Prevention of unauthorized access or transactions. The following minimal internal controls must be implemented to ensure that each game is prevented from responding to any command for crediting outside of a properly authorized cashless transaction:
- (1) Secure the hubs, services, and connection ports in a locked and monitored room or area to prevent unauthorized access to the network and prevent access to any node without valid login and password;
- (2) Limit the number of stations where critical cashless applications or associated databases may be accessed;
- (3) Limit the number of users that have permission to adjust critical parameters; and
(4) Identify and flag suspect wagering accounts to prevent unauthorized use by:
- (A) Establishing a maximum of three successive, incorrect secure personal identification code or number entries before account lockout;
- (B) Flagging hot accounts where cards or authentication credentials have been stolen;
- (C) Invalidating accounts and transferring balances into a new account;
- (D) Establishing limits for maximum cashless activity or overall gaming activities in and out as a global or individual variable to preclude money laundering.
- (E) Monitoring cashless devices for funds transferred into the cashless device from one wagering account, then transferred out to another wagering account; and
- (F) Monitoring wagering accounts for opening and closing in short time frames and for deposits and withdrawal without associated game play transactions.
Source: 36 SDR 22, effective August 18, 2009 ; 48 SDR 14, effective August 22, 2021 .
General Authority: SDCL 42-7B-7 , 42-7B-11 (13) .
Law Implemented: SDCL 42-7B- 2.1 (1) , 42-7B- 43 .
Prior versions effective: 2009-08-18.