The following minimal controls shall be implemented by the host system to ensure that games are prevented from responding to commands for crediting outside of properly authorized cashless transactions (hacking):
- (1) The network hubs are secured (either in a locked/monitored room or area) and no access is allowed on any node without valid login and password;
- (2) The number of stations where critical cashless applications or associated databases could be accessed is limited; and
(3) Procedures shall be in place on the system to identify and flag suspect player and employee accounts to prevent their unauthorized use to include:
- (A) Having a maximum number of incorrect PIN entries before account lockout;
- (B) Flagging of hot accounts where cards have been stolen;
- (C) Invalidating accounts and transferring balances into a new account; and
- (D) Establishing limits for maximum cashless activity in and out as a global or individual variable to preclude money laundering.