals to hack your information.

 

Recognize and Report Phishing

We’re all humans and we all make mistakes. It’s inevitable! Unfortunately, mistakes have consequences. According to a 2019 study, more than 80% of reported data security incidents were caused by phishing attacks. When you interact with a suspicious email link, an attachment, and even senders, your risk of falling victim of a phishing scam rises every time. In today’s modern digital age, hackers have become upped the creativity when it comes to these sneaky scams. If an email or email address looks a bit off to you, it’s always best to either delete or send to your IT department to investigate.

Update Your Software

Regardless of the industry you’re in or kind of organization, having up-to-date, proper cybersecurity protocols and methods in place (in addition to proper in-house end-of-life data destruction!) should always be a priority. It is far too easy for hackers to access and steal sensitive data when your cybersecurity software is not up to date. Check with your business’s IT department or do your own research to make sure you are not ignoring any updates or downloading unauthorized software. It’s also important to note that one should never disable their software’s security features, especially if it is on a work-issued computer or laptop. Your online shopping can wait until you are in the safety of your own protected network and home.

To find out more about Cybersecurity Awareness Month, visit their website here.

Infamous Casino Data Breaches

July 7, 2022 at 6:13 pm by Amanda Canale

While many industries were negatively impacted by the 2019 coronavirus pandemic, one industry not only survived, but thrived: the commercial gambling industry. The casino and commercial gambling industry made approximately $44 billion in 2021, shattering their previous 2019 record. Given this major spike, experts are predicting that the gambling industry will become a neon target for future thieves and cyberattacks.

In our previous blog, Just How Secure Are Casinos?, we broke down the varying security measures casinos take in the form of RFID software located in playing chips, license plate recognition, and other advanced software to ensure that no stealing or cheating occurs. Fortunately, this advanced technology allows the casinos to remotely render chips and other materials worthless if someone were to steal them and allows personnel to have eyes on gamblers at all times.

However, unfortunately, these measures do not completely prevent casinos from being hacked. We’ve broken down a few of the more infamous casino data breachers below and included best practices to ensure that your data stays protected.

Clubillion

In summer 2020, the gambling app, Clubillion, found that their database had been “leaking data” from millions of the app’s customers. The app was contacted on March 23, 2020 but the database was not secured until April 5, 2020. What makes this data breach different than other similar data breaches is that the database was updated with up to 50GB (or 200 million records) worth of information daily. These records logged every player’s actions, their personally identifiable information (PII), private messages, and even IP addresses.

A rep from Clubillion stated that, “on a single day, tens of thousands of individual Clubillion players were exposed.” In addition to a loss in reputation and customers, the popular gabling app may be subjected to other scrutiny and fines from GDPR regulators and GooglePlay and app stores.

Slot Machine One Handed Bandit Game. Rolling Drums. Casinos and Gambling Industry.

Federal Group

In April 2021, Tasmanian casino operator, Federal Group, found themselves in the midst of a cyberattack after their pokies machines (otherwise known as slot machines) and hotel booking systems began to malfunction. At the time of the breach, the casino group was unsure if credit card details stored in the hotel booking system were also compromised and have yet to publicly release that information.

International privacy and security consultant, Terry Aulich, stated that he was “extremely disappointed” with the business’ cyber defenses and warned other Tasmanian organizations to learn from Federal Group’s mistakes. Between Federal Group’s two casinos, patrons had spent upwards of $53.7 million on pokies in the eight months leading up to the breach. 

MGM Resorts International

MGM Resorts International became the victims of a data breach in summer 2019, but it was not made public until February 2020 after a third party published an article detailing the breach. The breach had compromised the records of over 10.6 million guests dating back from 2017. The cyberattackers were able to hack into the resort’s cloud server and then was posted to a public hacking forum. 

Guest PII such as full name, home and email addresses, phone numbers, and birthdates had all been breached, but luckily did not include financial or payment card information. The breach wasn’t also just limited to guests; victims ranged from tourists and travelers, to media reporters and journalists, to company executives and employees. 

At SEM, we offer secure, in-house destruction. With our low and high volume disintegrator solutions, casino materials and solid state boards can be easily destroyed to a predetermined and consistent particle size. As we know, casinos house a lot of sensitive information regarding personnel, patrons, financial information, and advanced technology that should be secured, even in end-of-life. 

Depending on the needs of the casino, SEM has every device necessary to properly and efficiently disintegrate chips as intended since our inception in 1967. Any one of our exceptional sales team members are more than happy to help answer any questions you may have and help determine which machine will best meet your destruction needs.

For more information on our casino solutions, visit our website here

Just How Secure Are Casinos?

June 10, 2022 at 4:46 pm by Amanda Canale

Even in the midst of a worldwide pandemic, the commercial gambling and casino industry made approximately $44 billion in 2021, surpassing the previous record set in 2019. According to the American Gaming Association (AGA), in-person slots and table games are leading the industry’s recent growth. Given the exponential growth, and (quite literally) billions of dollars on the line, experts predict that the casino industry will be a flaming red target for hackers and thieves.

You’re probably thinking, “what information is even stored on casino chips, playing cards, and dice?” Frankly, quite a lot.

Even more so, casino chips are not the only items that are loaded with information; the same goes for playing cards, dice, and personnel access cards. In this blog, we break down the varying security measures casinos take and how a proper destruction plan your casino can better protect your assets.


Radio-Frequency Identification (RFID)

Casino chips may seem like a cheap piece of plastic, but what many do not know is that these seemingly simple items carry loads of information and are packed with advanced technology. These chips are embedded with radio-frequency identification (RFID), which is used to track them and broadcast unique serial identifiers over radio frequencies. RFID technology identifies and tracks every chip for authenticity, tracking history, and to ensure there is no forgery, cheating, or stealing. Additionally, each casino carries uniquely branded chips, including color combinations, marked edges, and UV markings that are impossible to recreate. The RFID-reading technology also detects when counterfeit chips are being used. 

While you cannot “hack into” casino chips, it’s still possible for people to steal them for money, especially since they are a form of currency within casinos. For example, in 2010, a man stole $1.5 million in chips from the Las Vegas Bellagio casino. However, due to the RFID technology within the chips, authorities were able to remotely render the chips worthless by turning off the chips’ transmitters before the robber could turn them in for cash.

casino chips

License Plate Recognition

Like many secure facilities, casinos have security measures in place tracking you before you even have the chance to park your car. Once your car enters the camera’s frame, the license plate recognition technology scans your plates and converts them into text, which is then compared against the casino’s database. What are they looking for exactly? The software runs your license plate against their records to see if you are a known gambling addict, thief, or on their internal blacklist. This process is to ensure that no undesirable patrons are allowed into the facility.

Angel Eye

Like I stated earlier in this blog, chips are not the only casino materials that are loaded with information. Playing cards carry invisible bar codes that help sensors and security software, such as Angel Eye, track their movement, which ones are being dealt, and to prevent card-switching. The software was specifically designed to prevent card switching, which is prominent in other parts of the world.

When a dealer deals cards, the software tracks the dealt cards through a sensor in the dealing shoe (the container that houses the cards). After this first scan and once the cards are revealed on the table, the dealer presses a hidden button that scans the table and upward facing cards a second time. The Angel Eye software compares them to the initial scan to ensure that the results on the table matches what the computer says. 

TableEye21

TableEye21 is a powerhouse of a security device; it is made up of varying technologies all wrapped into one concise solution. It includes an overhead video camera that tracks the table’s actions and players, includes video analysis software and information sent by the RFID chips, and overlays the video feed with real-time data tracking on cards and chips being used. 

TableEye21 tracks every action on the table, including dealer rounds per hour, trend reports, and the player win percentage. Casino authorities use this information to identify if a player is counting cards, using counterfeit chips and cards, or scheming with the dealer in order to win. 

NORA

NORA stands for Non-Obvious Relationship Awareness software, and it goes hand in hand with all of the security measures we discussed above. Whether a dealer notices something off about a player or the TableEye21 software picks up on odd numerical trends, NORA can be used to scan the casino’s databases for information and recognize relationships between players and dealers alike.

What relationships, you ask? Let me give you an example.

If casino personnel put Brian Jones into NORA, the software will scan all of the casino’s databases and be able to see that Mr. Jones, who applied for a dealer position, is actually Paul Johnson, a notorious poker scammer. In addition, it can connect people entered into NORA based on their similar backgrounds. So once NORA finds out that Brian Jones is really Paul Johnson, it also connects Paul to another player, Zachary Jost. From there, the software connects the dots and finds out that Paul and Zachary were fraternity brothers during their undergrad career and that they were both arrested for the same fraud case.

Another potential outcome is NORA discovering that the dealer and a player used to share the same address and phone number, possibly meaning that they are in on a scam together.

If that wasn’t impressive enough, we should probably mention that it was after 9/11 that the Department of Homeland Security began using the advanced software to help identify relationship links between potential terrorists and criminals. 

This is not an exhaustive list by any means; there are many other security measures and advanced tracking technology that casinos use in order to maintain order and ensure honest playing. However, there is one more security method we’d like to discuss: the destruction of casino materials.

dice-shredding

As of this writing, there are no federal laws concerning data protection that casinos have to abide by. However, casinos and gaming facilities are required to abide by their state’s safeguarding mandates and financial privacy regulations. In order to maintain the stringent policies set in place to prevent fraud and criminal activity, it is crucial for casinos to establish further security measures for the destruction and disposal of these technology-ridden materials. 

In the past, casinos have thrown their chips and cards out with the trash, some even building them into the foundations of casinos out of superstition. But in recent years, casinos have been required to destroy their chips and cards according to predetermined expiration dates. Typically, the expired materials are sent out to a third party destruction facility where they are often dumped into landfills or left vulnerable to thievery by the third party vendors.

At SEM, we offer a better alternative: secure, in-house destruction. With our low and high volume disintegrator solutions, dice, chips, and playing cards can be easily destroyed to a predetermined and consistent particle size. As we know, casinos house a lot of sensitive information regarding personnel, patrons, financial information, and advanced technology that should be secured, even in end-of-life. 

One solution is the SEM Model DS-400, a dual stage turnkey disintegrator that has been evaluated by NSA and meets the requirements of NSA/CSS specification for Paper Disintegrators, CDs, and Key Tape. This compact and portable device is perfect for the destruction of paper, optical media, key tape, casino chips, metal and plastic cards, and more.

Need something with a higher volume? We suggest a SEM VKE Disintegrator system. Our VKE (value kit enclosure) disintegrator systems include your choice of disintegrator, air system, state-of-the-art technologies and features like a customized MX sound enclosure to reduce sound and dust during operation, a solid steel rotor designed to provide 70% more rotor mass than open rotor designs, and user-friendly master control panel.

Depending on the needs of the casino, SEM has every device necessary to properly and efficiently disintegrate chips as intended since our inception in 1967. Any one of our exceptional sales team members are more than happy to help answer any questions you may have and help determine which machine will best meet your destruction needs.

For more information on our casino solutions, visit our website here. 

Death of a Casino Chip

April 25, 2020 at 9:00 am by Flora Knolton

casino chips
Casino chips are the casino’s form of currency when playing any game like poker, blackjack, roulette, and so on. It seems like a simple piece of plastic on the outside; however, it is packed with advanced technology on the inside to benefit the casinos.

Poker first took off during the nineteenth century in the Wild West of America. Poker chips hadn’t been developed yet and instead players would use valuable items like gold and gold dust to bet with. Gambling houses and saloons would give players pieces of clay, bone, or ivory to gamble with to keep track of what was being bet. Clay and bone, however, are easy to replicate and forge fakes.  This counterfeiting caused saloons and gambling houses to start branding their own unique symbols to differentiate them from the forgeries. This may have curbed some fraud, but people continued to create replicas up until the end of the nineteenth century when companies started to create uniform chips. These chips were made from clay and were one of the most recognizable characteristics of a casino.

Chips have progressed with society and the composition makeup of casino chips is currently harder to forge than American currency. To protect both patrons and the casinos themselves, security measures have always been put in place by casino owners. There were times when you couldn’t distinguish a counterfeit chip from a genuine one. However, with uprising of plastic and technology so much has changed. Casino chips are still branded with the casino’s name, but the technological advancement that has taken place inside of them is what’s really captivating through its evolution. RFID technology (radio frequency identification) involves putting microchips into the casino chips, allowing RFID readers to pick up their unique radio frequency. Modern chips also often contain unique serial numbers, complex ultraviolet markings, holograms, and microdots. Ultraviolet markings allow for tracking of chips without alarming or upsetting customers. Held under a blacklight the markings will appear. However, the RFID technology are the chips electronic tag that houses its data, monetary value, and activity, as well as the serial number. Chips will automatically become deactivated the moment they leave the premises. Generally, the value of chips can range between $1 and $5,000 between the varying chip colors.

Before any regulations were introduced in Nevada, casino chips regularly went to die in nearby lakes such as Lake Mead or built into the foundations of casinos upon their demolition for presumed superstitious reasons. Many have also been found in the deserts of Las Vegas melted, with just the metal inserts remaining. But technology has improved vastly since these means of disposing casino chips. Since, casinos must arrange the destruction of their chips according to expiration dates. When a casino chip’s expiration is coming to a close, it’s either sent back to the manufacturer or it is destroyed in-house with industrial disintegrators that grind them into a fine powder. They sometimes can end up in landfills after that, but many companies are currently managing to recycle some of the materials now.

It’s best to rely on destroying your game pieces like casino chips in-house rather than submitting them to potential fraud with third party vendors. Like any other media, each point of contact in a casino chip’s end-of-life journey exponentially increases the chance some sort of fraudulent activity may arise. Destroying casino chips in-house mitigates any potential threat from outside parties. Casinos throughout the world are using SEM equipment to destroy their used dice, chips, playing cards, ID badges, electronic keys, and more. Shredding high volumes of chips requires an industrial shredder that will grind them down to disintegrated powder. Here at SEM, we have NSA listed disintegrators that will suit all gaming destruction needs. Our Model 1012/5, perfect for a smaller settings, can handle optical media, gaming pieces like chips, paper, and a variety of media in various waste particle sizes. NSA rated at 600 lbs. per hours, our Model 23 disintegrator is ideal for those with a heavier volume of casino chips or various media alike. For extra heavy duty, high volume media disintegrating we recommend our Model 1436 which provides NSA rated destruction at 1,800 lbs. per hour. Depending on the needs of the casino, SEM has every device necessary to properly and efficiently disintegrate chips as intended since 1987.

Why Casinos Shouldn’t Gamble on Data Security

June 21, 2019 at 4:51 pm by Paul Falcone

Casinos have long been high-risk targets for theft and fraud. As such, most gambling institutions establish stringent policies in anticipation of every possible criminal heist activity, and some even partner with security firms to further ensure safeguards are met and followed. Yet, casinos are still playing catch-up in their policies and procedures to safeguard against digital heists, even though they are a veritable treasure trove of private and personally identifying information (PII).

The Perils to Overlooked Casino Data

Casinos often offer more than just a place for adults to gamble. Most include hotels, stores, restaurants, and entertainment experiences on the casino premises, and all payment transactions through these businesses funnel through the casino’s payment processing system. There’s also a plethora of ATMs strategically placed across gaming floors to make sure customers can continue to play and spend money with the casino with ease. And let’s not forget the casino reward cards given out to players to use during their visit which requires PII like name, birth date and address to sign up. In short, casinos store and promise to protect mass amounts of sensitive and private data. Whether the data is stored in drives on the premises or with a third-party cloud system, casinos must establish an equally strict set of regulations on the handling, management, and disposal of all data that passes through their doors.

If that isn’t complicated enough, casinos must also establish data protection and disposal policies that incorporate the myriad of state and federal privacy regulations that have recently arisen. Though there are no laws (yet) specific to casinos for mandating data safeguarding, these businesses must comply with their state’s financial privacy regulations and consumer protection and privacy laws as well as those set by the federal government. Casino operators can make this easier by complying with industry encryption standards as well as by limiting their data-sharing partnerships. And, of course, as with physical heists, casinos should have data breach notification plans and safeguarding procedures outlined in their overall IT security measures.

Securing Data at Game-Level

There’s also the security around the gaming personnel and game pieces like chips, playing cards, and dice to consider. All casino personnel are issued their own personal identification badges and keycards for secure entry into private areas of the casino, including non-gaming areas where money and data is stored. Ensuring the security of these keycards is therefore paramount, especially when they reach end-of-life and need to be disposed of properly.

Additionally, play data is tracked through advanced technology like invisible bar codes on cards, weight sensors for dice, and radio-frequency identification (RFID) embedded in the chips. Chips are also uniquely designed for each casino, with identifying marks like color combinations for the edges and UV markings on the chip inlay that are impossible to replicate. This makes it easier for casinos to identify counterfeit chips as well as chips that do not belong to their establishment (and therefore cannot be used in play or turned in for cash).

Complying with Security Regulations for Data Disposal

As part of their stringent policies to thwart fraud and criminal heist activity, casinos must also establish security measures for the destruction and disposal of these authorized personnel keycards and for the playing cards, dice, and chips when they reach end-of-life. The same can be said for any hard copy paperwork and digital data stored in drives or on a cloud system, whether it be consumer PII or casino-specific information.

It’s recommended that a casino purchase data destruction devices from a vendor like SEM to keep on-site and thereby further limit access to the data and devices during destruction. SEM, in fact, has been supplying destruction equipment to the gaming industry and casinos throughout the globe for decades, offering several casino and gaming destruction solutions for the proper and irrevocable destruction of playing cards, dice, casino chips, and ID/keycards.

In short, if casino operators don’t comply with consumer privacy and data regulations as well as security regulations to minimize fraud and theft, you might as well call it: game over.