Category Archives: Kiosk Newsbits

An Accessible Kiosk

Ensuring an Accessible Kiosk Experience

Editors Note:  Worth noting the image shows QSR self order kiosk by Olea Kiosks and you can see the Audio Nav pad by Storm Devices integrated.

Restaurants are increasingly reliant on self-service technology to improve the customer experience. From handheld or desktop tablets used to collect payment to kiosks used for self-service ordering, technology allows restaurants to provide a variety of options to customers to enhance their visit. However, it is incumbent upon restaurants to provide an accessible and equal experience for all their customers when utilizing these new technologies.

Customers with disabilities are often left out of the interactive experience due to the misconception that guests who are blind or who have low vision are more easily satisfied with the assistance of an in-person attendant. Yet this alternative does not provide an experience comparable to that of a non-visually impaired patron. Most people with disabilities do not want to be treated any differently from anyone else, and an in-person attendant often serves as a reminder of their disability.

The Future of Kiosks in the Restaurant Industry

Kiosks allow users to avoid lines and oftentimes allow them a greater ability to customize their order.  Kiosk deployers typically attempt to design the kiosk interface to decrease the time it takes for a user to place an order. No one – neither the restaurant nor the restaurant patron – is well-served if the time it takes to place an order on a kiosk is significantly slower for users with disabilities and requires additional human assistance.

Restaurant self-service kiosks are currently deployed in leading restaurant chains such as Taco Bell, KFC, Panera Bread, Wendy’s, Subway, and Dunkin’ Donuts via both pilots and full international rollouts.  Additionally, tabletop ordering or payment tablets are used in TGI Fridays, Olive Garden, Friendly’s, Tropical Smoothie, and Chili’s, to name a few.  Self-ordering and self-service POS solutions are running apps such as Appetize, Tillster, and Ziosk. In these examples, the user experience should be accessible for all patrons, whether on a robust kiosk enclosure or a small handheld tablet.

Read full article at Modern Restaurant Management

Interested in Accessibility Consulting for your kiosk or website? Contact us.

Global Entry Kiosks Biometrics Change

We’ve got some exciting news for frequent flyers: Global Entry is making its kiosks even more efficient by eliminating passport and fingerprint scans, and relying instead on facial recognition technology.

Passengers who have Global Entry and arrive at some airports from international destinations don’t need to scan their passport, put their fingers on a fingerprint sensor and then answer a questionnaire. They just have a picture taken and then collect a printed receipt from the Global Entry kiosk, which they give to an officer. Then they can exit the airport immediately afer baggage claim.

Using Global Entry is about to get even easier

 

More Related links

A Discouraging State of Affairs – what has happened to the Global Entry Kiosks?

Global Entry Kiosk Program Kicks Off at SJC

Global Entry Kiosk at Newark Liberty Airport | U.S. Customs and Border Protection

Using Global Entry is about to get even easier

Micro Market Kiosk – 365 Retail Acquisition

Micro Market Kiosk acquisition by 365 Retail

Noted on KioskMarketplace 

Good writeup on acquisition by 365 Retail. Micro Markets have held steady and last year it was Slabbkiosks that was purchased.  It’s an interesting market in that the main competitors share a lot of the same people and origins. Its a lot like the thinclient market in that respect.

The logistics of storing, heating and refrigeration of foods for certain period of time can be daunting, especially in the age of delivery of super fresh. We like the Amazon model in high traffic areas where inventory turnover is very short-lived.

Then there are the new vendors such as Square and others which entering the market and on the technology edge pushing the more conventional micro market vendors. Much like supermarkets like Kroger and Safeway must now battle online groceries. When the dust settles who is the new king?

In corporate environments we can see micro-markets evolving into employee spaces that include telemedicine and HR options.

We should highlight that one of our sponsors, OptConnect, is very involved in micro markets. We recommend contacting OptConnect for more information. Image courtesy of OptConnect.

====================

Micro Market Kiosk article excerpt

365 Retail Markets’ recent purchase of one of its largest competitors, Company Kitchen’s self-service technology division, marks the first significant acquisition in the micro market industry and a milestone in one of the kiosk industry’s least celebrated rising new verticals.

Micro markets are not one of the larger interactive kiosk applications, but they do demonstrate the interactive kiosk’s unique ability to transform an everyday customer experience — in this case convenience purchases — for millions of consumers. 365 Retail Markets’ acquisition of Company Kitchen’s tech division demonstrates the degree to which interactive kiosks are contributing to the acceptance of self-service technology for daily activities.

Related Articles

Kiosk – New Models For Micromarket Retail Application

Vendors Exchange And USA Technologies Partner For Micromarket Kiosk

Smartphones Replace Kiosks At Latest Three Square Micromarkets

Peerless-AV® Partners With BIMsmith® to Provide Digital Models for Building Professionals

Digital Models for Building Professionals

Today Peerless-AV announced a partnership with BIMsmith, a free cloud platform with a suite of tools for building professionals to discover and download building product data. In utilizing this software, Peerless-AV’s products can now be easily added to digital designs, offering architects and building professionals the necessary data, specifications, and certifications when designing a building.
Below please find the press release with more information.

New software offers ease in implementing Peerless-AV solutions into digital designs

digital models for building professionalsAURORA, Ill. – September 18, 2019 – Peerless-AV®, an award-winning designer and manufacturer of innovative audio and video solutions and accessories, is pleased to announce the availability of Building Information Modeling (BIM) content for its products through a new partnership with BIMsmith®, a free cloud platform with a suite of tools for building professionals to discover and download building product data.

With BIM data now easily accessible, architects and other building professionals can integrate highly realistic models of Peerless-AV products directly into their digital designs, rather than drafting them independently or using generic placeholders. Each digital model includes all the necessary data, specifications, and certifications that professionals need from manufacturers when designing a building. The files are also modeled for compatibility with industry standard design tools like Autodesk Revit, further establishing Peerless-AV as a simple yet valuable information source in the designer’s everyday workflow.

“Innovation at Peerless-AV stretches back over 75 years since our founding,” said Nick Belcore, Executive Vice President, Peerless-AV. “We are thrilled to continue that legacy by providing the architecture and design community with intuitive digital design tools. Teaming with engineers and architects to create our Revit files, we are able to provide more relevant architecture data and fully interactive models. These offerings truly set Peerless-AV apart as the leader in audio visual innovation.”

By partnering with BIMsmith, the entire Peerless-AV BIM library is also accessible to thousands of building professionals on the BIMsmith Market platform, a cloud tool for building product research and selection.

“The name Peerless-AV carries with it a long history of quality and reliability that is highly important to building professionals,” said Benjamin Glunz, CEO, BIMsmith. “We are excited to bring their products to the BIMsmith platform.”

The Peerless-AV digital models include a wide selection of display wall mounts, video wall mounts, kiosks, outdoor TVs and more. The entire Peerless-AV BIM library can be found at www.peerless-av.com/BIMlibrary.

Connect with Peerless-AV via social media on TwitterInstagramLinkedInFacebook, and YouTube.

About Peerless-AV

Driving Technology Through Innovation

For over 75 years, passion and innovation continue to drive Peerless-AV forward. We proudly design and manufacture the highest quality products, ranging from outdoor displays to complete kiosk solutions, digital signage mounts to wireless systems. Whether a full-scale global deployment or custom project, Peerless-AV develops meaningful relationships and delivers world-class service. In partnership with Peerless-AV, you are trusting an award-winning team of experts who will support your business every step of the way. For more information, visit peerless-av.com.

About BIMsmith

BIMsmith, the leading cloud-based building product discovery and selection platform, cultivates global business-to-business relationships between building industry professionals and building product manufacturers. Through direct integration of real product data into the BIM workflow, BIMsmith continues to shape the future of building science technology, placing its clients at the forefront of BIM innovation while addressing the true needs of industry professionals. Learn more about BIMsmith at https://www.bimsmith.com.

Media Contacts

Beth Gard                                                        Ethan Adams

Peerless-AV                                                     BIMsmith

bethg@lotus823.com                                     eadams@anguleris.com

(732) 212-0823

Bitcoin Kiosk Patent News – Bitcoin Capital Group Claim

Bitcoin Capital Group Claims Bitcoin Kiosk Patent

Editor Notes: Kiosk Industry monitors patent suits and will be monitoring this one regarding Bitcoin Kiosk patent. Noted on Yahoo news 8/1/2019

TEL AVIV, ISRAEL / ACCESSWIRE / August 1, 2019 / FIRST BITCOIN CAPITAL CORP (OTC PINK:BITCF) (“the Company”) a prolific generator of more than 100 unique cryptocurrencies and the developer of blockchain powered technology is proud to announce today that it has acquired http://legacy-assignments.uspto.gov/assignments/q?db=pat&reel=049886&frame=0552 U.S. Patent No. 9,135,787 – “Bitcoin Kiosk / ATM Device and System Integrating Enrollment Protocol and Method of Using the Same.” Known as the “Bitcoin ATM patent” this patent is related to the purchase and sale of cryptocurrencies utilizing a Bitcoin ATM or kiosk that allows customers to purchase Bitcoin or other cryptocurrencies by using cash, debit or credit cards.

Bitcoin ATMs do not require their users to have bank accounts, so customers can simply pay and instantly buy or sell Bitcoin or other cryptocurrencies.

Greg Rubin, Company’s Chief Executive Officer stated, “Being the first ever publicly traded company in the Bitcoin and Blockchain industry, we now have acquired one of the most important intellectual properties in this space, as we believe that this patent will provide us a unique and leveraged position, in addition to our other projects as we continue moving forward into the digital asset and cryptocurrency businesses. This patent complements our innovation in the field.”

According to Coin ATM Radar, there are more than 3,000 Bitcoin ATMs in the United States as of July, 2019, with average daily 3.7 Bitcoin ATM installations in the US.

https://coinatmradar.com/charts/growth/united-states/

All Bitcoin ATMs and Kiosks manufactured and sold in the U.S., and all Bitcoin ATMs and Kiosks operated in the U.S. are believed to be subject to this patent and the company intends to enforce its right upon acquisition of same.

The Company has already begun negotiations with a major law firm that has a very successful track record in enforcing patent rights when working on a contingency basis.

U.S. Bitcoin ATMs represent 13.5 percent of all venues transacting in the digital currency worldwide, according to research by Larry Cermak, head of analysis at The Block.

It is expected that this number of Bitcoin ATMs will continue to rise in the near future with more and more people discovering bitcoin as a payment method and store of value.

First Bitcoin will develop strategies for structuring and implementation of an IP management plan. A business plan prepared by a third party foresees the owner of this unique Bitcoin patent earning more than 50 million dollars in profits over a 5 years period.

The acquisition of the Bitcoin ATM Patent was arranged through the facilities of IPOfferings LLC, a leading patent brokerage, patent valuation and IP consulting services firm.”

Related Bitcoin Kiosk News

Uniguest – Kiosk Security – Widely Used Kiosks Compromised by Hardcoded Credentials

Hardcoded Credentials in Kiosk Software Allowed Remote Attackers to Compromise API

Read full article

Uniguest provides kiosks to the hospitality, senior living, specialty retail, education and corporate sectors. The kiosks typically run a locked down version of Windows, and are managed by Uniguest rather than, for example, the hotel customers. With so many kiosks in so many different locations, that management inevitably involves the cloud — and when the cloud is involved there are often security lapses.

Founded in 1986, the company claims to have managed service contracts for 32,000 kiosks across 15,000 client locations.

Uniguest VulnerabilityStarting with nothing more than a Google search, researchers from Trustwave SpiderLabs found a Uniguest website (ucrew.uniguest.com) that had been publicly exposed on the internet. This website appeared to contain all the tools that technicians would need to deploy or manage a kiosk on location. From this simple observation, the researchers were able to develop a train that would ultimately enable them, in their own words, to “dump all the data in the Uniguest cloud database, which includes admin, router and BIOS passwords, product keys and various other sensitive information, for what looked like all of Uniguest’s customers.”

Read full article

Coca-Cola Digital Marketplace Launching for North America

Coca-Cola’s Marketplace Connects Customers to Leading Technologies for Every Aspect of Business to Increase Customer Revenue

ATLANTAJune 25, 2019 /PRNewswire/ — Coca-Cola North America is launching a digital marketplace this fall that connects its foodservice customers to pre-vetted, industry-best restaurant technologies with competitive pricing. The marketplace of solutions for front of house, back of house and outside of house is powered by Omnivore, a universal point-of-sale connectivity platform, that offers seamless integration into restaurants’ point-of-sale (POS) systems. The marketplace is the result of a year-long collaboration between Coca-Cola and Omnivore and one output of Coca-Cola’s investment in Omnivore, announced in late 2018.

Today, restaurant consumers’ expectations and use of digital technology are evolving at a record pace, creating growth opportunities for restaurants. While third-party technology companies are innovating to provide game-changing solutions for the restaurant industry, it is challenging and costly for restaurant operators to research, test, integrate and deploy the right technologies to capitalize on this growth opportunity.

Coca-Cola’s digital marketplace addresses these concerns. Experts at Coca-Cola and Omnivore have partnered to vet today’s leading foodservice technologies, taking the guesswork out of finding the best-in-class digital solutions for restaurant operators. Coca-Cola’s strategic partnership with Omnivore allows for easy and affordable integration between any of the technologies in the marketplace and a restaurants’ POS system. This seamless connection capability reduces the time, money and resources restaurants currently expend on technology integration.

The curated marketplace will include restaurant technologies to improve consumer engagement and optimize all aspects of restaurant operations, including:

  • front-of-house technologies (tableside ordering and payment, guest engagement, kiosk, digital menus);
  • back-of-house technologies (inventory, labor, analytics); and
  • outside-of-house technologies (online ordering, third-party delivery, loyalty and more).

“For 133 years, Coca-Cola has been focused on adding value beyond the beverage for our customers,” said Billy Koehler, Director of Digital & Payment Platforms for National Foodservice & On-Premise Marketing at Coca-Cola North America. “Decades ago, we provided customers with value-adds like Coca-Cola-branded cash registers and static Coca-Cola signage. In the 21st century, combining our expertise in foodservice and digital to offer tangible technology solutions provides the most value for our restaurant partners who always welcome an edge to increase their revenue. The marketplace is just one example of the digital solutions we’ll be rolling out for customers in the months to come.”

Coca-Cola and Omnivore are collaborating with today’s leading technology providers for inclusion in the marketplace, which is set to launch in September 2019. Access to the marketplace and technology integration through Omnivore is free for Coca-Cola customers. Cost to a restaurant for technologies in the marketplace will vary by technology, but more competitive rates will be available for Coca-Cola customers.

Coca-Cola has been focused on providing digital solutions for their customers the last few years. After forging a partnership in 2018, this spring Coca-Cola and Omnivore launched the Menu Management Solution (MMS) app, a single source of truth software that allows restaurants to own their digital menu content and control their brand across any digital platform.

“Our year-long collaboration with Coca-Cola and select restaurant operators has helped us validate and develop additional digital solutions that contribute to profitable growth for restaurants,” said Shane Wheatland, Chief Marketing Officer at Omnivore. “These solutions align well to consumer needs as well as common barriers experienced by restaurant operators as they digitize and build a competitive advantage for their brand. We look forward to the launch of Coca-Cola’s marketplace, and continuing to foster agile and affordable access to meaningful third-party solutions.”

Coca-Cola’s strategic partnership with Omnivore and the launch of the digital marketplace are important milestones in Coca-Cola’s long-term vision of building a digital ecosystem that connects Coca-Cola, foodservice operators and consumers. This ecosystem, which has been in planning and development over the last two years, will be fueled by proprietary technologies, analytics and tools available only for Coca-Cola customers aimed at optimizing customer business operations and driving their profit growth.

ABOUT THE COCA‑COLA COMPANY 
The Coca-Cola Company (NYSE: KO) is a total beverage company, offering over 500 brands in more than 200 countries and territories. In addition to the company’s Coca-Cola brands, its portfolio includes some of the world’s most valuable beverage brands, such as AdeS plant-based beverages, Ayataka green tea, Costa coffee, Dasani waters, Del Valle juices and nectars, Fanta, Georgia coffee, Gold Peak teas and coffees, Honest Tea, innocent smoothies and juices, Minute Maid juices, Powerade sports drinks, Simply juices, smartwater, Sprite, vitaminwater and ZICO coconut water. It is constantly transforming its portfolio, from reducing sugar in its drinks to bringing innovative new products to market. It is also working to reduce its environmental impact by replenishing water and promoting recycling. With its bottling partners, it employs more than 700,000 people, helping bring economic opportunity to local communities worldwide. Learn more at Coca-Cola Journey at www.coca-colacompany.com and follow the company on TwitterInstagramFacebook and LinkedIn.

ABOUT OMNIVORE
Omnivore empowers restaurant brands to digitize their guest and operational experience in a meaningful and sustainable way. We deliver an end-to-end suite of solutions built on data and insights that help optimize the essential elements of the digital restaurant experience; online ordering, pay at table, 3rd party delivery, kiosk/digital menu, reservations, loyalty, inventory, labor and analytics. All of these solutions completely integrate into the restaurant POS system for operational efficiency, future agility and leveraging of data. For more information, visit Omnivore.io.

SOURCE Coca-Cola North America

Related Links

http://www.coca-colacompany.com

Airport Passport Kiosks – YVR border kiosks in Iceland

YVR’s Innovative Travel Solutions becomes first to pilot
kiosk-based border control solution in the Schengen Area

Iceland airport pilots four BorderXpress kiosks to enhance security and efficiency in preparation for the new EU Entry/Exit System

Richmond, B.C. June 24, 2019: Today, Innovative Travel Solutions (ITS) by Vancouver International Airport announced the implementation of four BorderXpresskiosks at Keflavik International Airport (KEF) in  Iceland. The kiosks are part of a six-month pilot to simulate the impending requirements of the Entry/Exit System (EES) of the Schengen Area, which comprises 26 European states that have officially abolished all passport and all other types of border control at their mutual borders. This is a landmark day for both the industry and ITS as they bring their proven expertise in kiosk design and experience as an airport operator to Europe with their end-to-end border control solution, BorderXpress. This is the first automated kiosk-based border control solution in a Schengen member state.

“We recognize the complexity and challenges that many Schengen member states face with the implementation of new regulation for entry and exit border control. Kiosk-based solutions, like BorderXpress, have a critical role to play in helping Schengen member states effectively fulfil the new security and data collection requirements outlined by the European Commission, while also keeping pace with increasing demand for air travel,” says Craig Richmond, President and CEO, Vancouver Airport Authority. “Isavia and the Icelandic Police have shown tremendous leadership in preparing for the new regulations and recognizing the importance of future-proofing their airport with a customizable and adaptable solution like BorderXpress.”

The EES is a part of the Smart Border package introduced by the European Commission. It will be fully operational in all the Schengen countries by the end of 2021. The main purpose of the EES is to register data on entry, exit and refusal of entry of third country nationals crossing the external borders of all Schengen member states through a central system.

“As an airport operator ourselves, we have a unique understanding of the challenges airports in Europe are facing. Our demonstrated success as a trusted partner in over 43 airport and seaport locations globally ensures that we are positioned to guide airports and governments as they prepare for EES,” says Chris Gilliland, Director, Innovative Travel Solutions.  “We are confident that our pilot program with Isavia at Keflavik Airport will further demonstrate the adaptability and effectiveness of BorderXpress, making a meaningful impact on travellers, border control authorities and the airport, alike.”

Isavia operates all airports in Iceland, including KEF, which is the largest border crossing point in the country with more than 95 per cent of the passengers entering the Schengen area through Iceland coming through this airport. The BorderXpress kiosks are available for Third Country Nationals (TCN) and EU citizens to use when entering Iceland. The kiosks have been customized to meet specific requirements of the Icelandic police.

“We at Isavia are always looking for ways to enhance and improve self-service automation for our passengers,“ says Gudmundur Dadi Runarsson, Technical and Infrastructure Director at Keflavik Airport. “By running a pilot for this new and innovative solution we want to gather information and prepare ourselves to make the process easier for everyone when the new regulations are implemented. These new kiosks will help to speed up the process for passengers, improve their experience and ensure an enjoyable journey through Keflavik Airport and will provide important information for the development and operation of our new border facility expected to come into use in 2022.”

In July 2018, BorderXpress became the first permanent kiosks to provide Entry and Exit border control in Europe with the launch of 74 biometric-enabled kiosks at Pafos International Airport and Larnaka International Airport in Cyprus.

BorderXpress uses self-service biometric-enabled kiosks to expedite the border control process.  At the kiosk, travellers select their language, scan their travel documents and answer a few simple questions. The kiosk also captures an image of each passenger’s face which can be compared with and verified against the photo in their electronic passport. Travellers then take their completed kiosk receipt to a border services authority.

BorderXpress kiosks are proven to reduce passenger wait times by more than 60 per cent. In a recently published White Paper by InterVISTAS, the study concluded that the use of kiosks for border control significantly outperforms traditional immigration  processing with a border officer.  This results in cost and space savings and allows border authorities to focus on maintaining the safety of the border. BorderXpress provides better exception handling, is fully accessible to persons with disabilities, and can be configured with up to 35 different languages. It can process any passenger, including families travelling as a group.

BorderXpress technology was developed by ITS, an independent business unit within Vancouver International Airport (YVR), named Best Airport in North Americafor 10 consecutive years. ITS specializes in delivering industry-leading travel technology to transform the traveller’s experience. Since 2009, ITS has sold over 1,600 kiosks at 43 airport and seaport locations around the world, helping more than 250 million passengers clear the border safely and securely.

-YVR-

About Innovative Travel Solutions by Vancouver International Airport

 

Innovative Travel Solutions (ITS) is the innovation team at Vancouver International Airport (YVR), voted North America’s Best Airport for 10 straight years by Skytrax World Airport Awards. In 2009, the innovation team implemented BorderXpress at Vancouver International Airport and soon discovered that other airports and governments might also want the ability to reduce wait times and increase their international arrivals traffic without having to add additional space or staffing resources. As of May 2019, BorderXpress has processed more than 250 million passengers at 43 airport, seaport and onboard sites around the world and has sold over 1,600 kiosks. In 2018, the team at ITS set their sights on the next innovation in the evolution of the passenger experience with the launch of CheckitXpress, the world’s most accessible, efficient and intuitive self-service bag drop. CheckitXpress improves ease of use for travellers regardless of age, digital fluency, language or mobility, and is the result of a collaboration between YVR and Glidepath, one of the world’s leaders in airport baggage handling. innovativetravelsolutions.ca

 

For further information:

YVR Media Relations
604.880.9815

media_relations@yvr.ca

Taco Bell Kiosk – Taco Bell president on kiosk: ‘It’s super fun’

Excerpt from Nation’s Restaurant News June 17, 2019
Editor’s Note:  How China tariffs might affect this are in play.

Taco Bell Kiosk consumer-facing technology efforts are in full force this year.

On the heels of rolling out delivery nationwide in February, Taco Bell has quietly installed kiosks in about 4,000 restaurants.

Rob Poetsch, spokesman for the Irvine, Calif.-based chain, said the brand is on track to complete the national rollout of kiosks by the end of this year. The company has about 6,600 U.S. locations.

Less than a year into the deployment, the new 22-inch monitors are already winning accolades.

Taco Bell’s consumer-facing technology efforts are in full force this year.

On the heels of rolling out delivery nationwide in February, Taco Bell has quietly installed kiosks in about 4,000 restaurants.

Taco Bell Kiosk

Taco Bell kiosks are now in 4,000 U.S. locations. (Photo: Taco Bell)

Taco Bell developed the application for the 22-inch touchmonitor.  The chain has remote monitoring via a secure cloud-based platform for remote management of the kiosks through Android devices.

For Taco Bell, the award is years in the making. The company has been testing various versions of kiosks, only recently settling on a format that it said works for its consumers.

Rafik Hanna, senior director of information technology at Taco Bell, said the company “strives to stay relevant with customers’ ever-changing preferences.”

Hotel Check-In Kiosks For Guest Services by Ingenico

Guest Services Needs in Hotels Are Changing. Here’s How Kiosks Can Meet Those Needs

Article reprint from LinkedIn by Bruce Rasmussen of Ingenico

Bruce Rasmussen Ingenico
Bruce Rasmussen Director of Sales at Ingenico

In the hotel industry, the quality of your guest service can make or break your business (one negative review can have a much bigger impact than a positive one). With that in mind, consider this experience of a frequent traveler:

The traveler grabs a Lyft to the airport and pays in-app. Upon arrival to the airport, he uses the self-serve kiosk, swipes his credit card to pull up his boarding pass, and makes selections for his seat and luggage. Once in the air, he uses the seat-back screen to order a drink. After deplaning, he takes a cab, pays via his mobile wallet, and arrives at the hotel.

After a long day, he’s ready to settle into his room and get some rest. As he approaches the counter for check-in he notices a line. It’s short, but there’s only one employee managing the desk. The employee is accommodating and friendly, but the traveler is tired and not up for chatting. He spends another 5 minutes checking in, passing his ID and credit card back and forth, and talking about room preferences. Finally, he gets his key card and heads up to his room.

What’s Wrong with this Picture?

Up until the traveler reaches the hotel his trip is seamless and automated. But from the moment he arrives for check-in, there’s a sudden change in pace and a sense of hassle in getting to his room. But it -doesn’t have to be this way. Hotels have an opportunity to streamline guest services by incorporating self-service kiosks into their strategy.

If you’re thinking “don’t people prefer a human touch?” remember this: don’t mistake automation and convenience for lack of service. While a great concierge was once the gold standard for guest service, things are changing. Today, more travelers value speed, no hassle and opportunities for self-service throughout their whole journey. In fact, some have even grown to expect the option for self-service. That’s why ATMs, pay-at-the-pump fueling and self-check-ins at airports are so successful.

Updating your guest service strategy to add this new choice may seem like a daunting task, but self-service kiosks are a simple solution that can provide a lot of additional value at check-in and beyond. Take a look at some of the ways kiosks can make an impact on your guest service:

On-Call Concierge

Kiosks are an “always-on” service that can reduce lines at the check-in during busy times or periods of lighter staffing (or even reduce staffing costs during a lull). They can also be used as concierge support. Guests can get recommendations for local restaurants and make reservations, discover local attractions and events, and request transportation.

Added Value in New Ways

In addition to offering another way to deliver existing services, kiosks and vending machines create new opportunities such as providing a marketplace for forgotten items like power cords, toothbrushes and aspirin. They also create the perfect environment for upselling — perhaps your guest orders room service for two and the kiosk recommends a bottle of white wine.

New Insight With Analytics

The benefits of bringing kiosks on board aren’t just limited to your guests. They also provide your business with valuable insight into guest preferences, services used, popular check-in times, favorite restaurants and more. You can also use them to gather feedback and reviews from your guests. All of this comes together to give you a better understanding of how, when and where your guests are spending their time and money throughout their stay.

To see how this all comes together, remember that traveler scenario from earlier? Imagine that this time, the traveler arrives to the hotel to find kiosks in the lobby:

The traveler spots an open kiosk. Just like at the airport, he swipes his credit card and pulls up his reservation. He filters the available rooms by those with one king-size bed, no adjoining room and is located near the elevator. He chooses one on the sixth floor. Then the kiosk offers to order him room service. He chooses a meal and a beverage, a delivery time, and charges it to his room. The kiosk dispenses his room key card and he’s on his way.

Part of a Bigger Strategy

Kiosks are just one way to boost your guest service strategy. Many hotels are moving towards more self-service options, including automated vending machines, mobile loyalty apps and phone-based room keys to satisfy the constantly increasing expectations for on-demand, always-on service. It’s even coming to the point where not offering it puts your business at a disadvantage. Experts predict that by 2020, 85% of all customer service interactions will be handled without the need for a human agent, and the kiosk market is projected to reach a value of $1 billion by 2021.

Think a kiosk or other unattended solutions could benefit your hotel and lodging business? Drop us a line!

For more information Contact Us

 

Comments on Bruce Rasmussen’s article

Craig Keefner

Nice wrap Bruce!

Excellent article, Bruce Rasmussen. Our self-pay kiosk for lobby grab-and-go stores validates this all day long. Our transaction logs show up to 92% of guests choose our kiosk over waiting in the front desk line to engage with an associate. Beyond better guest experience, we also see it dramatically reduces guest theft and abandoned sales by simply offering a more convenient way to pay.

ICX Winners in Dallas – Smart City & QSR Kiosk

Interactive Kiosk Awards 2019 – Bell Canada & Taco Bell

The Interactive Customer Experience Association honored Taco Bell’s Self-Order Kiosks and the Bell Canada Smart City Kiosk Tuesday Jun 4, 2019 during their conference in San Francisco.

smart kiosk Bell Canada
Image of Bell Canada Smart Kiosk

Taco Bell’s kiosks won for Best Restaurant, while Bell Canada Smart City Kiosks by Bell  Canada won Best Kiosk.

Delivery, kiosks and other digital efforts are taking more prominent roles at Yum! Brands, moves that serve as a good reflection of overall trends in the quick service restaurant (QSR) space. Yum operates the Pizza Hut, Taco Bell and KFC chains, and the company’s fourth-quarter results, released Feb. 7, provided details about where those [… link]

Smart City Smart Kiosk Related News

Free List – Kiosk Industry Companies List – Add Yours Today!

Kiosk Companies List at Listly

kioskKiosk Industry Group association maintains this free list of resources for the self-service and kiosk industry. Included are manufacturers of hardware, software, devices such as touchscreens and printers, remote monitoring and management. Even financial services which can assist in financing your project. Kiosk Industry is a global, cause-based, not-for-profit organization focused on better self-service for customers and employees through kiosks and information technology (IT). Kiosk Industry Association leads efforts to optimize self-service engagements and engagement outcomes using information technology such as kiosks.

If your company is involved in the market and would like to be listed, simply visit the list and enter your URL and company info. It’s self-service.

Click Here for the list

 

Kroger Adds Higi Self-Service Health Kiosks to Roundy’s Stores

Health stations now available at all Roundy’s Supermarkets banners in Illinois and Wisconsin

Kroger Adds Higi Health Stations to Roundy's Stores

The Kroger Co. has expanded its partnership with consumer health engagement company Higi to put its self-service smart health stations in Roundy’s Supermarkets in Illinois and Wisconsin, including Pick ‘n Save, Mariano’s, Copps and Metro Market banners.

Kroger and Higi have worked together since 2011, with solutions at 2,100 stores in the Kroger network. The higi stations offer free health screenings and interactive educational content. Consumers can also choose to work with a trusted healthcare organization through the system.

Read full post on Progressive Grocer

Elliot Maras Tours NRA & QSR POS Providers

Original article by Elliot Maras published on KioskMarketplace May 2019

The self-service drumbeat rattled Chicago’s McCormick Place last week as attendees swarmed exhibits promising faster customer service. This year’s National Restaurant Show showcased even more interactive kiosks (39 exhibitors) than last year’s record-breaking 36 exhibitors. Less than a third of this year’s companies (11 exhibitors) were repeats from last year, indicating the market continues to attract new interest.

Kiosk hardware and software manufacturers have heeded the call from restaurants looking to automate the customer order to deliver a more satisfying guest experience, boost sales and make more efficient use of store labor. And while established kiosk providers were once again well represented on the trade show floor, restaurant POS software companies have also entered the fray in a big way.

Once again, many of the kiosks on display integrate with other front-of-the-house and back-of-the-house touchpoints, such as online ordering, mobile ordering, loyalty rewards, customer messaging, order delivery, ingredient and nutrient content, kitchen display systems, inventory management, labor management and more. Foodservice operators have clearly recognized interactive kiosks as one part of a customer experience ecosystem rather than an isolated guest interface.

And while self-order kiosks dominated the presentations, artificial intelligence is allowing additional capabilities such as allergen lookup and guest location.

Highlights of KI Sponsors

Pyramid Computer GmbH

Pyramid Computer GmbH presented its Pyramid Location System that saves guests from having to wait in line after placing their order. The customer can order and pay at the self-order kiosk, which dispenses a puck. The customer then places the puck on the bar and chooses a seat while their order is prepared. The system will recognize their location when their order is ready, allowing a server to serve the customer accurately at their table. The system was presented in the Intel booth.

Larry Kron of Pyramid Computer GmbH demonstrates the Pyramid Location System kiosk at the Intel booth.

Zivelo LLC

Zivelo LLC presented a prototype of its X2 Slim kiosk which offers a larger screen size compared to pole-mounted tablets without taking up too much counter width. There is also an X2 Extended model that takes up the same amount of counter width but has a deeper component door to allow for additional components such as a printer.

Mike Moon presents a prototype of the X2 Slim kiosk.

 

Frank Mayer and Associates Inc.

Frank Mayer and Associates Inc. demonstrated a self-order kiosk the company designed for a food truck using KioWare POS software. The software works on Windows and Android, and features browser lockdown. The customizable and EMV-compliant kiosk was demonstrated in the ADUSA Inc.booth.

David Anzia of Frank Mayer and Associates Inc. presents a food truck self-order kiosk in the ADUSA booth.

Appetize Technologies Inc.

Appetize presented its Interact kiosk which is part of a comprehensive POS, inventory and analytics package. The company’s kiosk line includes an Android-based solution, 15- and 20-inch landscape touchscreen options, countertop and freestanding models, and support for barcode scanners, printers and payment devices.

Jeff Brown presents the Appetize Interact kiosk.

 

Highlighted companies included:

  • Acrelec Americas
  • Apex Supply Chain Technologies Inc.
  • Appetize Technologies Inc.
  • Apptizer
  • Autonetics Universe
  • Birdcall
  • Bite Kiosk
  • Buzzy Booth
  • Eflyn
  • ETouchmenu
  • Fingermark Ltd.
  • Frank Mayer and Associates Inc.
  • Howard Technology Solutions
  • Mastercard/Zivelo
  • Pyramid Computer GmbH
  • Zivelo LLC

Read entire article on KioskMarketplace

 

Kiosk Tips — Self-Service Contingency Planning

Kiosk Idle Timeout: What Happens When
They Walk Away…

Andrew Savala – highly respected kiosk consultant and tech entrepreneur Fresno, California

Customers don’t always behave as we would expect when using our kiosks. In the context of software, this is referred to as the “happy path” where everything goes according to plan.

As kiosk software developers we also must plan for what we’ll refer to as the “sad path.” This is when the customer deviates from the expected behavior.

In this article we’re going to be covering the case where the customer walks away from our kiosk in the middle of their transaction. Obviously, we don’t want the next customer to continue where the previous customer left off. The new customer needs a fresh start and it would be confusing if they walked up and the kiosk is in the middle of a transaction.

Let’s start by first talking about why customers might abandon their kiosk transaction. Why do customers abandon their transaction? The list of reasons could potentially be endless, let’s just cover a few common ones…

  • They didn’t find what they were looking for
  • They didn’t have enough money to complete the transaction
  • The kiosk was too confusing, or the customer gets frustrated
  • They got distracted
  • The “customer” was just a small child playing with the screen

I could keep going, but you get the point. As developers we need to be prepared for the inevitable case where the customer will abandon their transaction, because life happens.

Can’t we just start over?

The most obvious solution would be to start a timer when the kiosk is idle and if the timer expires we just restart the kiosk workflow by redirecting the customer to the kiosk attract screen. Any time the customer interacts with the kiosk, the kiosk idle timer would get reset. It would also be a good idea to prompt the user with a dialog asking if they’re still there before restarting the workflow. Something like, “Are you still there? Your order will be cancelled in 30 seconds.”

To put this in layman's terms, if the kiosk is idle for too long, we’ll simply start over. Pretty easy to understand right?

Restarting the kiosk workflow will work fine in most scenarios, but it might not work in every scenario. For example, what if the customer is inserting cash and they’re digging around in their wallet for another bill? Restarting the kiosk workflow could cause them to “lose their money”, which will result in some pretty irate customers. In the next section we’re going to cover what to do when we can’t just start over.

What to do when we can’t just start over

We’ve covered the scenario where we can just restart the kiosk workflow using an idle timeout. Now let’s talk about what to do when starting over is problematic. Imagine the scenario where our kiosk accepts cash but has no ability to dispense change. Once the customer inserts their cash, there’s no spitting it back out, so we have to move forward.
Now you might ask, “why not just install a cash dispenser?” Well for one, it would raise the cost of our kiosk and for the sake of this example let’s just pretend dispensing cash in not an option.

For our example, let’s assume the customer is paying their cell phone bill at our kiosk and they owe $100. They approach the kiosk, search for their bill and start inserting cash. But when they’ve inserted $80, they realize they don’t have enough cash to complete their transaction. What should we do in the case where they’ve inserted some of their money, but don’t have enough cash to complete their transaction? Remember, dispensing the cash they’ve already inserted is out of the question because our kiosk doesn’t have a cash dispenser.

In this case, the answer is to give the customer a partial credit.

Giving partial credit Going back to our cell phone kiosk example, the answer would be to apply the $80 to the customer’s account as a partial credit. Should we just apply the partial credit and start over using our idle timeout? Eventually yes, but since the customer is inserting cash, we should give them some extra time and fair warning in the
form of a popup dialog.

Another consideration is what if the next customer approaches the kiosk before the idle timeout has completed. We wouldn’t want the next customer to be able to go back and search for their own bill and apply the $80 credit.

Therefore, it’s imperative that once cash is inserted, the customer cannot navigate backwards and search for another bill. By locking the credit to the original bill, we ensure that even if the customer walks away, the next customer cannot “steal” their credit. The worst they can do is either complete the transaction or wait for the idle timer to expire. Either way, the original customer gets the credit.

Final thoughts on the happy path

The temptation as developers is to focus on the happy path and assume that our customers will use the kiosk just as we would. But you can see from this example that’s a pipe dream. Anytime we’re designing a new feature it’s important to think through what could go wrong (the sad path) and how we might mitigate that. Keep in mind there’s always a point where self-service is not the answer and you just have to get a person involved. We can maximize the effectiveness of self-service by planning for the worst and thinking ahead.

ZIVELO and Dell Technologies Partner on self-service kiosks

ZIVELO STRENGTHENS ITS FULL-SERVICE TURN-KEY KIOSK SOLUTIONS WITH INDUSTRY COLLABORATION

 ZIVELO collaborates with Dell Technologies OEM Solutions to revolutionize self-service kiosks

SCOTTSDALE, AZ (May 2, 2019) – World-class kiosk manufacturer ZIVELO (best known for providing kiosks to the largest fast-food chains across North America) joins the Dell Technologies OEM to allow its clients to purchase ZIVELO’s digital solutions through their existing relationships.

“With the rapidly growing demand for ZIVELO’s products, we are pleased to announce this collaboration.” Says Ryan Lagace, ZIVELO’s VP of Strategic Partnerships. “ZIVELO’s world-class products will now be part of the go-to-market DELL EMC OEM Solutions portfolio.”

With Dell Technologies’ strong brand power, technology portfolio and global reseller capabilities, ZIVELO looks to further meet the needs of clients, which range from restaurants and retail, to banking, healthcare, hospitality, and many more.

“This past year has been groundbreaking for ZIVELO,” says CEO, Healey Cypher. “ZIVELO has been long-established as a global leader in beautiful world-class kiosk hardware. With last year’s addition of OakOS – the first kiosk-only SDK and operating system – plus new services and financing arms, ZIVELO is truly a full-service kiosk partner for any company looking to join the self-service revolution.”

For more information about ZIVELO, visit www.zivelo.com.

Full-Suite-Test-1

###

Media Contact:

Mary McCauley
877-494-8356
press@zivelo.com

About ZIVELO

ZIVELO’s mission is to revolutionize the way brands use technology to interact with their consumers on-premise and in the physical world. Founded in 2008, ZIVELO has rapidly grown to become the leading self-service technology brand offering a sleek and sophisticated product design, intuitive user experience, and cutting-edge modular hardware solutions. ZIVELO prides itself on a deeply consultative approach, and we’ve learned a thing or two, having successfully deployed over 15,000 kiosks. Plus, we are one of the only companies to provide a true total solution, offering hardware, software, services, and financing solutions from one trusted partner. When our clients see 20-30% ticket lift on average, increased customer retention, decreased overhead, and long-lasting ROI, what do you have to lose? If you’re ready to work with the best, give us a call today!

“ZIVELO has provided McDonald’s USA with Self-Order Kiosks since 2015. ZIVELO has been, and continues to be, a good business partner to McDonald’s in our deployment of Self-Order Kiosks in the US.” – McDonald’s USA

Frank Mayer at ICX Summit

Frank Mayer and Associates, Inc. To Demonstrate Approach Self-Service Kiosks at ICX Summit

See Frank Mayer and Associates, Inc.’s expanded line of self-ordering kiosks at the 2019 Interactive Customer Experience Summit in Dallas June 4-6.

GRAFTON, WI – Find Frank Mayer and Associates, Inc.’s self-service kiosk line Approach at the 2019 Interactive Customer Experience (ICX) Summit at Omni Frisco Hotel in Dallas June 4-6. The freestanding, floor tablet, and counter self-order kiosks will be on display in booth #12, where attendees can test the units and interact with the kiosks’ QiTM software by ADUSA.

frank mayer kiosk images
Click for full size

In addition to the original freestanding Approach floor unit, available as both a 32- and 22-inch touchscreen, Frank Mayer and Associates, Inc. recently expanded its roster of self-service kiosks to include a countertop unit, tablet, and wall unit.

The new line marries smart design with different sizes, offering an array of customization options and brand personalization – all while being backed by Frank Mayer and Associates, Inc.’s trusted name in delivering experience and unsurpassed quality in the interactive kiosk market.

Frank Mayer and Associates, Inc. is a leader in the development of in-store merchandising displays, interactive kiosks, and store fixtures for brands and retailers nationwide. The company helps retailers and brands utilize the latest display solutions and technologies to create engaging customer experiences. For more information on the Approach family of kiosks, visit www.frankmayer.com/approach

***
CONTACT:
David Anzia, Senior Vice President of Sales
Frank Mayer and Associates, Inc.
1975 Wisconsin Ave., Grafton, WI 53024
(855) 294-2875 | info@frankmayer.com

FMA-ICX Summit Press Release

OptConnect Newsletter – Innovation and Progress

OptConnect Wireless Kiosk News

View this email in your browser
CHRIS’ CORNER
“I’ve come to learn in life that what comes easy, won’t last and that what lasts, won’t come easy. It’s always going to be a challenging journey for something that is worthwhile. We started with the simple goal of needing to connect an ATM cash machine to the internet. We wanted it to be fast, and we wanted it to be easy.   We worked harder and harder at making it easier for our customers. We chose to focus on areas intentionally, where others may not have even been looking. Today, the vision is the same: “make it easy.” The goal has changed: “connect the world.” I’m glad that it has been a challenging journey. I’m happy that we’ve all worked hard to simplify doing business with us. In essence, the challenges are what have continued to thrust the solution forward toward success. We believe that success is best enjoyed when we work really hard for it. At the same time, we value it more the harder we work, and our team has embraced that attitude in everything we do.  We work tirelessly for you.

We’re never done innovating, and we’re always working to improve our business. Thank you for trusting us and being the most important part of our journey.”

Chris Baird, President & CEO

OptConnect’s fully managed connectivity solution provides greater reliability, security, and peace of mind knowing you have a partner who is always available to help you and your business succeed. Watch this short video to learn more.
OPTCONNECT BLOG
CHOOSING A POINT OF SALE SYSTEM
By: Stefan Tapia
Not all POS systems are made equal and not all are designed to fit your specific business needs. This means that you’ll want to evaluate each component of a POS system to ensure it’s the right fit for you.Read More
KIOSK SECURITY: ARE YOU PREPARED
By: Micah Larsen
Now that more kiosks are being deployed around the world, there is an even greater risk for hacking. As kiosks are often unattended and physically accessible to hackers, it’s important that you make sure your kiosks are as secure as they can be.Read More
EVENTS
IoT Fuse – (04/23-04/25)
Minneapolis, Minnesota

Accelerating Your Cellular and Software Development with Managed Services
April 25th, 2:15-2:45
MCC Room #202
NAMA – (04/24-04/26)
Las Vegas, Nevada
Booth #1514
PRODUCT PROFILE: THE OPTCONNECT NEO
By: Aaron Reeder
In 2016, OptConnect saw the need for a fully functional cellular router in a small form factor, especially in markets like the kiosk, digital sign, and vending segments. Click below to find out more about OptConnect neo.Read More
COMMON MISCONCEPTIONS ABOUT MANAGED CONNECTIVITY
By: Andrew DeLaMare
Connectivity is an integral part of any machine’s functionality. Whatever the purpose of the equipment is, it has to be connected in order to work properly. So, what exactly is connectivity and what does it take for it to really work?Read More
GALLERY
PRESS
Self-Serve Kiosks Reduce Friction,
but IoT Learning Can Throw a Curve 

Kiosk Marketplace (2/28/2019)
Read More
OptConnect Highlight
“I recommend OptConnect because it’s a great value and it provides our customers with peace of mind. It’s one less thing to worry about. OptConnect is very responsive to our customer’s needs and that’s very important to us.”
Joe Rogan
Chief Financial Officer – 365 Retail Markets
Have you had a great experience with any of our employees? Share it with us on Facebook.
Facebook
Contact us today at 877.678.3343
OptConnect.com
Instagram
Twitter
Blog
Forward this email to a colleague.
Copyright © 2019 OptConnect, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

 

 

Save

Panel-Brite’s new Smarter KIOSK!

BETTER RESULTS AND A LOWER COST OF OWNERSHIP WITH

Smarter Kiosks

Interactive kiosks are growing in popularity because they enable a wide range of businesses and organizations to put information and services at people’s fingertips, increase customer loyalty, and strengthen their brand with target customers.
The new Intel® Smart Kiosk Module (Intel® SKM) is a revolutionary solution that addresses key challenges related to scaling and maintaining interactive kiosks because of its modular design.

Following Intel’s SKM specification and reference design, Panel-Brite’s manufacturing partner, Litemax Electronics, has now launched SKM boards the ASKM-CFL0. The ASKM-CFL0 is equipped with Intel® 8th Generation CoreTM i7/i5/i3/Celeron Processor (Coffee Lake), Two DDR4 SDRAM, Multi-Display, One M.2 E-Key(2230) and one M-key (2280). With this technology, kiosk manufacturers can now choose to create specialized peripheral interface boards for major markets like banking, healthcare, retail, and smart cities.

PRODUCT HIGHLIGHTS:
• one size fits all
• Simplified Service and Maintenance
• Ease of Upgrading
• Lower Total Cost of Ownership
• Workload Consolidation
• Scalability
• Backward Compatibility with Intel® SDM
Want to learn more?
Give us a call or email us today and we would be happy to discuss this technology and the best products to meet your needs.
CONTACT US >

Contact Panel-Brite for more information

Accessibility needs to be at the forefront of tech — here’s why

Excerpt reprinted from TheNextWeb

Andrew Burton

Story By Andrew Burton

Founder, The Circuit Board — Andrew is Head of Communications for 600+ staff music technology leader, Native Instruments in Berlin, a company with a vision to democratize digital music creation. After training as a journalist in London, he spent over a decade consulting for leading technology companies in Europe and Australia. In 2018 he founded The Circuit Board, a virtual communications consultancy. Andrew graduated from City University with a BA in Journalism and Psychology in 2008.

In March 2019 IKEA was praised for partnering with nonprofits to develop accessories that make its products more accessible for people with impairments. It’s a novel step forward but I can’t shake the feeling we need to reframe the conversation on accessibility in technology entirely. Accessibility should be a topic at the forefront of design. Here’s why:

Roughly one in five people in the US have registered with a disability, with a similar figure for the UK. But when creating new products or services, investing resources to make technology accessible for impaired users can seem like taking the scenic route to market. An expensive deviation from a lean go to market strategy.

accessibility considerations

It’s easy to toss accessibility considerations in the ‘nice to have’ bucket. ‘Accessibility as an afterthought’ is a frustration I’ve heard on repeat for the last decade. But to do this is to abandon a unique opportunity to unlock true innovation and realize a much bolder ambition.

The traits separating tasks that AI excels at, and those that remain distinctly human, are consistently cited as creativity, empathy, imagination, and vision. Indeed the Gospel of Jobs clearly states: “Innovation distinguishes between a leader and a follower.” So before we hand over the reins to AI, why don’t we focus on perfecting the human side of technology solutions.

If you’ve even dabbled in brainstorming techniques — or the hyper-trendy ‘design thinking’ — you’ll be familiar with the art of reframing a problem to see new solutions. What better way to do this than looking at new tech through the lens of our senses, with varying degrees of physical or sensory ability?

Thinking about impairments of sight, hearing, or touch from the outset forces designers, creators, and technologists to ‘look at’ problems from very different perspectives, and that brings opportunity for untold and exciting innovation.

Read full story at the TheNextWeb

Other Links

How Companies Can Prevent ADA Website Accessibility Lawsuits

Reprinted from KMA Global

Every day, websites and mobile apps prevent people from using them. Ignoring accessibility is no longer a viable option.

How do you prevent your company from being a target for a website accessibility ADA lawsuit?

Guidelines for websites wanting to be accessible to people with disabilities have existed for nearly two decades thanks to the W3C Web Accessibility Initiative.

A close cousin to usability and user experience design, accessibility improves the overall ease of use for webpages and mobile applications by removing barriers and enabling more people to successfully complete tasks.

We know now that disabilities are only one area that accessibility addresses.

Most companies do not understand how people use their website or mobile app, or how they use their mobile or assistive tech devices to complete tasks.

Even riskier is not knowing about updates in accessibility guidelines and new accessibility laws around the world.

Investing in Website Accessibility Is a Wise Marketing Decision

Internet marketers found themselves taking accessibility seriously when their data indicated poor conversions. They discovered that basic accessibility practices implemented directly into content enhanced organic SEO.

Many marketing agencies include website usability and accessibility reviews as part of their online marketing strategy for clients because a working website performs better and generates more revenue.

Adding an accessibility review to marketing service offerings is a step towards avoiding an ADA lawsuit, which of course, is a financial setback that can destroy web traffic and brand loyalty.

Convincing website owners and companies of the business case for accessibility is difficult. One reason is the cost.  Will they see a return on their investment?

I would rather choose to design an accessible website over paying for defense lawyers and losing revenue during remediation work.

Another concern is the lack of skilled developers trained in accessibility. Do they hire someone or train their staff?

Regardless of whether an accessibility specialist is hired or in-house developers are trained in accessibility, the education never ends.

Specialists are always looking for solutions and researching options that meet guidelines. In other words, training never ends.

Many companies lack an understanding of what accessibility is and why it is important. They may not know how or where to find help.

Accessibility advocates are everywhere writing articles, presenting webinars, participating in podcasts, and writing newsletters packed with tips and advice.

ADA lawsuits make the news nearly every day in the U.S. because there are no enforceable regulations for website accessibility. This is not the case for government websites.

Federal websites must adhere to Section 508 by law. State and local websites in the U.S. are required to check with their own state to see what standards are required.

Most will simply follow Section 508 or WCAG2.1 AAA guidelines.

If your website targets customers from around the world, you may need to know the accessibility laws in other countries. The UK and Canada, for example, are starting to enforce accessibility.

In the U.S., there has been no change in the status of ADA website accessibility laws this year.

Some judges have ruled that the lack of regulation or legal standards for website accessibility does not mean that accessibility should be ignored.

Read complete article at Search Engine Journal May 2019

Appetize POS Boosts Consumer Spend, Driving Demand for Self-Serve Kiosk

Press release from BusinessWire May 09, 2019

Self-Service Kiosks Drive Up to 40% Lift on Orders; Company Brings on New Customers AT&T Center, LSU, Museums

PLAYA VISTA, Calif.–(BUSINESS WIRE)–Appetize, the modern Point of Sale (POS) and enterprise management platform, today announced strong results from its self-service kiosk technology seeing up to 40% increase in order size across its customer base. Appetize is at the forefront of a growing industry shift toward self-service kiosks and has recently expanded its kiosk reach with new customers Louisiana State University (LSU), AT&T Center, home of the San Antonio Spurs, and SSA (Service Systems Associates), foodservice provider for the Cincinnati Museum Center and other attractions.

Self-Service Kiosks from @appetizepos Deliver Up to 40% Lift in Orders. Announces New Customers @Attcenter, @lsu and more

Tweet this

Appetize’s Interact self-service platform offers embedded upsell functionality and data shows that consumers are 47% more likely to add an item on a kiosk than when asked to do so by a cashier. The company is seeing consistent results from kiosks across multiple industries, including attractions, education campuses, restaurants, and sports and entertainment facilities.

Some recent data shows customers are experiencing both an increase in order size and items per order, including:

  • AT&T Center selected Appetize to be its point of sale platform arena-wide in 2018; in 2019, it deployed self-service kiosks and has seen an 18% increase in average order size.
  • SSA (Service Systems Associates), a foodservice provider for leading cultural attractions, deployed Appetize self-service kiosks at Cincinnati Museum Center and saw a 40% adoption rate in less than six months and a 20% increase in average order size.
  • LSU deployed Appetize self-service kiosks in its arena and has seen a 16% increase in average order size and 25% more items per check at kiosks compared to terminals at point of sale counters.

“We have been working with Appetize since 2017 and recently deployed kiosks to enhance our food service and offer a more convenient and frictionless experience for our students and guests,” said Matthew LaBorde, Assistant AD from LSU. “Appetize made it extremely easy for us to deploy a self-service platform and shift toward the future of ordering at athletic events.”

“Our customers are focused on two things: guest experience and financial performance. The Appetize Interact platform offers a modern and dynamic digital experience for guests while driving increased share of wallet for the business,” said Max Roper, Co-founder and CEO at Appetize. “In the past six months, over 45% of our deployments have included self-service kiosks, and we expect this trend to continue as businesses require more automation and consumers desire a more frictionless experience.”

Designed to enhance the guest experience and increase staff productivity, Appetize’s cloud-based self-service platform, Interact, gives businesses an intuitive checkout interface with custom menu ordering and branding for both Quick Serve and Retail environments. The platform also includes a back of house management suite, real-time connectivity for fulfillment and cashless payment experience, and more.

About Appetize

Appetize is a modern Point of Sale, inventory and analytics platform transforming how enterprises manage and process guest transactions. With an omni-channel approach, Appetize makes front of house transactions more intuitive through fixed, self-serve and handheld form factors, while providing robust kitchen and back office tools. Appetize is trusted by some of the largest and highest volume businesses in the world, including sports and entertainment properties, education campuses, theme parks, travel and leisure sites, and national chain brands. For more information, please visit getappetize.com.

Appetize Contacts

Kathryn Kelly

GLI STANDARDS – Gaming Laboratories International

GLI STANDARDS – Gaming Laboratories InternationalGLI Gaming Kiosk Certification

GLI’s business is to test, review and report on gaming devices and systems against the standards established by relevant gaming jurisdictions worldwide.

Source: www.gaminglabs.com

Background information on Gaming Labs certification for gaming regulations.

GLI Standards

GLI’s business is to test, review and report on gaming devices and systems against the standards established by relevant gaming jurisdictions worldwide. Each jurisdiction has the authority to set their own standards; however, many use our standards as a starting point in developing their regulations.

In other words, GLI has established the base standards for gaming devices and systems around the world. We are the experts in the industry. *Non-English versions of the most current versions of any/all recently-updated standards will be posted to this website as soon as practical.

Gaming Standards Including Kiosks and Betting Kiosks or Wagering Systems

NRF Forrester “State of Retail 2019” report

Excerpt from new report by NRF and Forrester covering Retail in 2019
NRF Research

The State of Retailing Online 2019

Developed in partnership with Forrester Research, the annual State of Retailing Online report provides an overview of metrics from the previous year as well as retailers’ key priorities, investments and challenges for this year. For the first time, the report also details retailers’ challenges and strategies surrounding personalization.

Top Findings from the SORO report

NRF Forrester Retail 2019 Report

Omnichannel Still Work in Progress – Mobile Dominating

 

NRF Forrester Retail 2019 Report

Social Marketing Surpassing Search?

NRF Forrester Retail 2019 Report

test

Retailers Report Mixed Performance In Stores And Online

“The State Of Retailing Online” is an annual survey conducted by the National Retail Federation (NRF). The survey examines retailer and digital business professional attitudes and focus areas for critical digital commerce issues. Some notable additions to this year’s survey are several questions related to
omnichannel fulfillment and personalization. We conducted the survey for the 2019 study in Q4 2018 and received 69 complete and partial responses from retailers. Respondents in this annual survey were (see Figure 1):

› › Split between pure plays and store-based merchants. Fifty-five percent of survey respondents were employees of traditional brick-and-mortar retailers with web divisions or branded manufacturers with largely wholesale businesses. Another 45% were pure plays or online retailers.

› › Large retailers. Most of the survey respondents were employees of relatively large retail companies. Sixty six percent of respondents were at companies that generate more than $500 million in revenue annually, and 43% of the respondents’ companies make over $1 billion in revenue.

› › Senior executives with marketing or eCommerce. Fifty-nine percent of respondents were at the VP level or above in their organization. Another 23% described themselves as C-suite leaders. Additionally, 48% of respondents were part of their company’s eCommerce or marketing teams (see Figure 2).

nrf forrester retail report 2019
Click to expand

 

 

PSA – GLI Betting Kiosks GL33 Public Comment – Event Wagering Systems

PSA — Gaming Laboratories International has released GL33 on Wagering and Betting Kiosks for comments. Contact craig to comment.


GLI STANDARD SERIES
GLI-33: STANDARDS FOR EVENT WAGERING SYSTEMS
VERSION : 1.1 PUBLIC COMMENT DRAFT
REVISION DATE : APRIL 3, 2019

About This Standard
This technical standard has been produced by Gaming Laboratories International, LLC (GLI) for
the purpose of providing independent technical analysis and/or certifications to wagering industry
stakeholders indicating the state of compliance for wagering operations and systems with the
requirements set forth herein.
This document is intended to be used by regulatory bodies, operators, and industry suppliers as a
compliance guideline for technologies pertaining to Event Wagering Systems. This standard is not
intended to represent a set of prescriptive requirements that every Event Wagering System must
comply with; however, it does establish a technical standard regarding the technologies used to
facilitate these operations. It should be stressed that some of the technical standards addressed
within this document may be satisfied through manual operational controls as approved by each
regulatory body.
An operator is expected to provide internal control documentation, credentials and associated access
to a production equivalent test environment with a request that it be evaluated in accordance with
this technical standard. Upon completion of testing, GLI will provide a certificate of compliance
evidencing the certification to this Standard.
GLI-33 should be viewed as a living document that provides a level of guidance that will be tailored
periodically to align with this developing industry over time as wagering implementations and
operations evolve.GLI-33 – Standards for Event Wagering Systems
3
Version 1.1 Public Comment Draft
Table of Contents
Chapter 1: Introduction to Event Wagering Systems …………………………………………………………….. 5
1.1
Introduction ………………………………………………………………………………………………………………………………………. 5
1.2
Acknowledgment of Other Standards Reviewed ……………………………………………………………………….. 5
1.3
Purpose of Technical Standards ……………………………………………………………………………………………………. 6
1.4
Other Documents That May Apply………………………………………………………………………………………………… 6
1.5
Interpretation of this Document ……………………………………………………………………………………………………. 7
1.6
Testing and Auditing ……………………………………………………………………………………………………………………….. 7
Chapter 2: Event Wagering Requirements ……………………………………………………………………………… 9
2.1
Introduction to Event Wagering Requirements …………………………………………………………………………. 9
2.2
Wagering Displays and Information …………………………………………………………………………………………….. 9
2.3
Wager Placement ……………………………………………………………………………………………………………………………… 9
2.4
Results and Payment …………………………………………………………………………………………………………………….. 11
2.5
Virtual Event Wagering …………………………………………………………………………………………………………………. 12
2.6
External Wagering Systems …………………………………………………………………………………………………………. 14
Chapter 3: Wagering Device Requirements ………………………………………………………………………….. 16
3.1
Introduction to Wagering Device Requirements …………………………………………………………………….. 16
3.2
Wagering Software ………………………………………………………………………………………………………………………… 16
3.3
Self-Service Wagering Devices ……………………………………………………………………………………………………. 17
3.4
POS Wagering Devices ………………………………………………………………………………………………………………….. 18
3.5
Remote Wagering Devices …………………………………………………………………………………………………………… 19
Chapter 4: System Server Requirements……………………………………………………………………………….. 21
4.1
Introduction to System Server Requirements …………………………………………………………………………. 21
4.2
System Clock Requirements ………………………………………………………………………………………………………… 21
4.3
Control Program Requirements ………………………………………………………………………………………………….. 21
4.4
Event Wagering Management …………………………………………………………………………………………………….. 22
4.5
Player Account Management ………………………………………………………………………………………………………. 22
4.6
Location Requirements for Remote Wagering ………………………………………………………………………… 25
4.7
Information to be Maintained ……………………………………………………………………………………………………… 27
4.8
Reporting Requirements ……………………………………………………………………………………………………………… 31
Appendix A : Operational Audit for Event Wagering Procedures and Practices ………………. 33
A.1 Introduction to Event Wagering Procedures and Practices ………………………………………………….. 33
A.2 Internal Control Procedures ……………………………………………………………………………………………………….. 33
A.3 Player Account Controls……………………………………………………………………………………………………………….. 34
A.4 General Operating Procedures ……………………………………………………………………………………………………. 37
A.5 Wagering Rules ………………………………………………………………………………………………………………………………. 39
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
4
Version 1.1 Public Comment Draft
A.6 Wagering Procedures and Controls …………………………………………………………………………………………… 41
A.7 Wagering Venue Specifications …………………………………………………………………………………………………… 43
A.8 Monitoring Procedures ………………………………………………………………………………………………………………… 44
Appendix B : Operational Audit for Technical Security Controls ………………………………………… 46
B.1 Introduction to Technical Security Controls ……………………………………………………………………………. 46
B.2 System Operation & Security ………………………………………………………………………………………………………. 46
B.3 Backup and Recovery ……………………………………………………………………………………………………………………. 50
B.4 Communications ……………………………………………………………………………………………………………………………. 53
B.5 Third-Party Service Providers …………………………………………………………………………………………………….. 55
B.6 Technical Controls …………………………………………………………………………………………………………………………. 56
B.7 Remote Access and Firewalls ………………………………………………………………………………………………………. 57
B.8 Change Management …………………………………………………………………………………………………………………….. 59
B.9 Periodic Security Testing ……………………………………………………………………………………………………………… 60
Glossary of Key Terms ……………………………………………………………………………………………………………….. 63
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
5
Version 1.1 Public Comment Draft
Chapter 1: Introduction to Event Wagering Systems
1.1
Introduction
General Statement
Gaming Laboratories International, LLC (GLI) has been testing gaming equipment since 1989.
Over the years, GLI has developed numerous technical standards utilized by jurisdictions all over the
world. This document, GLI-33, sets forth the technical standards for Event Wagering Systems.
Document History
This document is a compilation based upon many standards documents from around the world. Some
were written by GLI; others were written by industry regulators with input from independent test
laboratories and Event Wagering System operators, developers, and suppliers. GLI has taken each of
the standards documents and merged the unique rules, eliminated some rules and updated others,
to reflect both the change in technology and the purpose of maintaining an objective standard that
achieves common regulatory objectives without unnecessarily impeding technological innovation.
GLI lists below, and gives credit to, agencies whose documents were reviewed prior to writing this
Standard. It is the policy of GLI to update this document as often as warranted to reflect changes in
technology and/or testing methods. This document will be distributed without charge and may be
obtained by downloading it from the GLI website at www.gaminglabs.com or by contacting GLI at:
1.2
Gaming Laboratories International, LLC.
600 Airport Road
Lakewood, NJ 08701
Phone: (732) 942-3999
Fax: (732) 942-0043
Acknowledgment of Other Standards Reviewed
General Statement
This technical standard has been developed by reviewing and using portions of documents from the
following organizations. GLI acknowledges and thanks the regulators and other industry participants
who have assembled these documents:
a)
b)
c)
d)
e)
f)
g)
h)
Nevada Gaming Commission and Gaming Control Board.
British Columbia Gaming Policy and Enforcement Branch (GPEB).
Association of Racing Commissioners International (ARCI).
Tasmanian Liquor and Gaming Commission.
Northern Territory Racing Commission.
Victorian Commission for Gambling and Liquor Regulation.
Danish Gambling Authority.
Spanish Directorate General for the Regulation of Gambling (DGOJ).
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
6
Version 1.1 Public Comment Draft
i) South African Bureau of Standards (SABS).
1.3
Purpose of Technical Standards
General Statement
The purpose of this technical standard is as follows:
a) To eliminate subjective criteria in analyzing and certifying Event Wagering Systems.
b) To test the criteria that impact the credibility and integrity of Event Wagering Systems from both
the revenue collection and player’s perspective.
c) To create a standard that will ensure wagers on events are fair, secure, and able to be audited and
operated correctly.
d) To distinguish between local public policy and Independent Test Laboratory criteria. It is up to
each local jurisdiction to set its own public policy with respect to wagering.
e) To recognize that the evaluation of internal control systems (such as Anti-Money Laundering,
Financial and Business processes) employed by the operators of the Event Wagering System
should not be incorporated into the laboratory testing of the standard but instead be included
within the operational audit performed for local jurisdictions.
f) To construct a standard that can be easily revised to allow for new technology.
g) To construct a standard that does not specify any particular design, method, or algorithm. The
intent is to allow a wide range of methods to be used to conform to the standards, while at the
same time encourage new methods to be developed.
No Limitation of Technology
One should be cautioned that this document must not be read in such a way that limits the use of
future technology. This document should not be interpreted to mean that if the technology is not
mentioned, then it is not allowed. To the contrary, GLI will review this standard and make changes
to incorporate minimum standards for any new and related technology.
Adoption and Observance
This technical standard can be adopted in whole or in part by any regulatory body that wishes to
implement a comprehensive set of requirements for Event Wagering Systems.
1.4
Other Documents That May Apply
Other GLI Standards
This technical standard covers the requirements for Event Wagering Systems. Depending on the
technology utilized by a system, additional GLI technical standards may also apply.
NOTE: The entire family of GLI Standards is available free of charge at www.gaminglabs.com.
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
7
Version 1.1 Public Comment Draft
Operator’s Minimum Internal Control Standards (MICS)
The implementation of an Event Wagering System is a complex task, and as such will require the
development of internal processes and procedures to ensure that the system is configured and
operated with the necessary level of security and control. To that end, it is expected that the operator
will establish a set of Minimum Internal Control Specifications (MICS) to define the internal processes
for the creation, management, and handling of wagering transactions as well as the requirements for
internal control of any system or component software and hardware, and their associated accounts.
1.5
Interpretation of this Document
General Statement
This technical standard applies to systems that support wagering on sports, competitions, matches,
and other event types approved by the regulatory body. The requirements in this technical standard
apply to wagering on events in a way that is general in nature and does not limit or authorize specific
events, markets or types of wagers. The intent is to provide a framework to cover those currently
known and permitted by law. This document is not intended to define which parties are responsible
for meeting the requirements of this technical standard. It is the responsibility of the stakeholders of
each operator to determine how to best meet the requirements laid out in this document.
Software Suppliers and Operators
The components of an Event Wagering System, although they may be constructed in a modular
fashion, are designed to work seamlessly together. In addition, Event Wagering Systems may be
developed to have configurable features; the final configuration of which depends on the options
chosen by the operator. From a testing perspective, it might not be possible to test all of the
configurable features of an Event Wagering System submitted by a software supplier in the absence
of the final configuration chosen by the operator; however, the configuration that will be utilized in
the production environment must be communicated to the independent test laboratory to facilitate
creating a functionally equivalent test environment. Because of the integrated nature of an Event
Wagering System, there are several requirements in this document which may apply to both
operators and suppliers. In these cases, where testing is requested for a “white-label” version of the
system, a specific configuration will be tested and reported.
1.6
Testing and Auditing
Laboratory Testing
The independent test laboratory will test and certify the components of the Event Wagering System
in accordance with the chapters of this technical standard within a controlled test environment, as
applicable. Any of these requirements which necessitate additional operational procedures to meet
the intent of the requirement must be documented within the evaluation report and used to
supplement the scope of the operational audit.
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
8
Version 1.1 Public Comment Draft
Operational Audit
The integrity and accuracy of the operation of an Event Wagering System is highly dependent upon
operational procedures, configurations, and the production environment’s network infrastructure.
As such, an operational audit is an essential addition to the testing and certification of an Event
Wagering System. The operational audit, outlined within the following appendices of this technical
standard, must be performed at a frequency specified by the regulatory body:
a) Appendix A: Operational Audit of Event Wagering Procedures. This includes, but is not limited to,
review of the MICS, procedures and practices for wagering operations, including, but not limited
to establishing wagering rules, suspending events, handling various wagering and financial
transactions, creating markets, settling wagers, closing markets, cancellations of events,
cancelling wagers, player account management, fundamental practices relevant to the limitation
of risks, and any other objectives established by the regulatory body.
b) Appendix B: Operational Audit of Technical Security Controls. This includes, but is not limited to,
an information security system (ISS) assessment, review of the operational processes that are
critical to compliance, penetration testing focused on the external and internal infrastructure as
well as the applications transferring, storing and/or processing of player data and/or sensitive
information, and any other objectives established by the regulatory body.
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
9
Version 1.1 Public Comment Draft
Chapter 2: Event Wagering Requirements
2.1
Introduction to Event Wagering Requirements
General Statement
This chapter sets forth technical requirements for wagering operations, including, but not limited to
rules for wager placement and results for markets within an event.
2.2
Wagering Displays and Information
Posting of Wagering Rules
Comprehensive wagering rules must be posted by an operator for the markets and event types
currently offered. Where the Wagering Software includes these wagering rules directly, the software
will be evaluated against the requirements within the “Wagering Rules” section of this document.
Dynamic Information on Wagering Displays
The following information must be made available without the need for placing a wager. Within a
venue this information may be displayed on a Wagering Device and/or an external display.
a) Information regarding the events and markets available for wagering;
b) Current odds/payouts and prices for available markets;
c) For types of markets where individual wagers are gathered into pools:
i. Up-to-date odds/payouts information for simple market pools. For complex market pools, it
is accepted that there may be reasonable limitations to the up-to-date accuracy of the pool
estimates displayed to the player;
ii. Up-to-date values of total investments for all market pools; and
iii. The dividends of any decided market.
NOTE: This information must be displayed as accurately as possible within the constraints of communication
delays and latencies.
2.3
Wager Placement
General Statement
Wagers are placed in conjunction with a player account or by funds provided to a Wagering Device
or an attendant. Depending on the type of Wagering Device, wagers may be placed directly by the
player or on behalf of a player by an attendant.
NOTE: Wagers placed using a Remote Wagering Device must only be placed in conjunction with a player
account.
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
10
Version 1.1 Public Comment Draft
Placement of a Wager
The following rules only apply to the placement of a paid wager directly by a player on the Wagering
Device:
a) The method of placing a wager must be straightforward, with all selections (including their order,
if relevant) identified. When the wager involves multiple events (e.g., parlays), such groupings
must be identified.
b) Players must have the ability to select the market they want to place a wager on.
c) Wagers must not be automatically placed on behalf of the player without the player’s
consent/authorization.
d) Players must have an opportunity to review and confirm their selections before the wager is
submitted. This does not preclude the use of “single-click” wagering where permitted by the
regulatory body and opted in by the player.
e) Situations must be identified where the player has placed a wager for which the associated
odds/payouts or prices have changed, and unless the player has opted in to auto-accept changes
as permitted by the regulatory body, provide a notification to confirm the wager given the new
values.
f) Clear indication must be provided that a wager has been accepted or rejected (in full or in part).
Each wager must be acknowledged and clearly indicated separately so that there is no doubt as
to which wagers have been accepted.
g) For wagers conducted using a player account:
i. The account balance must be readily accessible.
ii. A wager may not be accepted that could cause the player to have a negative balance.
iii. The account balance is to be debited when the wager is accepted by the system.
Wager Record
Upon completion of a wagering transaction, the player must have access to a wager record which
contains the following information:
a) The date and time the wager was placed;
b) The date and time the event is expected to occur (if known);
c) Any player choices involved in the wager:
i. Market and line postings (e.g., money line bet, point spreads, over/under amounts,
win/place/show, etc.);
ii. Wager selection (e.g., athlete or team name and number);
iii. Any special condition(s) applying to the wager;
d) Total amount wagered, including any promotional/bonus credits (if applicable);
e) Unique identification number and/or barcode of the wager;
f) User identification or unique Wagering Device ID which issued the wager record (if applicable);
g) Venue Name/Site Identifier (for printed wager record, it is permissible for this information to be
contained on the ticket stock itself); and
h) Redemption period (for printed wager records it is permissible for this information to be
contained on the ticket stock itself).
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
11
Version 1.1 Public Comment Draft
NOTE: Some of the above-listed information may also be part of the unique identification number and/or
barcode. Multiple barcodes are allowed and may represent more than just the unique identification number.
Wagering Period Close
It must not be possible to place wagers once the wagering period has closed.
Free Play Mode
Where allowed by the regulatory body, the Event Wagering System may support free play mode,
which allows a player to participate in wagering without paying. Free play mode must not mislead
the player about the odds/payouts available in the paid version.
2.4
Results and Payment
Results Display
Results entry must include the entry of all information which may affect the outcome of all types of
wagers offered for that event.
a) It must be possible for a player to obtain the results of their wagers on any decided market once
the results have been confirmed.
b) Any change of results (e.g., due to statistics/line corrections) must be made available.
Payment of Winnings
Once the results of the event are entered and confirmed, the player may receive payment for their
winning wagers. This does not preclude the ability for the player to perform a redemption for an
adjusted payout before event conclusion where offered.
Winning Wager Record Redemption
The following requirements apply to the redemption of a winning wager at a Wagering Device, as
allowed by the regulatory body. This section does not apply to winning wagers tied to a player
account which automatically updates the account balance.
a) The Event Wagering System must process winning wager record redemption according to the
secure communication protocol implemented.
b) No winnings are issued to the player prior to confirmation of winning wager record validity.
c) The Event Wagering System must have the ability to identify and provide a notification in the
case of invalid or unredeemable wager records for the following conditions:
i. Wager record cannot be found on file;
ii. Wager record is not a winner;
iii. Winning wager record has already been paid; or
iv. Amount of winning wager record differs from amount on file (requirement can be met by
display of winning wager amount for confirmation during the redemption process).
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
12
Version 1.1 Public Comment Draft
d) The Event Wagering System must update the wager record status on the database during each
phase of the redemption process accordingly. In other words, whenever the wager record status
changes, the system must update the database.
2.5
Virtual Event Wagering
General Statement
Virtual event wagering allows for the placement of wagers on simulations of sporting events,
contests, and races whose results are based solely on the output of an approved Random Number
Generator (RNG) as allowed by the regulatory body. The following requirements are only applicable
to cases that virtual event wagering is conducted in total by the Event Wagering System where a
wager is placed at a Wagering Device or through interaction with an attendant and then the virtual
event is displayed via a public or common display (e.g. external display, website, etc.). For virtual
events conducted by a gaming device (e.g., player makes a wager and the event plays out before them
on their machine or a shared display on a multi-player machine), please refer to applicable GLI-11
Standards for Gaming Devices as or jurisdictional requirements observed by the regulatory body.
Randomization and Virtual Events
A cryptographic RNG must be utilized to determine virtual event outcomes and must comply with
the applicable jurisdictional requirements set out for RNGs. In the absence of specific jurisdictional
standards, the “Random Number Generator (RNG) Requirements” chapter of GLI-11 Standards for
Gaming Devices must be used as applicable. Additionally, the evaluation of virtual event outcomes
using an RNG must comply with the following rules:
a) Where more than one RNG is used to determine different virtual event outcomes, each RNG must
be separately evaluated; and
b) Where each instance of an RNG is identical, but involves a different implementation within the
virtual event, each implementation must be separately evaluated.
Virtual Event Selection Process
Determination of events of chance that result in a monetary award may not be influenced, affected,
or controlled by anything other than the values selected by an approved RNG, in accordance with the
following requirements:
a) It must not be possible to ascertain the outcome of the virtual event prior to its commencement;
b) When making calls to the RNG, the virtual event may not limit the outcomes available for
selection, except as provided for by design;
c) The virtual event may not modify or discard outcomes selected by the RNG due to adaptive
behavior. Additionally, outcomes must be used as described by the rules of the virtual event;
d) After the commencement of a virtual event, no further actions or decisions may be made that
change the behavior of any of the elements of chance within the virtual event, other than player
decisions;
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
13
Version 1.1 Public Comment Draft
e) Except as provided for by the rules of the virtual event, events of chance must be independent
and shall not correlate with any other events within the same virtual event, or events within
previous virtual events;
f) Any associated equipment used in conjunction with an Event Wagering System may not influence
or modify the behaviors of the system’s RNG and/or random selection process, except as
authorized, or intended by design;
g) Virtual event outcomes may not be affected by the effective bandwidth, link utilization, bit error
rate or other characteristics of the communications channel between the Event Wagering System
and the Wagering Device; and
h) Wagering Software may not contain any logic utilized to generate the result of any virtual
event. All critical functions including the generation of any virtual event must be generated by
the Event Wagering System and be independent of the Wagering Device.
Virtual Event Display
Displays for a virtual event must conform to applicable display requirements of this standard. In
addition, the following display requirements apply:
a) Statistical data that is made available to the player pertaining to the virtual event shall not
misrepresent the capabilities of any virtual participant. This does not prevent the use of an
element of chance or randomness from impacting performance of the virtual participant during
the virtual event.
b) For scheduled virtual events, a countdown of the time remaining to place a wager in that event
must be displayed to the player. It must not be possible to place wagers on the event once this
time has passed; however, this requirement does not prohibit the implementation of in-play
wagers.
c) Each virtual participant must be unique in appearance, where applicable to the wager. For
instance, if the wager is on one team to beat another, the virtual participants themselves do not
need to be unique in appearance, however the teams that they are on must be visually distinct
from each other.
d) The result of a virtual event must be clear, unambiguous, and displayed for a sufficient length of
time to allow a player a reasonable opportunity to verify the virtual event’s outcome.
Simulation of Physical Objects
Where a virtual event incorporates a graphical representation or simulation of a physical object that
is used to determine virtual event outcome, the behaviors portrayed by the simulation must be
consistent with the real-world object, unless otherwise denoted by the virtual event rules. This
requirement does not apply to graphical representations or simulations that are utilized for
entertainment purposes only. The following must apply to the simulation:
a) The probability of any event occurring in the simulation that affects the outcome of the virtual
event must be analogous to the properties of the physical object;
b) Where the virtual event simulates multiple physical objects that would normally be expected to
be independent of one another based on the rules of the virtual event, each simulation must be
independent of any other simulation; and
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
14
Version 1.1 Public Comment Draft
c) Where the virtual event simulates physical objects that have no memory of previous events, the
behavior of the simulated objects must be independent of their previous behavior, so as to be
non-adaptive and non-predictable, unless otherwise disclosed to the player.
Physics Engine
Virtual events may utilize a “physics engine” which is specialized software that approximates or
simulates a physical environment, including behaviors such as motion, gravity, speed, acceleration,
inertia, trajectory, etc. A physics engine must be designed to maintain consistent play behaviors and
virtual event environment unless an indication is otherwise provided to the player by the virtual
event rules. A physics engine may utilize the random properties of an RNG to impact virtual event
outcome.
NOTE: Implementations of a physics engine in a virtual event will be evaluated on a case-by-case basis by the
independent test laboratory.
2.6
External Wagering Systems
General Statement
This section contains requirements for the circumstances where the Event Wagering
System communicates with an external wagering system in any of the following configurations:
a) The Event Wagering System is acting as the “host wagering system” receiving, for its own
markets, wagers from one or more external “guest wagering systems”; or
b) The Event Wagering System is acting as a “guest wagering system” passing wagers to an external
“host wagering system,” for that system’s markets.
NOTE: The requirements of this section apply to the interoperability of the Event Wagering System with the
external wagering system and are not a complete evaluation of the external wagering system itself. The external
wagering system may independently be subject to evaluation by the independent test laboratory per regulatory
body discretion.
Information
The following requirements apply to information being conveyed between the host wagering system
and the guest wagering system:
a) If the host wagering system provides pari-mutuel wagering for the guest wagering system, the
Event Wagering System must be able to:
i. When acting as the guest wagering system, receive the current dividends for active pools sent
from the host wagering system.
ii. When acting as the host wagering system, pass the current dividends for active pools to all
receiving guest wagering systems.
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
15
Version 1.1 Public Comment Draft
b) If the host wagering system provides fixed odds wagering for the guest wagering system where
the odds/payouts and prices can be dynamically changed, the Event Wagering System must be
able to:
i. When acting as the guest wagering system, receive the current odds/payouts and prices sent
from the host wagering system whenever any odds/payouts and prices are changed.
ii. When acting as the host wagering system, pass the current odds/payouts and prices to all
receiving guest wagering systems whenever any odds/payouts and prices are changed.
c) Change of event status information must be passed from the host wagering system to the guest
wagering system whenever any change occurs, including:
i. Withdrawn/reinstated selections;
ii. Altered event starting time;
iii. Individual markets opened/closed;
iv. Results entered/modified;
v. Results confirmed; and
vi. Event cancelled.
Wagers
The following requirements apply to wagers being placed between the host wagering system and the
guest wagering system:
a) Wagers placed on the guest wagering system must receive clear acknowledgment of acceptance,
partial acceptance (including details), or rejection sent by the host wagering system.
b) If the cost of the wager is determined by the host wagering system, there must be a positive
confirmation sequence in place to enable the player to accept the wager cost and the guest
wagering system to determine that there are enough funds in the account balance to meet the
wager cost prior to making an offer to the host wagering system.
c) Where wagers may be placed in bulk, the following requirements apply:
i. If the stream of wagers is interrupted for any reason, there must be a means available to
determine where in the stream that the interruption occurred.
ii. No wager in the stream may be greater than the account balance. If such a wager is attempted,
the entire stream is to be halted.
d) The account balance must be debited an amount equaling the offer and cost to the host wagering
system. The funds must remain as a pending transaction with details of the offer to the host
wagering system logged. On receipt of acknowledgment from the host wagering system, the
appropriate adjustments must be made to the “pending” account and the account balance.
e) Cancellation requests from the guest wagering system must receive clear acknowledgment of
acceptance or rejection by the host wagering system. The player is not to be credited by the guest
wagering system until final confirmation is received from the host wagering system including the
amount of the cancelled wager.
Results
When results are entered and confirmed on the host wagering system, each winning wager must be
transferred to the guest wagering system with the amount of the win. Confirmation of receipt of the
winning wagers must be acknowledged by the guest wagering system.
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
16
Version 1.1 Public Comment Draft
Chapter 3: Wagering Device Requirements
3.1
Introduction to Wagering Device Requirements
General Statement
A wager may be placed using one of the following types of Wagering Devices as allowed by the
regulatory body. Any other types of Wagering Devices will be reviewed on a case-by-case basis, as
allowed by the regulatory body.
a) Point-of-Sale (POS) Wagering Device: An attendant station that at a minimum will be used by an
attendant for the execution or formalization of wagers placed on behalf of a player.
b) Self-Service Wagering Device: A kiosk that at a minimum will be used for the execution or
formalization of wagers placed by a player directly and, if supported, may be used for redemption
of winning wager records.
c) Remote Wagering Device: A player-owned device operated either on an in-venue wireless
network or over the internet that at a minimum will be used for the execution or formalization of
wagers placed by a player directly. Examples of a Remote Wagering Device include a personal
computer, mobile phone, tablet, etc.
3.2
Wagering Software
General Statement
Wagering Software is used to take part in wagering and financial transactions with the Event
Wagering System which, based on design, is downloaded to or installed on the Wagering Device, run
from the Event Wagering System which is accessed by the Wagering Device, or a combination of the
two.
Software Identification
Wagering Software must contain sufficient information to identify the software and its version.
Software Validation
For Wagering Software installed locally on the Wagering Device, it must be possible to authenticate
that all critical components contained in the software are valid each time the software is loaded
for use, and where supported by the system, on demand as required by the regulatory body. Critical
components may include, but are not limited to, wagering rules, elements that control the
communications between the Wagering Device and the Event Wagering System, or other components
that are needed to ensure proper operation of the software. In the event of a failed authentication
(i.e., program mismatch or authentication failure), the software must prevent wagering operations
and display an appropriate error message.
NOTE: Program verification mechanisms will be evaluated on a case-by-case basis and approved by the
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
17
Version 1.1 Public Comment Draft
regulatory body and the independent test laboratory based on industry-standard security practices.
User Interface Requirements
The user interface is defined as an interface application or program through which the user views
and/or interacts with the Wagering Software. The user interface must meet the following
requirements:
a) The functions of all buttons, touch or click points must be clearly indicated within the area of the
button, or touch/click point or within the help menu. There must be no functionality available
through any buttons or touch/click points on the user interface that are undocumented.
b) Any resizing or overlay of the user interface must be mapped accurately to reflect the revised
display and touch/click points.
c) User interface instructions, as well as information on the functions and services provided by the
software, must be clearly communicated to the user and must not be misleading or inaccurate.
d) The display of the instructions and information must be adapted to the user interface. For
example, where a Wagering Device uses technologies with a smaller display screen, it is
permissible to present an abridged version of the wagering rules accessible directly from within
the wagering screen and make available the full/complete version of the wagering rules via
another method, such as a secondary screen, help menu, or other interface that is easily identified
on the visual wagering screen.
Simultaneous Inputs
Wagering Software must not be adversely affected by the simultaneous or sequential activation of
the various inputs and outputs which might, whether intentionally or not, cause malfunctions or
invalid results.
Wager Record Printers
If the Wagering Device uses a printer to issue printed wager records to the player, the printed wager
record must include information as indicated in “Wager Record” section of this document. It may be
permissible for some of this information to be contained on the ticket stock itself.
Communications
Wagering Software must be designed or programmed such that it may only communicate with
authorized components through secure communications. If communication between the Event
Wagering System and the Wagering Device is lost, the software must prevent further wagering
operations and display an appropriate error message. It is permissible for the software to detect this
error when the device tries to communicate with the system.
3.3
Self-Service Wagering Devices
General Statement
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
18
Version 1.1 Public Comment Draft
A player places a wager at a Self-Service Wagering Device by using funds from their player account
or by using peripheral devices as authorized by the regulatory body. In addition to the requirements
for “Wagering Software”, the requirements established within the GLI-20 Standards for Kiosks or
other applicable jurisdictional requirements observed by the regulatory body must be met for all
proprietary components of the Self-Service Wagering Device.
3.4
POS Wagering Devices
General Statement
A player places a wager at POS Wagering Device by using funds from their player account or by
providing payment for the wager(s) directly to the attendant. In addition to the requirements for
“Wagering Software”, the requirements established in this section must be met for POS Wagering
Devices.
Touch Screen Displays
Touch screen displays, if in use by the Wagering Software, must be accurate, and if required by their
design, must support a calibration method to maintain that accuracy; alternatively, the display
hardware may support automatic self-calibration.
Wagering Instruments
POS Wagering Devices which support the issuance and/or redemption of wagering instruments
(vouchers and coupons) must meet the applicable jurisdictional requirements for these items. In the
absence of specific jurisdictional standards, the requirements established within the “Machine
Vouchers” section of GLI-11 Standards for Gaming Devices and the “Voucher Validation System
Requirements” of GLI-13 Standards for On-Line Monitoring and Control Systems (MCS) and Validation
Systems must be used as applicable.
Printing Wager Records
If the POS Wagering Device connects to a printer to produce printed wager records and/or wagering
instruments, the printer and/or Wagering Software must be able to detect and indicate the following
error conditions, where supported. It is permissible for the error condition to be detected when it
tries to print:
a) Low battery (where power is external to the POS Wagering Device);
b) Out of paper/paper low; and
c) Printer disconnected.
Wireless POS Wagering Devices
For portable POS Wagering Devices, the applicable requirements for “Client-Server Interactions” of
the next section must also be met. Additionally, communication must only occur between the
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
19
Version 1.1 Public Comment Draft
portable POS Wagering Device and the Event Wagering System via authorized access points within
the venue.
3.5
Remote Wagering Devices
General Statement
A player may only place a wager on a Remote Wagering Device by using funds from their player
account (i.e. anonymous wagering transactions are prohibited). Depending on the implementation(s)
authorized by the regulatory body, Remote Wagering Devices may be used on an in-venue Wireless
Local Area Network (WLAN) or over the internet. In addition to the requirements for “Wagering
Software”, the requirements established in this section must be met for Remote Wagering Devices.
Client-Server Interactions
The player may obtain/download an application or software package containing the Wagering
Software or access the software via a browser to take part in wagering and financial transactions
with the Event Wagering System.
a) Players shall not be able to use the software to transfer data to one another, other than chat
functions (e.g., text, voice, video, etc.) and approved files (e.g., user profile pictures, photos, etc.);
b) The software must not automatically alter any device-specified firewall rules to open ports that
are blocked by either a hardware or software firewall;
c) The software must not access any ports (either automatically or by prompting the user to
manually access) which are not necessary for the communication between the Remote Wagering
Device and the server;
d) If the software includes additional non-wagering related functionality, this additional
functionality must not alter the software’s integrity in any way;
e) The software must not possess the ability to override the volume settings of the Remote
Wagering Device; and
f) The software must not be used to store sensitive information. It is recommended that auto
complete, password caching, or other methods that will fill in the password field are disabled by
default for the software.
Compatibility Verification
During any installation or initialization and prior to commencing wagering operations, the Wagering
Software used in conjunction with the Event Wagering System must detect any incompatibilities or
resource limitations with the Remote Wagering Device that would prevent proper operation of the
software (e.g., software version, minimum specifications not met, browser type, browser version,
plug-in version, etc.). If any incompatibilities or resource limitations are detected the software must
prevent wagering operations and display an appropriate error message.
Content
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
20
Version 1.1 Public Comment Draft
Wagering Software must not contain any malicious code or functionality deemed to be malicious in
nature by the regulatory body. This includes, but is not limited to, unauthorized file
extraction/transfers, unauthorized device modifications, unauthorized access to any locally stored
personal information (e.g., contacts, calendar, etc.) and malware.
Mandatory Player Account Use
Player account registration and verification are required by the Event Wagering System for a player
to participate in remote wagering. The Event Wagering System must meet the “Player Account
Management” requirements and “Player Account Controls” specified within this document.
Cookies
Where cookies are used, players must be informed of the cookie use upon Wagering Software
installation or during player registration. When cookies are required for wagering, wagering cannot
occur if they are not accepted by the Remote Wagering Device. All cookies used must contain no
malicious code.
Information Access
The Wagering Software must be able to display, either directly from the user interface or from a page
accessible to the player, the items specified in the following sections of this document. For Remote
Wagering Devices which only allow wagers within a venue, it is acceptable to disclose to the player
the means of obtaining the information required by this section:
a)
b)
c)
d)
e)
f)
“Wagering Rules”;
“Player Protection Information”;
“Terms and Conditions”;
“Privacy Policy”;
“Wagering Displays and Information”; and
“Results Display”.
NOTE: It is accepted that the system will unavoidably be subject to a certain degree of synchronization delay
for updates to this information as displayed on the software, and it is possible that information may only be
updated at the player’s next interaction with the software which causes the on-screen information to be
refreshed.
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
21
Version 1.1 Public Comment Draft
Chapter 4: System Server Requirements
4.1
Introduction to System Server Requirements
General Statement
If the Event Wagering System is comprised of multiple computer systems at various sites, the system
as a whole and all communication between its components must conform to the applicable technical
requirements within this document.
4.2
System Clock Requirements
System Clock
The Event Wagering System must maintain an internal clock that reflects the current date and time
that must be used to provide for the following:
a) Time stamping of all transactions and events;
b) Time stamping of significant events; and
c) Reference clock for reporting.
Time Synchronization
The Event Wagering System must be equipped with a mechanism to ensure the time and dates
between all components that comprise the system are synchronized.
4.3
Control Program Requirements
General Statement
In addition to the requirements contained within this section, the auditing procedures indicated in
the “Verification Procedures” section of this document must also be met.
Control Program Self-Verification
The Event Wagering System must be capable of verifying that all critical control program components
contained on the system are authentic copies of the approved components of the system, upon
installation, at least once every 24 hours, and on demand using a method approved by the regulatory
body. The critical control program authentication mechanism must:
a) Employ a hash algorithm which produces a message digest of at least 128 bits;
b) Include all critical control program components which may affect wagering operations, including
but not limited to: executables, libraries, wagering or system configurations, operating system
files, components that control required system reporting, and database elements that affect
system operations; and
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
22
Version 1.1 Public Comment Draft
c) Provide an indication of the authentication failure if any critical control program component is
determined to be invalid.
Control Program Independent Verification
Each critical control program component of the Event Wagering System must have a method to be
verified via an independent third-party verification procedure. The third-party verification process
must operate independently of any process or security software within the system. The independent
test laboratory, prior to system approval, must approve the integrity check method.
Shutdown and Recovery
The Event Wagering System must be able to perform a graceful shut down, and only allow automatic
restart on power up after the following procedures have been performed at a minimum:
a) Program resumption routine(s), including self-tests, complete successfully;
b) All critical control program components of the system have been authenticated using a method
approved by the regulatory body; and
c) Communication with all components necessary for system operation have been established and
similarly authenticated.
4.4
Event Wagering Management
Event Wagering Management
The Event Wagering System must be able to suspend the following on demand:
a)
b)
c)
d)
e)
All wagering activity;
Individual events;
Individual markets;
Individual Wagering Devices (if applicable); and
Individual player logins (if applicable).
4.5
Player Account Management
General Statement
The requirements of this section apply to player account management where supported by the Event
Wagering System.
Registration and Verification
There must be a method to collect player information prior to the registration of a player account.
Where player account registration and verification are supported by the Event Wagering System
either directly by the system or in conjunction with a third-party service provider’s software, the
following requirements must be met:
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
23
Version 1.1 Public Comment Draft
a) Only players of the legal wagering age for the jurisdiction may register for a player account. Any
person that submits a birth date that indicates they are underage shall be denied the ability to
register for a player account.
b) Identity verification must be undertaken before a player is allowed to place a wager. Third-party
service providers may be used for identity verification as allowed by the regulatory body.
i. Identity verification must authenticate the legal name, physical address and age of the
individual at a minimum as required by the regulatory body.
ii. Identity verification must also confirm that the player is not on any exclusion lists held by the
operator or the regulatory body or prohibited from establishing or maintaining an account
for any other reason.
iii. Details of identity verification must be kept in a secure manner.
c) The player account can only become active once age and identity verification are successfully
completed, the player is determined to not be on any exclusion lists or prohibited from
establishing or maintaining an account for any other reason, the player has acknowledged the
necessary privacy policies and terms and conditions, and the player account registration is
complete.
d) A player shall only be permitted to have one active player account at a time unless specifically
authorized by the regulatory body.
e) The system must allow the ability to update passwords, registration information and the account
used for financial transactions for each player. A multi-factor authentication process must be
employed for these purposes.
Player Access
A player accesses their player account using a username (or similar) and a password or a secure
alternative means for the player to perform authentication to log in to the Event Wagering System.
Authentication methods are subject to the discretion of the regulatory body as necessary. The
requirement does not prohibit the option for more than one method of authentication being available
for a player to access their account.
a) If the system does not recognize the username and/or password when entered, an explanatory
message must be displayed to the player which prompts the player to re-enter the information.
b) Where a player has forgotten their username and/or password, a multi-factor authentication
process must be employed for the retrieval of the username/resetting of the password.
c) Current account balance information and transaction options must be available to the player once
authenticated.
d) After 30 minutes of inactivity on a specific Wagering Device, or a period determined by the
regulatory body, the system must require a player to re-authenticate in order to access their
account. No further wagering or financial transactions are permitted until the player has been re-
authenticated.
e) The system may allow a simpler means for a player to re-authenticate, such as operating system
level authentication (e.g., biometrics) or a Personal Identification Number (PIN). Each means for
re-authentication will be evaluated on a case-by-case basis by the independent test laboratory.
i. This functionality may be disabled based on preference of the player and/or regulatory body.
ii. Once every 30 days, or a period specified by the regulatory body, the player will be required
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
24
Version 1.1 Public Comment Draft
to provide full authentication.
f) The system must support a mechanism that allows for an account to be locked in the event that
suspicious activity is detected (e.g., too many failed attempts for login). A multi-factor
authentication process must be employed for the account to be unlocked.
Limitations and Exclusions
The Event Wagering System must be able to correctly implement any limitations and/or exclusions
put in place by the player and/or operator as required by the regulatory body:
a) Where the system provides the ability to directly manage limitations and/or exclusions, the
applicable requirements within the “Limitations” and “Exclusions” sections of this document
must be evaluated;
b) The self-imposed limitations set by a player must not override more restrictive operator-
imposed limitations. The more restrictive limitations must take priority; and
c) Limitations must not be compromised by internal status events, such as self-imposed exclusion
orders and revocations.
Player Funds Maintenance
Where financial transactions can be performed automatically by the Event Wagering System the
following requirements must be met:
a) The system must provide confirmation/denial of every financial transaction initiated.
b) A deposit into a player account may be made via a credit card transaction or other methods which
can produce a sufficient audit trail.
c) Funds must not be available for wagering until they are received from the issuer or the issuer
provides an authorization number indicating that the funds are authorized. The authorization
number is to be maintained in an audit log.
d) Payments from an account are to be paid (including funds transfer) directly to an account with a
financial institution in the name of the player or made payable to the player and forwarded to the
player’s address using a secure delivery service or through another method that is not prohibited
by the regulatory body. The name and address are to be the same as held in player registration
details.
e) If a player initiates a player account transaction and that transaction would exceed limits put in
place by the operator and/or regulatory body, this transaction may only be processed provided
that the player is clearly notified that they have withdrawn or deposited less than requested.
f) It must not be possible to transfer funds between two player accounts.
Automatic Acceptance of Changes in Wagers
Where allowed by the regulatory body, an Event Wagering System may support a feature that allows
a player while placing a wager to auto-accept changes in odds/payouts or price of the wager provided
that it conforms to the following requirements:
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
25
Version 1.1 Public Comment Draft
a) Any auto-accept options available (e.g., auto-accepting all wagers with higher price, auto-
accepting all wagers with lower price, etc.) must be explained to the player;
b) The player must manually opt in to use this functionality (i.e., it must not be set by default); and
c) The player shall be able to opt out at any time.
Transaction Log or Account Statement
The Event Wagering System must be able to provide a transaction log or account statement history
to a player upon request. The information provided must include sufficient information to allow the
player to reconcile the statement or log against their own financial records. Information to be
provided must include at a minimum, details on the following types of transactions:
a) Financial Transactions (time stamped with a unique transaction ID):
i. Deposits to the player account;
ii. Withdrawals from the player account;
iii. Promotional or bonus credits added to/removed from the player account (outside of credits
won in wagering);
iv. Manual adjustments or modifications to the player account (e.g., due to refunds);
b) Wagering Transactions:
i. Unique identification number of the wager;
ii. The date and time the wager was placed;
iii. The date and time the event started and ended or is expected to occur for future events (if
known);
iv. The date and time the results were confirmed (blank until confirmed);
v. Any player choices involved in the wager, including market and line postings, wager selection,
and any special condition(s) applying to the wager;
vi. The results of the wager (blank until confirmed);
vii. Total amount wagered, including any promotional/bonus credits (if applicable);
viii. Total amount won, including any promotional/bonus credits (if applicable);
ix. Commission or fees collected (if applicable); and
x. The date and time the winning wager was paid to the player.
Player Loyalty Programs
Player loyalty programs are any programs that provide incentives for players, typically based on the
volume of play or revenue received from a player. If player loyalty programs are supported by the
Event Wagering System, the following principles must apply:
a) All awards must be equally available to all players who achieve the defined level of qualification
for player loyalty points;
b) Redemption of player loyalty points earned must be a secure transaction that automatically
debits the points balance for the value of the prize redeemed; and
c) All player loyalty points transactions must be recorded by the system.
4.6
Location Requirements for Remote Wagering
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
26
Version 1.1 Public Comment Draft
General Statement
Where required by the regulatory body, the requirements within this section must apply when the
Event Wagering System supports remote wagering.
NOTE: The operator or third-party service provider maintaining these components, services and/or
applications must meet the auditing procedures indicated in the “Location Service Provider” section of this
document.
Location Fraud Prevention
The Event Wagering System must incorporate a mechanism to detect the use of remote desktop
software, rootkits, virtualization, and/or any other programs identified as having the ability to
circumvent location detection. This must follow best practice security measures to:
a) Detect and block location data fraud (e.g., fake location apps, virtual machines, remote desktop
programs, etc.) prior to completing each wager;
b) Examine the IP address upon each Remote Wagering Device connection to a network to ensure a
known Virtual Private Network (VPN) or proxy service is not in use;
c) Detect and block devices which indicate system-level tampering (e.g., rooting, jailbreaking, etc.);
d) Stop “Man-In-The-Middle” attacks or similar hacking techniques and prevent code manipulation;
e) Utilize detection and blocking mechanisms verifiable to an application level; and
f) Monitor and prevent wagers placed by a single player account from geographically inconsistent
locations (e.g., wager placement locations were identified that would be impossible to travel
between in the time reported).
Location Detection for Remote Wagering on a WLAN
Where remote wagering occurs over a Wireless Local Area Network (WLAN), the Event Wagering
System must incorporate one of the following methods that can track the locations of all players
connected to the WLAN:
a) A location detection service or application in which each player shall pass a location check prior
to completing each wager. This service or application must meet the requirements specified in
the next section for “Location Detection for Remote Wagering Over the Internet”; or
b) A location detection component that detects in real-time when any players are no longer in the
permitted area and prevent further wagers from being placed. This can be accomplished with the
use of specific IT hardware such as directional antennas, Bluetooth sensors or other methods to
be evaluated on a case-by-case basis by the independent test laboratory.
Location Detection for Remote Wagering Over the Internet
Where remote wagering occurs over the internet, the Event Wagering System must incorporate a
location detection service or application to reasonably detect and dynamically monitor the location
of a player attempting to place a wager; and to monitor and enable the blocking of unauthorized
attempts to place a wager.
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
27
Version 1.1 Public Comment Draft
a) Each player shall pass a location check prior to completing the first wager after logging in on a
specific Remote Wagering Device. Subsequent location checks on that device must occur prior to
completing wagers after a period of 30 minutes since the previous location check, or as otherwise
specified by the regulatory body:
i. If the location check indicates the player is outside the permitted boundary or cannot
successfully locate the player, the wager must be rejected, and the player shall be notified of
this.
ii. An entry must be recorded in a time stamped log any time a location violation is detected,
including the unique player ID and the detected location.
b) A geolocation method must be used to provide a player’s physical location and an associated
confidence radius. The confidence radius must be entirely located within the permitted
boundary.
c) Accurate location data sources (Wi-Fi, GSM, GPS, etc.) must be utilized by the geolocation method
to confirm the player’s location. If a Remote Wagering Device’s only available location data source
is an IP Address, the location data of a mobile device registered to the player account may be used
as a supporting location data source under the following conditions:
i. The Remote Wagering Device (where the wager is being placed) and the mobile device must
be determined to be near one another.
ii. If allowed by the regulatory body, carrier-based location data of a mobile device may be used
if no other location data sources other than IP Addresses are available.
d) The geolocation method must possess the ability to control whether the accuracy radius of the
location data source is permitted to overlap or exceed defined buffer zones or the permitted
boundary; and
e) To mitigate and account for discrepancies between mapping sources and variances in geospatial
data, boundary polygons based on audited maps approved by the regulatory body as well as
overlay location data onto these boundary polygons must be utilized.
4.7
Information to be Maintained
Data Retention and Time Stamping
The Event Wagering System must be capable of maintaining and backing up all recorded data as
discussed within this section:
a) The system clock must be used for all time stamping.
b) The system must provide a mechanism to export the data for the purposes of data analysis and
auditing/verification (e.g., CSV, XLS).
Wager Record Information
For each individual wager placed by the player, the information to be maintained and backed up by
the Event Wagering System must include:
a) The date and time the wager was placed;
b) Any player choices involved in the wager:
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
28
Version 1.1 Public Comment Draft
i.
c)
d)
e)
f)
g)
h)
i)
j)
k)
l)
m)
n)
o)
Market and line postings (e.g., money line bet, point spreads, over/under amounts,
win/place/show);
ii. Wager selection (e.g., athlete or team name and number);
iii. Any special condition(s) applying to the wager;
The results of the wager (blank until confirmed);
Total amount wagered, including any promotional/bonus credits (if applicable);
Total amount won, including any promotional/bonus credits (if applicable);
Commission or fees collected (if applicable);
The date and time the winning wager was paid to the player;
Unique identification number of the wager;
User identification or unique Wagering Device ID which issued the wager record (if applicable);
Relevant location information;
Event and market identifiers;
Current wager status (active, cancelled, unredeemed, pending, void, invalid, redemption in
progress, redeemed, etc.);
Unique player ID, for wagers conducted using a player account;
Redemption period (if applicable); and
Open text field for attendant input of player description or picture file (if applicable);
Market Information
For each individual market available for wagering, the information to be maintained and backed up
by the Event Wagering System must include:
a) The date and time the wagering period started and ended;
b) The date and time the event started and ended or is expected to occur for future events (if
known);
c) The date and time the results were confirmed (blank until confirmed);
d) Total amount of wagers collected, including any promotional/bonus credits (if applicable);
e) The line postings that were available throughout the duration of a market (time stamped) and
the confirmed result (win/loss/push);
f) Total amount of winnings paid to players, including any promotional/bonus credits (if
applicable);
g) Total amount for cancelled wagers, including any promotional/bonus credits (if applicable);
h) Commission or fees collected (if applicable);
i) Event status (in progress, complete, confirmed, etc.); and
j) Event and market identifiers.
Contest/Tournament Information
For Event Wagering Systems which support contests/tournaments, the information to be maintained
and backed up by the Event Wagering System must include for each contest/tournament:
a) Name of the contest/tournament;
b) The date and time the contest/tournament occurred or will occur (if known);
c) Unique player ID and name of each registered player, amount of entry fee paid, and the date paid;
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
29
Version 1.1 Public Comment Draft
d) Unique player ID and name of each winning player, amount paid, and the date paid;
e) Total amount of entry fees collected, including any promotional/bonus credits (if applicable);
f) Total amount of winnings paid to players, including any promotional/bonus credits (if
applicable);
g) Commission or fees collected (if applicable); and
h) Contest/tournament status (in progress, complete, etc.).
Wagering Device Information
For each individual Self-Service Wagering Device or POS Wagering Device, the information to be
maintained and backed up by the Event Wagering System must include, as applicable:
a)
b)
c)
d)
e)
Unique Wagering Device ID;
Wager record purchases;
Winning wager record redemptions, if supported;
Wager record voids and cancellations; and
User identification and session information, for POS Wagering Devices;
Player Account Information
For Event Wagering Systems which support player account management, the information to be
maintained and backed up by the Event Wagering System must include for each player account:
a)
b)
c)
d)
e)
f)
g)
h)
i)
Unique player ID and player name;
Player data (including verification method);
Date of player agreement to the operator’s terms and conditions and privacy policy;
Account details and current balance;
Open text field for attendant input of player description or picture file (if applicable);
Previous accounts, if any, and reason for de-activation;
Date and method from which the account was registered (e.g., remote vs. on-site);
The date and time of last log in;
Exclusions/limitations information as required by the regulatory body:
i. The date and time of the request (if applicable);
ii. Description and reason of exclusion/limitation
iii. Type of exclusion/restriction (e.g., operator-imposed exclusion, self-imposed limitation);
iv. Date exclusion/limitation commenced;
v. Date exclusion/limitation ended (if applicable);
j) Financial Transaction information:
i. Type of transaction (e.g., deposit, withdrawal, adjustment);
ii. The date and time of the transaction;
iii. Unique transaction ID;
iv. Amount of transaction;
v. Total account balance before/after transaction;
vi. Total amount of fees paid for transaction (if applicable);
vii. User identification or unique Wagering Device ID which handled the transaction (if
applicable);
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
30
Version 1.1 Public Comment Draft
viii. Transaction status (pending, complete, etc.);
ix. Method of deposit/withdrawal (e.g., cash, debit or credit card, personal check, cashier’s
check, wire transfer, money order);
x. Deposit authorization number; and
xi. Relevant location information.
Promotion/Bonus Information
For Event Wagering Systems which support promotions and/or bonuses that are redeemable for
cash, wagering credits, or merchandise, the information to be maintained and backed up by the Event
Wagering System must include for each promotion/bonus:
a)
b)
c)
d)
e)
f)
g)
The date and time the promotion/bonus period started and ended or will end (if known);
Current balance for promotion/bonus;
Total amount of promotions/bonuses issued;
Total amount of promotions/bonuses redeemed;
Total amount of promotions/bonuses expired;
Total amount of promotion/bonus adjustments; and
Unique ID for the promotion/bonus.
Significant Event Information
Significant event information to be maintained and backed up by the Event Wagering System must
include:
a)
b)
c)
d)
e)
f)
g)
h)
i)
j)
k)
l)
m)
Failed login attempts;
Program error or authentication mismatch;
Significant periods of unavailability of any critical component of the system;
Large wins (single and aggregate over defined time period) in excess of a value specified by the
regulatory body, including wager record information;
Large wagers (single and aggregate over defined time period) in excess of a value specified by
the regulatory body, including wager record information;
System voids, overrides, and corrections;
Changes to live data files occurring outside of normal program and operating system execution;
Changes that are made to the download data library, including the addition, changing or deletion
of software, where supported;
Changes to operating system, database, network, and application policies and parameters;
Changes to date/time on master time server;
Changes to previously established criteria for an event or market (not including line posting
changes for active markets);
Changes to the results of an event or market;
Player Account Management:
i. Adjustments to a player account balance;
ii. Changes made to player data and sensitive information recorded in a player account;
iii. Deactivation of a player account;
iv. Large financial transactions (single and aggregate over defined time period) in excess of a
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
31
Version 1.1 Public Comment Draft
value specified by the regulatory body, including transaction information;
n) Irrecoverable loss of sensitive information;
o) Any other activity requiring user intervention and occurring outside of the normal scope of
system operation; and
p) Other significant or unusual events as deemed applicable by the regulatory body.
User Access Information
For each user account, the information to be maintained and backed up by the Event Wagering
System must include:
a)
b)
c)
d)
e)
f)
g)
h)
Employee name and title or position;
User identification;
Full list and description of functions that each group or user account may execute;
Date and time account created;
The date and time of last log in;
Date of last password change;
Date and time account disabled/deactivated; and
Group membership of user account (if applicable).
4.8
Reporting Requirements
General Reporting Requirements
The Event Wagering System must be capable of generating the information needed to compile
reports as required by the regulatory body. In addition to meeting the requirements in the section
above for “Data Retention and Time Stamping”, the following requirements must apply for required
reports:
a) The system must be able to provide the reporting information on demand and for intervals
required by the regulatory body including, but not limited to, daily, month-to-date (MTD), year-
to-date (YTD), and life-to-date (LTD).
b) Each required report must contain:
i. The operator, the selected interval and the date/time the report was generated; and
ii. An indication of “No Activity” or similar message if no information appears for the period
specified.
NOTE: In addition to the reports outlined in this section, the regulatory body may also require other reports
utilizing the information stored under the “Information to be Maintained” section of this document.
Operator Revenue Reports
The Event Wagering System must be able to provide the following information needed to compile
one or more reports on operator revenue for each event as a whole and for each individual market
within that event which may be used for operator taxation information:
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
a)
b)
c)
d)
e)
f)
g)
32
Version 1.1 Public Comment Draft
The date and time each event started and ended;
Total amount of wagers collected;
Total amount of winnings paid to players;
Total amount of wagers cancelled;
Commission and fees collected (if applicable);
Event and market identifiers; and
Event status (in progress, complete, confirmed, etc.).
Operator Liability Reports
The Event Wagering System must be able to provide the following information needed to compile
one or more reports on operator liability:
a) Total amount held by the operator for the player accounts (if applicable);
b) Total amount of wagers placed on future events; and
c) Total amount of winnings owed but unpaid by the operator on winning wagers.
Future Events Reports
The Event Wagering System must be able to provide the following information needed to compile
one or more reports on future events for the gaming day:
a) Wagers placed prior to the gaming day for future events (total and by wager);
b) Wagers placed on the gaming day for future events (total and by wager);
c) Wagers placed prior to the gaming day for events occurring on that same day (total and by
wager);
d) Wagers placed on the gaming day for events occurring on that same day (total and by wager);
e) Wagers cancelled on the gaming day (total and by wager); and
f) Event and market identifiers.
Significant Events and Alterations Reports
The Event Wagering System must be able to provide the following information needed to compile
one or more reports for each significant event or alteration as applicable:
a)
b)
c)
d)
e)
f)
Date and time of the significant event or alteration;
Event/component identification (if applicable);
Identification of user(s) who performed and/or authorized the significant event or alteration;
Reason/description of the significant event or alteration, including data or parameter altered;
Data or parameter value before alteration; and
Data or parameter value after alteration.
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
33
Version 1.1 Public Comment Draft
Appendix A: Operational Audit for Event Wagering Procedures
and Practices
A.1
Introduction to Event Wagering Procedures and Practices
General Statement
This appendix sets forth procedures and practices for wagering operations which will be reviewed
in an operational audit as a part of the Event Wagering System evaluation, including, but not limited
to establishing wagering rules, suspending events, handling various wagering and financial
transactions, creating markets, settling wagers, closing markets, cancellations of events, cancelling
wagers, player account management, fundamental practices relevant to the limitation of risks, and
any other objectives established by the regulatory body.
NOTE: It is also recognized that additional procedures and practices which are not specifically included within
this standard will be relevant and required for an operational audit as determined by the operator and/or
regulatory body within their rules, regulations, and Minimum Internal Control Standards (MICS).
A.2
Internal Control Procedures
Internal Control Procedures
The operator shall establish, maintain, implement and comply with internal control procedures for
wagering operations, including performing wagering and financial transactions.
Information Management
The operator’s internal controls must include the processes for maintaining the recorded
information specified under the section entitled “Information to be Maintained” for a period of five
years or as otherwise specified by the regulatory body.
Risk Management
The operator’s internal controls must contain details on its risk management framework, including
but not limited to:
a)
b)
c)
d)
e)
Automated and manual risk management procedures;
Employee management, including access controls and segregation of duties;
Information regarding identifying and reporting fraud and suspicious conduct;
Controls ensuring regulatory compliance;
Description of Anti-Money Laundering (AML) compliance standards including procedures for
detecting structuring to avoid reporting requirements;
f) Description of all software applications that comprise the Event Wagering System;
g) Description of all types of wagers available to be offered by the operator;
h) Description of the method to prevent past-post wagers from being placed;
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
34
Version 1.1 Public Comment Draft
i) Description of all integrated third-party service providers; and
j) Any other information required by the regulatory body.
Restricted Players
The operator’s internal controls must describe the method to prevent players from wagering on
events in which they might have insider information, including, but not limited to the following
examples:
a) Employees, subcontractors, directors, owners, and officers of an operator, as well as those within
the same household, shall not place wagers on any event, except in private pools where their
association with the operator is clearly disclosed.
b) Professional or collegiate athletes, team employees and owners, coaches, managers, handlers,
athletic trainers, league officials and employees, referees, umpires, sports agents, and employees
of a player or referee union, as well as those within the same household, shall not place wagers
on any event in the sport in which they participate, or in which the athlete they represent
participates.
A.3
Player Account Controls
Registration and Verification
Where player account registration is done manually by the operator, procedures must be in place to
satisfy the requirements for “Registration and Verification” as indicated within this document.
Fraudulent Accounts
The operator shall have a documented public policy for the treatment of player accounts discovered
to being used in a fraudulent manner, including but not limited to:
a) The maintenance of information about any account’s activity, such that if fraudulent activity is
detected, the operator has the necessary information to take appropriate action;
b) The suspension of any account discovered to be engaged in fraudulent activity, such as a player
providing access to underage persons; and
c) The handling of deposits, wagers, and wins associated with a fraudulent account.
Terms and Conditions
A set of terms and conditions must be available to the player. During the registration process and
when any terms and conditions are updated, the player shall agree to the terms and conditions. The
terms and conditions must:
a) State that only individuals legally permitted by their respective jurisdiction can participate in
wagering;
b) Advise the player to keep their authentication credentials (e.g., password and username) secure;
c) Disclose all processes for dealing with lost authentication credentials, forced password changes,
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
35
Version 1.1 Public Comment Draft
password strength and other related items;
d) Specify the conditions under which an account is declared inactive and explain what actions will
be undertaken on the account once this declaration is made; and
e) Clearly define what happens to the player’s pending wagers placed prior to any self-imposed or
operator-imposed exclusion, including the return of all wagers, or settling all wagers, as
appropriate.
Privacy Policy
A privacy policy must be available to the player. During the registration process and when the privacy
policy is updated, the player shall agree to the privacy policy. The privacy policy must state
a)
b)
c)
d)
e)
The player data required to be collected;
The purpose for information collection;
The period in which the information is stored;
The conditions under which information may be disclosed; and
An affirmation that measures are in place to prevent the unauthorized or unnecessary disclosure
of the information.
Player Data Security
Any information obtained in respect to the player account, including player data, must be done in
compliance with the privacy policy and local privacy regulations and standards observed by the
regulatory body. In addition:
a) Any player data which is not subject to disclosure pursuant to the privacy policy must be kept
confidential, except where the release of that information is required by law.
b) There must be procedures in place for the security and sharing of player data, funds in a player
account and other sensitive information as required by the regulatory body, including, but not
limited to:
i. The designation and identification of one or more employees having primary responsibility
for the design, implementation and ongoing evaluation of such procedures and practices;
ii. The procedures to be used to determine the nature and scope of all information collected, the
locations in which such information is stored, and the storage devices on which such
information may be recorded for purposes of storage or transfer;
iii. The measures to be utilized to protect information from unauthorized access; and
iv. The procedures to be used in the event the operator determines that a breach of data security
has occurred, including required notification to the regulatory body.
Financial Transactions
Procedures must be in place to ensure all financial transactions are conducted in accordance with
local commerce regulations and requirements mandated by the regulatory body:
a) Where financial transactions cannot be performed automatically by the Event Wagering System,
procedures must be in place to satisfy the requirements for “Player Funds Maintenance” as
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
36
Version 1.1 Public Comment Draft
indicated within this document.
b) Positive player identification or authentication must be completed before the withdrawal of any
funds can be made by the player.
c) A player’s request for withdrawal of funds (i.e., deposited and cleared funds and wagers won)
must be completed by the operator within a reasonable amount of time, unless there is a pending
unresolved player complaint/dispute or investigation. Such investigation must be documented
by the operator and available for review by the regulatory body.
d) The operator shall have security or authorization procedures in place to ensure that only
authorized adjustments can be made to player accounts, and these changes are auditable.
Limitations
Players must be provided with a method to impose limitations for wagering parameters including,
but not limited to deposits and wagers as required by the regulatory body. In addition, there must be
a method for the operator to impose any limitations for wagering parameters as required by the
regulatory body.
a) Once established by a player and implemented by the operator, it must only be possible to reduce
the severity of self-imposed limitations upon 24 hours’ notice, or as required by the regulatory
body;
b) Players must be notified in advance of any operator-imposed limits and their effective dates. Once
updated, operator-imposed limits must be consistent with what is disclosed to the player; and
c) Upon receiving any self-imposed or operator-imposed limitation order, the operator shall ensure
that all specified limits are correctly implemented immediately or at the point in time (e.g., next
login, next day) clearly indicated to the player.
Exclusions
Players must be provided with a method to exclude themselves from wagering for a specified period
or indefinitely, as required by the regulatory body. In addition, there must be a method for the
operator to exclude a player from wagering as required by the regulatory body.
a) Players must be given a notification containing exclusion status and general instructions for
resolution where possible;
b) Immediately upon receiving the exclusion order, no new wagers or deposits are accepted from
that player, until the exclusion has been removed;
c) While excluded, the player shall not be prevented from withdrawing any or all of their account
balance, provided that the operator acknowledges that the funds have cleared, and that the
reason(s) for exclusion would not prohibit a withdraw; and
d) All advertising or marketing material must not specifically target players that have been excluded
from play.
Inactive Accounts
A player account is considered to be inactive under the conditions as specified in the terms and
conditions. Procedures must be in place to:
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
37
Version 1.1 Public Comment Draft
a) Protect inactive player accounts that contain funds from unauthorized access, changes or
removal; and
b) Deal with unclaimed funds from inactive player accounts, including returning any remaining
funds to the player where possible.
A.4
General Operating Procedures
Operator Reserves
The operator shall have processes in place for maintaining and protecting adequate cash reserves, as
determined by the regulatory body, including segregated accounts of funds held for player accounts
and operational funds such as those used to cover unclaimed winning wagers and potential winning
wagers for the gaming day.
Protection of Player Funds
The operator shall have processes in place to ensure funds in an operator account are either to be
held in trust for the player in a special purpose segregated account that is maintained and controlled
by a properly constituted corporate entity that is not the operator and whose governing board
includes one or more corporate directors who are independent of the operator and of any
corporation related to or controlled by the operator. In addition, the operator shall have procedures
that are reasonably designed to:
a) Ensure that funds generated from event wagering are safeguarded and accounted for;
b) Make clear that the funds in the segregated account do not belong to the operator and are not
available to creditors other than the player whose funds are being held; and
c) Prevent commingling of funds in the segregated account with other funds including, without
limitation, funds of the operator.
Taxation
The operator shall have a process in place to identify all wins that are subject to taxation (single wins
or aggregate wins over a defined period as required) and provide the necessary information in
accordance with each regulatory body’s taxation requirements.
NOTE: Amounts won that exceed any jurisdictional specified limit must require the appropriate documentation
to be completed before the winning player is paid.
Complaint/Dispute Process
The operator shall provide a method for a player to make a complaint/dispute, and to enable the
player to notify the regulatory body if such complaint/dispute has not been or cannot be addressed
by the operator, or under other circumstances as specified by the law of the regulatory body.
a) Players must be able to log complaints/disputes on a 24/7 basis.
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
38
Version 1.1 Public Comment Draft
b) Records of all correspondence relating to a complaint/dispute must be maintained for a period
of five years or as otherwise specified by the regulatory body.
c) A documented process must exist between the operator and the regulatory body on the
complaint/dispute reporting and resolution process.
Player Protection Information
Player protection information must be available to the player. The player protection information
must contain at a minimum:
a) Information about potential risks associated with excessive wagering, and where to get help for
a gambling problem;
b) A statement that no underage persons are permitted to participate in wagering;
c) A list of the available player protection measures that can be invoked by the player, such as self-
imposed exclusion, and information on how to invoke those measures;
d) For player accounts, mechanisms in place which can be used to detect unauthorized use of their
account, such as reviewing credit card statements against known deposits;
e) Contact information or other means for reporting a complaint/dispute; and
f) Contact information for the regulatory body and/or a link to their website.
Contests/Tournaments
A contest/tournament, which permits a player to either purchase or be awarded the opportunity to
engage in competitive wagering against other players, may be permitted provided the following rules
are met:
a) Rules must be made available to a player for review prior to contest/tournament registration.
The rules must include at a minimum:
i. All conditions registered players must meet to qualify for entry and advancement through,
the contest/tournament;
ii. Specific information pertaining to any single contest/tournament, including the available
prizes or awards and distribution of funds based on specific outcomes; and
iii. The name of the organization (or persons) that conducted the contest/tournament on behalf
of, or in conjunction with, the operator (if applicable).
b) Procedures must be in place to record the results of each contest/tournament and make publicly
available for the registered players to review for a reasonable period of time. Subsequent to being
posted publicly, the results of each contest/tournament must be made available upon
request. The results include the following:
i. Name of the contest/tournament;
ii. Date(s)/times(s) of the contest/tournament;
iii. Total number of entries;
iv. Amount of entry fees;
v. Total prize pool; and
vi. Amount paid for each winning category.
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
39
Version 1.1 Public Comment Draft
NOTE: For free contests/tournaments (i.e., registered player does not pay an entry fee), the information
required by the above must be recorded except for the number of entries, amount of entry fees and total prize
pool.
A.5
Wagering Rules
Wagering Rules
Wagering rules refers to any written, graphical, and auditory information provided to the public
regarding event wagering operations. The operator shall adopt, and adhere to comprehensive
wagering rules which must be approved by the regulatory body:
a) Wagering rules must be complete, unambiguous, and not misleading or unfair to the player.
b) Wagering rules that are presented aurally (via sound or voice) must also be displayed in written
form.
c) Wagering rules must be rendered in a color that contrasts with the background color to ensure
that all information is clearly visible/readable.
d) The operator shall keep a log of any changes to the wagering rules relating to placing wagers.
e) Where wagering rules are altered for events or markets being offered, all rule changes must be
time and date stamped showing the rule applicable in each period. If multiple rules apply to an
event or market, the operator shall apply the rules that were in place when the wager was
accepted.
General Rules Content
The following information must be made available to the player. For wagers placed within a venue,
it is acceptable for this information to be displayed by the Wagering Device directly or by external
signage, forms, or brochures available:
a) The methods of funding a wager or player account, including a clear and concise explanation of
all fees (if applicable);
b) As allowed by the regulatory body, any prizes that are offered in the form of merchandise,
annuities, lump sum payments, or payment plans instead of cash payouts for each market that is
offering such a prize;
c) The procedures by which any unrecoverable malfunctions of hardware/software are addressed
including if this process results in the voiding of any wagers; and
d) The procedures to deal with interruptions caused by the discontinuity of data flow from the
network server during an event.
Wagering Information
In addition to the content of the previous section the following wagering information must be made
available to the player.
a) Rules of participation, including all wagering eligibility and scoring criteria, available events and
markets, types of wagers accepted, line postings, all advertised awards, and the effect of schedule
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
40
Version 1.1 Public Comment Draft
changes;
b) Payout information, including possible winning positions, rankings, and achievements, along
with their corresponding payouts, for any available wager option;
c) Any restrictive features of wagering, such as wager amounts or maximum win values;
d) A description on restricted players, including any applicable limitations on wagering for them
(e.g. athletes shall not wager on their sport);
e) The procedures for handling incorrectly posted events, markets, odds/payouts, prices, wagers,
or results;
f) A wager cancellation policy which must cater for wagers with multiple events (e.g., parlays) and
indicate any prohibitions of cancellation (e.g., after a fixed time period);
g) Whether the odds/payouts are locked-in at the time of the wager, or if the odds/payouts may
change dynamically prior to the commencement of the event and the method of noticing changes
to the odds/payouts;
h) For types of wagers where the odds/payouts are fixed at the time the wager is placed, any
situations where the odds/payouts may be adjusted such as atypical winning outcomes (e.g.,
dead heats), cancelled legs of wagers with multiple events (e.g., parlays), and prorating;
i) For types of wagers where individual wagers are gathered into pools, the rules for dividend
calculation including the prevailing formula for pool allocations and the stipulations of the event
being wagered upon as approved by the regulatory body;
j) A statement that the operator reserves the right to:
i. Refuse any wager or part of a wager or reject or limit selections prior to the acceptance of a
wager for reasons indicated to the player in these rules;
ii. Accept a wager at other than posted terms; and
iii. Close wagering periods at their discretion;
k) If prizes are to be paid for combinations involving participants other than solely the first-place
finisher (e.g., in an Olympic competition), the order of the participants that can be involved with
these prizes (e.g., result 8-4-7);
l) The rules for any exotic wagering options (e.g., perfecta, trifecta, quinella, etc.) and the expected
payouts;
m) What is to occur when an event or market is cancelled or withdrawn, including the handling of
selections wagers with multiple events (e.g., parlays) where one or more of these legs are
cancelled or withdrawn;
n) How a winning wager is determined and the handling of an award in any case where a tie is
possible;
o) The payment of winning wagers, including the redemption period and the method for calculation.
Where the calculation of payouts may involve rounding, information on how these circumstances
are handled must clearly explain:
i. Rounding up, down (truncation), true rounding; and
ii. Rounding to what level (e.g., 5 cents).
In-Play Wagering
The player shall be informed in the wagering rules that due to varying communication speeds or
broadcast transmission latencies:
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
41
Version 1.1 Public Comment Draft
a) Updates of the displayed information may put a player at a disadvantage to others who may have
more up-to-date information; and
b) There may be delays Incorporated in the registered time of an in-play wager to prevent past-post
wagers and cancellations.
Promotions and/or Bonuses
Players must be able to access information in the wagering rules pertaining to any available
promotions and/or bonuses, including how the player is notified when they have received a
promotional award or bonus win and the terms of their withdrawal. This information must be clear
and unambiguous, especially where promotions or bonuses are limited to certain events, markets, or
when other specific conditions apply.
Player Resources/Features
Where allowed by the regulatory body, the operator may provide resources/features such as one
that offers advice, hints, or suggestions to a player, or a data stream that may be used to externally
facilitate wager selection, if they conform to the following requirements:
a) The wagering rules must clearly describe the resources/features that are available, the advantage
it offers (if any), and the options that exist for selection.
b) The wagering rules must disclose the method for obtaining each resource/feature. Any player
resources/features that are offered to the player for purchase must clearly disclose the cost.
c) The availability and functionality of player resources/features must remain consistent for all
players.
d) For peer-to-peer wagering, the player shall be provided with sufficient information to make an
informed decision, prior to participation, as to whether to participate with player(s) who may
possess such resources/features.
A.6
Wagering Procedures and Controls
Odds/Payouts and Prices
There must be established procedures for setting and updating the odds/payouts and prices
including publicly providing the current odds/payouts and prices, changing odds/payouts and prices
as necessary to handle exceptions, and properly logging and periodically logging the odds/payouts
and prices.
Statistics/Line Data
The operator shall ensure that any statistics/line data that is made available to the player pertaining
to an event uses a source allowed by the regulatory body and is kept reasonably accurate and
updated. As required by the regulatory body, controls must be implemented for the operator to:
a) Review the accuracy and timeliness of any statistics/line services; and
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
42
Version 1.1 Public Comment Draft
b) When an incident or error occurs that results in a loss of communication with statistics/line
services, record the incident or error in a log along with the date and time of occurrence, its
duration, nature, and a description of its impact on the system’s performance. This information
must be maintained for a period of 90 days, or as otherwise specified by the regulatory body.
Suspending Markets or Events
There must be established procedures for suspending markets or events (i.e. stop accepting wagers
for that market or markets associated with that event). When wagering is suspended for an active
event, an entry must be made in an audit log that includes the date and time of suspension and its
reason.
Wager Cancellations
Wagering transactions cannot be modified except to be cancelled as provided for in the operator’s
published cancellation policy. A cancellation grace period may be offered to allow players to request
a cancellation of wagers placed. The following requirements apply to wager cancellations:
a) Player initiated cancellations may be authorized in accordance with the cancellation policy.
b) Operator initiated cancellations must provide a reason for cancellation to a player (e.g., past-post
wager).
Wagering Periods
Documentation must be in place to provide how the wagering period is controlled. This would
include any cases where the wagering period is first opened, when it is closed, or any other time in
between where a wager is unable to be placed (e.g., odds/payouts and prices are being updated).
Results
Before publicly announcing results and declaring winners, there shall be a policy for the confirmation
of results based on qualified and approved sources, unless automated by an external feed. If an
external feed is in use, there must be procedures in place for cases where access to the external feed
is unavailable. There must also be a procedure in place to handle changes in results (e.g., due to
statistics/line corrections).
Winning Wager Payment
In the event of a failure of the Event Wagering System’s ability to pay winning wagers, the operator
shall have controls detailing the method of paying these wagers.
Virtual Events
An operator who offers virtual event wagering must maintain all information necessary to
adequately reconstruct the virtual events, including the virtual event outcome and/or virtual
participant actions, conducted within the past 90 days or as required by the regulatory body. This
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
43
Version 1.1 Public Comment Draft
information may be recorded by the Event Wagering System or associated equipment, using some
combination of text, logs, video, graphics, screen captures, or other means (e.g., “flight recorder”
mechanism). Alternatively, procedures may be included to have the public display of the virtual event
be recorded by the surveillance system.
A.7
Wagering Venue Specifications
Venue Verification Audit
The wagering venue will be required to meet the applicable aspects of the appropriate policy and/or
procedure documents as determined by the operator in consultation with the regulatory body. To
maintain the integrity of wagering operations, venues may be subject to an additional verification
audit as required by the regulatory body. The following specifications apply to venues:
Wagering Equipment
The venue must provide a secure location for the placement, operation, and usage of wagering
equipment, including Wagering Devices, displays, and communications equipment. Security policies
and procedures must be in place and reviewed periodically to ensure that risks are identified,
mitigated and underwritten by contingency plans. In addition:
a) Wagering equipment must be installed according to a defined plan and records of all installed
wagering equipment must be maintained.
b) Wagering equipment must be sited or protected to reduce the risks from:
i. Environmental threats and hazards;
ii. Opportunities for unauthorized access;
iii. Power failures; and
iv. Other disruptions caused by failures in supporting utilities.
c) Access to the wagering equipment by an employee must be controlled by a secure logon
procedure or other secure process approved by the regulatory body to ensure that only
authorized employees are allowed access. It must not be possible to modify the configuration
settings of the wagering equipment without an authorized secure process.
d) A user session, where supported by wagering equipment, is initiated by the employee logging in
to their user account using their secure username and password or an alternative means for the
employee to provide identification information as allowed by the regulatory body.
i. All available options presented to the employee must be tied to their user account.
ii. If the wagering equipment does not receive input from the employee within 5 minutes, or a
period specified by the regulatory body, the user session must time out or lock up, requiring
the employee to re-establish their login in order to continue.
e) To ensure its continued availability and integrity, wagering equipment must be correctly
maintained, inspected and serviced at regular intervals to ensure that it is free from defects or
mechanisms that could interfere with its operation.
f) Prior to disposal or re-use, wagering equipment containing storage media must be checked to
ensure that any licensed software, player account information, and other sensitive information
has been removed or securely overwritten (i.e., not just deleted).
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
44
Version 1.1 Public Comment Draft
Wagering Operations
The following procedures must be in place for wagering operations within the venue:
a) Procedures to enable a suitable response to any security issue within the venue.
b) Procedures to prevent any person from tampering with or interfering with the operation of any
wagering or wagering equipment;
c) Procedures to describe the operations and the servicing of POS Wagering Devices and Self-
Service Wagering Devices, including the handling of error conditions and performing
reconciliations;
d) Procedures for wager transactions using a POS Wagering Device, including:
i. Accepting wagers from players only during the wager period;
ii. Notifying players if their wager attempt is rejected;
iii. Requiring the recording of player data or player account registration if their wager exceeds a
value specified by the regulatory body;
iv. Providing notification of any odds/payouts or price changes which occur while attempting to
process a wager;
v. Providing a player access to a wager record once the wager is authorized;
e) Procedures for handling cancelled events and withdrawn selections for wagers with multiple
events (e.g., parlays), including providing refunds to players who were not refunded
automatically by the system (e.g., wagers placed anonymously); and
f) Procedures for redemption of winning wagers, including:
i. Scanning the barcode of a wager record (via a barcode reader or equivalent); or
ii. Manually inputting the wager identification number and performing a verification with the
system.
Surveillance and Recording
The venue will be required to install, maintain, and operate a surveillance system that has the
capability to monitor and record continuous unobstructed views of all wagering and financial
transactions as well as any dynamic displays of wagering information. Procedures must be in place
to ensure that the recording:
a) Covers the defined wagering areas with sufficient detail to identify any discrepancies;
b) Is captured in such a way that precludes interference or deletion;
c) Can be reviewed by the operator and/or regulatory body in the event of a player
complaint/dispute; and
d) Is kept for at least 90 days or as required by the regulatory body.
A.8
Monitoring Procedures
Monitoring for Collusion and Fraud
The operator shall take measures designed to reduce the risk of collusion or fraud, including having
procedures for:
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
45
Version 1.1 Public Comment Draft
a) Identifying and/or refusing to accept suspicious wagers which may indicate cheating,
manipulation, interference with the regular conduct of an event, or violations of the integrity of
any event on which wagers were made;
b) Reasonably detecting irregular patterns or series of wagers to prevent player collusion or the
unauthorized use of artificial player software; and
c) Monitoring and detecting events and/or irregularities in volume or swings in odds/payouts and
prices which could signal suspicious activities as well as all changes to odds/payouts and prices
and/or suspensions throughout an event.
Anti-Money Laundering (AML) Monitoring
The operator shall have AML procedures and policies put in place, as required by the regulatory body,
to ensure that:
a) Employees are trained in AML, and this training is kept up to date;
b) Player accounts are monitored for opening and closing in short time frames and for deposits and
withdrawals without associated wagering transactions; and
c) Aggregate transactions over a defined period may require further due diligence checks and may
be reportable to the relevant organization if they exceed the threshold prescribed by the
regulatory body.
Location Service Provider
The operator, who offers remote wagering, or a third-party location service provider authorized by
the regulatory body must, where required by the regulatory body:
a) Have procedures to maintain a real-time data feed of all location checks and an up-to-date list of
potential location fraud risks (e.g., fake location apps, virtual machines, remote desktop
programs, etc.);
b) Offer an alert system to identify unauthorized or improper access;
c) Allow periodic audits to assess and measure its continued ability to detect and mitigate existing
and emerging location fraud risks;
d) Ensure the location detection service or application used for location detection:
i. Utilizes closed-source databases (IP, proxy, VPN, etc.) that are frequently updated and
periodically tested for accuracy and reliability; and
ii. Undergoes frequent updates to maintain cutting-edge data collection, device compatibility,
and fraud prevention capabilities against location fraud risks.
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
46
Version 1.1 Public Comment Draft
Appendix B: Operational Audit for Technical Security Controls
B.1
Introduction to Technical Security Controls
General Statement
This appendix sets forth technical security controls which will be reviewed in an operational audit as
a part of the Event Wagering System evaluation, including, but not limited to, an information security
system (ISS) assessment, review of the operational processes that are critical to compliance,
penetration testing focused on the external and internal infrastructure as well as the applications
transferring, storing and/or processing player data and/or sensitive information, and any other
objectives established by the regulatory body. The security controls outlined in this appendix apply
to the following critical components of the system:
a) Components which record, store, process, share, transmit or retrieve sensitive information (e.g.,
validation numbers, PINs, player data);
b) Components which generate, transmit, or process random numbers used to determine the
outcome of virtual events (if applicable);
c) Components which store results or the current state of a player’s wager;
d) Points of entry to and exit from the above components (other systems which are able to
communicate directly with core critical systems); and
e) Communication networks which transmit sensitive information.
NOTE: It is also recognized that additional technical security controls which are not specifically included within
this standard will be relevant and required for an operational audit as determined by the operator and/or
regulatory body within their rules, regulations, and Minimum Internal Control Standards (MICS).
B.2
System Operation & Security
System Procedures
The operator shall be responsible for documenting and following the relevant Event Wagering
System procedures. These procedures must at least include the following as required by the
regulatory body:
a) Procedures for monitoring the critical components and the transmission of data of the entire
system, including communication, data packets, networks, as well as the components and data
transmissions of any third-party services involved, with the objective of ensuring integrity,
reliability and accessibility;
b) Procedures and security standards for the maintenance of all aspects of security of the system to
ensure secure and reliable transactions, including protection from hacking or tampering;
c) Procedures for defining, monitoring, documenting, and reporting, investigating, responding to,
and resolving security incidents, including detected breaches and suspected or actual hacking or
tampering with the system;
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
47
Version 1.1 Public Comment Draft
d) Procedure for monitoring and adjusting resource consumption and maintaining a log of the
system performance, including a function to compile performance reports;
e) Procedures to investigate, document and resolve malfunctions, which address the following:
i. Determination of the cause of the malfunction;
ii. Review of relevant records, reports, logs, and surveillance records;
iii. Repair or replacement of the critical component;
iv. Verification of the integrity of the critical component before restoring it to operation;
v. Filing an incident report with the regulatory body and documenting the date, time and reason
for the malfunction along with the date and time the system is restored; and
vi. Voiding wagers and pays if a full recovery is not possible.
Physical Location of Servers
The Event Wagering System server(s) must be housed in one or more secure location(s) which may
be located locally, within a single venue, or may be remotely located outside of the venue as allowed
by the regulatory body. In addition, secure location(s) must:
a) Have sufficient protection against alteration, tampering or unauthorized access;
b) Be equipped with a surveillance system that must meet the procedures put in place by the
regulatory body;
c) Be protected by security perimeters and appropriate entry controls to ensure that access is
restricted to only authorized personnel and that any attempts at physical access are recorded in
a secure log; and
d) Be equipped with controls to provide physical protection against damage from fire, flood,
hurricane, earthquake and other forms of natural or manmade disaster.
Logical Access Control
The Event Wagering System must be logically secured against unauthorized access by authentication
credentials allowed by the regulatory body, such as passwords, multi-factor authentication, digital
certificates, PINs, biometrics, and other access methods (e.g., magnetic swipe, proximity cards,
embedded chip cards).
a) Each user must have their own individual authentication credential whose provision must be
controlled through a formal process.
b) Authentication credential records must be maintained either manually or by systems that
automatically record authentication changes and force authentication credential changes.
c) The storage of authentication credentials must be secure. If any authentication credentials are
hard coded on a component of the system, they must be encrypted.
d) A fallback method for failed authentication (e.g., forgotten passwords) must be at least as strong
as the primary method.
e) Lost or compromised authentication credentials and authentication credentials of terminated
users must be deactivated, secured or destroyed as soon as reasonably possible.
f) The system must have multiple security access levels to control and restrict different classes of
access to the server, including viewing, changing or deleting critical files and directories.
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
48
Version 1.1 Public Comment Draft
Procedures must be in place to assign, review, modify, and remove access rights and privileges
to each user, including:
i. Allowing the administration of user accounts to provide an adequate separation of duties;
ii. Limiting the users who have the requisite permissions to adjust critical system parameters;
iii. The enforcement of adequate authentication credential parameters such as minimum length,
and expiration intervals; and
g) Procedures must be in place to identify and flag suspect accounts where authentication
credentials may have been stolen.
h) Any logical access attempts to the system applications or operating systems must be recorded in
a secure log.
i) The use of utility programs which can override application or operating system controls must be
restricted and tightly controlled.
NOTE: Where passwords are used as an authentication credential, it is recommended that they are changed at
least once every 90 days, are at least 8 characters in length and contain a combination of at least two of the
following criteria: upper case letters, lower case letters, numeric and/or special characters.
User Authorization
The Event Wagering System must implement the following user authorization requirements:
a) A secure and controlled mechanism must be employed that can verify that the system component
is being operated by an authorized user on demand and on a regular basis as required by the
regulatory body.
b) The use of automated equipment identification to authenticate connections from specific
locations and equipment must be documented and must be included in the review of access rights
and privileges.
c) Any authorization information communicated by the system for identification purposes must be
obtained at the time of the request from the system and not be stored on the system component.
d) The system must allow for system administrator notification and user lockout or audit trail entry,
after a set number of unsuccessful authorization attempts.
Server Programming
The Event Wagering System must be sufficiently secure to prevent any user-initiated programming
capabilities on the server that may result in modifications to the database. However, it is acceptable
for network or system administrators to perform authorized network infrastructure maintenance or
application troubleshooting with sufficient access rights. The server must also be protected from the
unauthorized execution of mobile code.
Verification Procedures
There must be procedures in place for verifying on demand that the critical control program
components of the Event Wagering System in the production environment are identical to those
approved by the regulatory body.
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
49
Version 1.1 Public Comment Draft
a) Signatures of the critical control program components must be gathered from the production
environment through a process to be approved by the regulatory body.
b) The process must include one or more analytical steps to compare the current signatures of the
critical control program components in the production environment with the signatures of the
current approved versions of the critical control program components.
c) The output of the process must be stored in an unalterable format, which detail the verification
results for each critical control program authentication and:
i. Be recorded in a system log or report which must be retained for a period of 90 days or as
otherwise specified by the regulatory body;
ii. Be accessible by the regulatory body in a format which will permit analysis of the verification
records by the regulatory body; and
iii. Comprise part of the system records which must be recovered in the event of a disaster or
equipment or software failure.
d) Any failure of verification of any component of the system must require a notification of the
authentication failure being communicated to the operator and regulatory body as required.
e) There must be a process in place for responding to authentication failures, including determining
the cause of the failure and performing the associated corrections or reinstallations needed in a
timely manner.
Electronic Document Retention System
Reports required by this standard and the regulatory body may be stored in an electronic document
retention system provided that the system:
a) Is properly configured to maintain the original version along with all subsequent versions
reflecting all changes to the report;
b) Maintains a unique signature for each version of the report, including the original;
c) Retains and reports a complete log of changes to all reports including who (user identification)
performed the changes and when (date and time);
d) Provides a method of complete indexing for easily locating and identifying the report including
at least the following (which may be input by the user):
i. Date and time report was generated;
ii. Application or system generating the report;
iii. Title and description of the report;
iv. User identification of who is generating the report; and
v. Any other information that may be useful in identifying the report and its purpose;
e) Is configured to limit access to modify or add reports to the system through logical security of
specific user accounts;
f) Is configured to provide a complete audit trail of all administrative user account activity.
g) Is properly secured through use of logical security measures (user accounts with appropriate
access, proper levels of event logging, and document the version control, etc.);
h) Is physically secured with all other critical components of the Event Wagering System; and
i) Is equipped to prevent disruption of report availability and loss of data through hardware and
software redundancy best practices, and backup processes.
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
50
Version 1.1 Public Comment Draft
Asset Management
All assets housing, processing or communicating sensitive information, including those comprising
the operating environment of the Event Wagering System and/or its components, must be accounted
for and have a nominated owner.
a) An inventory must be drawn up and maintained of all assets holding controlled items.
b) A procedure must exist for adding new assets and removing assets from service.
c) A policy must be included on the acceptable use of assets associated with the system and its
operating environment.
d) Each asset must have a designated “owner” responsible for:
i. Ensuring that information and assets are appropriately classified in terms of their criticality,
sensitivity, and value; and
ii. Defining and periodically reviewing access restrictions and classifications.
e) A procedure must exist to ensure that recorded accountability for assets is compared with actual
assets at intervals required by the regulatory body and appropriate action is taken with respect
to discrepancies.
f) Copy protection to prevent unauthorized duplication or modification of software may be
implemented provided that:
i. The method of copy protection is fully documented and provided to the independent test
laboratory, to verify that the protection works as described; or
ii. The program or component involved in enforcing the copy protection can be individually
verified by the methodology approved by the regulatory body.
B.3
Backup and Recovery
Data Security
The Event Wagering System must provide a logical means for securing the player and wagering data,
including accounting, reporting, significant event, or other sensitive information, against alteration,
tampering, or unauthorized access.
a) Appropriate data handling methods must be implemented, including validation of input and
rejection of corrupt data.
b) The number of workstations where critical applications or associated databases may be accessed
must be limited.
c) Encryption or password protection or equivalent security must be used for files and directories
containing data. If encryption is not used, the operator shall restrict users from viewing the
contents of such files and directories, which at a minimum must provide for the segregation of
system duties and responsibilities as well as the monitoring and recording of access by any
person to such files and directories.
d) The normal operation of any equipment that holds data must not have any options or
mechanisms that may compromise the data.
e) No equipment may have a mechanism whereby an error will cause the data to automatically clear.
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
51
Version 1.1 Public Comment Draft
f) Any equipment that holds data in its memory must not allow removal of the information unless
it has first transferred that information to the database or other secured component(s) of the
system.
g) Data must be stored in areas of the server that are encrypted and secured from unauthorized
access, both external and internal.
h) Production databases containing data must reside on networks separated from the servers
hosting any user interfaces.
i) Data must be maintained at all times regardless of whether the server is being supplied with
power.
j) Data must be stored in such a way as to prevent the loss of the data when replacing parts or
modules during normal maintenance.
Data Alteration
The alteration of any accounting, reporting or significant event data must not be permitted without
supervised access controls. In the event any data is changed, the following information must be
documented or logged:
a)
b)
c)
d)
e)
f)
Unique ID number for the alteration;
Data element altered;
Data element value prior to alteration;
Data element value after alteration;
Time and date of alteration; and
Personnel that performed alteration (user identification).
Backup Frequency
Backup scheme implementation must occur at least once every day or as otherwise specified by the
regulatory body, although all methods will be reviewed on a case-by-case basis.
Storage Medium Backup
Audit logs, system databases, and any other pertinent player and wagering data must be stored using
reasonable protection methods. The Event Wagering System must be designed to protect the
integrity of this data in the event of a failure. Redundant copies of this data must be kept on the system
with open support for backups and restoration, so that no single failure of any portion of the system
would cause the loss or corruption of data.
a) The backup must be contained on a non-volatile physical medium, or an equivalent architectural
implementation, so that should the primary storage medium fail, the functions of the system and
the process of auditing those functions can continue with no critical data loss.
b) Where the regulatory body allows for the use of cloud platforms, if the backup is stored in a cloud
platform, another copy may be stored in a different cloud platform.
c) If hard disk drives are used as backup media, data integrity must be assured in the event of a disk
failure. Acceptable methods include, but are not limited to, multiple hard drives in an acceptable
RAID configuration, or mirroring data over two or more hard drives.
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
52
Version 1.1 Public Comment Draft
d) Upon completion of the backup process, the backup media is immediately transferred to a
location physically separate from the location housing the servers and data being backed up (for
temporary and permanent storage).
i. The storage location is secured to prevent unauthorized access and provides adequate
protection to prevent the permanent loss of any data.
ii. Backup data files and data recovery components must be managed with at least the same
level of security and access controls as the system.
NOTE: The distance between the two locations should be determined based on potential environmental threats
and hazards, power failures, and other disruptions but should also consider the potential difficulty of data
replication as well as being able to access the recovery site within a reasonable time (Recovery Time Objective).
System Failure
The Event Wagering System must have sufficient redundancy and modularity so that if any single
component or part of a component fails, the functions of the system and the process of auditing those
functions can continue with no critical data loss. When two or more components are linked:
a) The process of all wagering operations between the components must not be adversely affected
by restart or recovery of either component (e.g., transactions are not to be lost or duplicated
because of recovery of one component or the other); and
b) Upon restart or recovery, the components must immediately synchronize the status of all
transactions, data, and configurations with one another.
Accounting of Master Resets
The operator shall be able to identify and properly handle the situation where a master reset has
occurred on any component which affects wagering operations.
Recovery Requirements
In the event of a catastrophic failure when the Event Wagering System cannot be restarted in any
other way, it must be possible to restore the system from the last backup point and fully recover. The
contents of that backup must contain the following critical information including, but not limited to:
a)
b)
c)
d)
The recorded information specified under the section entitled “Information to be Maintained”;
Specific site or venue information such as configuration, security accounts, etc.;
Current system encryption keys; and
Any other system parameters, modifications, reconfiguration (including participating sites or
venues), additions, merges, deletions, adjustments and parameter changes.
Uninterruptible Power Supply (UPS) Support
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
53
Version 1.1 Public Comment Draft
All system components must be provided with adequate primary power. Where the server is a stand-
alone application, it must have an Uninterruptible Power Supply (UPS) connected and must have
sufficient capacity to permit a graceful shut-down and that retains all player and wagering data
during a power loss. It is acceptable that the system may be a component of a network that is
supported by a network-wide UPS provided that the server is included as a device protected by the
UPS. There must be a surge protection system in use if not incorporated into the UPS itself.
Business Continuity and Disaster Recovery Plan
A business continuity and disaster recovery plan must be in place to recover wagering operations if
the Event Wagering System’s production environment is rendered inoperable. The business
continuity and disaster recovery plan must:
a) Address the method of storing player and wagering data to minimize loss. If asynchronous
replication is used, the method for recovering data must be described or the potential loss of data
must be documented;
b) Delineate the circumstances under which it will be invoked;
c) Address the establishment of a recovery site physically separated from the production site;
d) Contain recovery guides detailing the technical steps required to re-establish wagering
functionality at the recovery site; and
e) Address the processes required to resume administrative operations of wagering activities after
the activation of the recovered system for a range of scenarios appropriate for the operational
context of the system.
B.4
Communications
General Statement
This section will discuss the various wired and wireless communication methods, including
communications performed across the internet or a public or third-party network, as allowed by the
regulatory body.
Connectivity
Only authorized devices must be permitted to establish communications between any system
components. The Event Wagering System must provide a method to:
a) Enroll and un-enroll system components;
b) Enable and disable specific system components;
c) Ensure that only enrolled and enabled system components, including Wagering Devices,
participate in wagering operations; and
d) Ensure that the default condition for components must be un-enrolled and disabled.
Communication Protocol
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
54
Version 1.1 Public Comment Draft
Each component of the Event Wagering System must function as indicated by a documented secure
communication protocol.
a) All protocols must use communication techniques that have proper error detection and recovery
mechanisms, which are designed to prevent intrusion, interference, eavesdropping and
tampering. Any alternative implementations will be reviewed on a case-by-case basis and
approved by the regulatory body.
b) All data communications critical to wagering or player account management must employ
encryption and authentication.
c) Communication on the secure network must only be possible between approved system
components that have been enrolled and authenticated as valid on the network. No unauthorized
communications to components and/or access points must be allowed.
Communications Over Internet/Public Networks
Communications between any system components, including Wagering Devices, which takes place
over internet/public networks, must be secure by a means approved by the regulatory body. Player
data, sensitive information, wagers, results, financial information, and player transaction information
must always be encrypted over the internet/public network and protected from incomplete
transmissions, misrouting, unauthorized message modification, disclosure, duplication or replay.
Wireless Local Area Network (WLAN) Communications
Wireless Local Area Network (WLAN) communications, as allowed by the regulatory body, must
adhere to the applicable jurisdictional requirements specified for wireless devices and network
security. In the absence of specific jurisdictional standards, the “Wireless Device Requirements” and
“Wireless Network Security Requirements” of GLI-26 Standards for Wireless Systems must be used as
applicable.
NOTE: It is imperative for operators to review and update internal control policies and procedures to ensure
the network is secure and threats and vulnerabilities are addressed accordingly. Periodic inspection and
verification of the integrity of the WLAN is recommended.
Network Security Management
Networks must be logically separated such that there should be no network traffic on a network link
which cannot be serviced by hosts on that link. The following requirements apply:
a) All network management functions must authenticate all users on the network and encrypt all
network management communications.
b) The failure of any single item must not result in a denial of service.
c) An Intrusion Detection System/Intrusion Prevention System (IDS/IPS) must be installed on the
network which can listen to both internal and external communications as well as detect or
prevent:
i. Distributed Denial of Service (DDOS) attacks;
ii. Shellcode from traversing the network;
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
d)
e)
f)
g)
h)
i)
j)
55
Version 1.1 Public Comment Draft
iii. Address Resolution Protocol (ARP) spoofing; and
iv. Other “Man-In-The-Middle” attack indicators and sever communications immediately if
detected.
In addition to the requirements in (c), an IDS/IPS installed on a WLAN must be able to:
i. Scan the network for any unauthorized or rogue access points or devices connected to any
access point on the network at least quarterly or as defined by the regulatory body;
ii. Automatically disable any unauthorized or rogue devices connected to the system; and
iii. Maintain a history log of all wireless access for at least the previous 90 days or as otherwise
specified by the regulatory body. This log must contain complete and comprehensive
information about all wireless devices involved and must be able to be reconciled with all
other networking devices within the site or venue.
Network Communication Equipment (NCE) must meet the following requirements:
i. NCE must be constructed in such a way as to be resistant to physical damage to the hardware
or corruption of the contained firmware/software by normal usage.
ii. NCE must be physically secured from unauthorized access.
iii. System communications via NCE must be logically secured from unauthorized access.
iv. NCE with limited onboard storage must, if the audit log becomes full, disable all
communication or offload logs to a dedicated log server.
All network hubs, services and connection ports must be secured to prevent unauthorized access
to the network. Unused services and non-essential ports must be either physically blocked or
software disabled whenever possible.
In virtualized environments, redundant server instances may not run under the same hypervisor.
Stateless protocols, such as UDP (User Datagram Protocol), may not be used for sensitive
information without stateful transport. Note that although HTTP (Hypertext Transport Protocol)
is technically stateless, if it runs on TCP (Transmission Control Protocol) which is stateful, this is
allowed.
All changes to network infrastructure (e.g., network communication equipment configuration)
must be logged.
Virus scanners and/or detection programs must be installed on all systems. These programs
must be updated regularly to scan for new strains of viruses.
B.5
Third-Party Service Providers
Third-Party Communications
Where communications with third-party service providers are implemented, such as player loyalty
programs, financial services (banks, payment processors, etc.), location service providers, cloud
service providers, statistics/line services, and identity verification services, the following
requirements apply:
a) The Event Wagering System must be capable of securely communicating with third-party service
providers using encryption and strong authentication.
b) All login events involving third-party service providers must be recorded to an audit file.
c) Communication with third-party service providers must not interfere or degrade normal Event
Wagering System functions.
i. Third-party service provider data must not affect player communications.
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
56
Version 1.1 Public Comment Draft
ii. Connections to third-party service providers must not use the same network infrastructure
as player connections.
iii. Wagering must be disabled on all network connections except for the player network;
iv. The system must not route data packets from third-party service providers directly to the
player network and vice-versa
v. The system must not act as IP routers between player networks and third-party service
providers.
d) All financial transactions must be reconciled with financial institutions and payment processors
daily or as otherwise specified by the regulatory body.
Third-Party Services
The security roles and responsibilities of third-party service providers must be defined and
documented as required by the regulatory body. The operator shall have policies and procedures for
managing them and monitoring their adherence to relevant security requirements:
a) Agreements with third-party service providers involving accessing, processing, communicating
or managing the system and/or its components, or adding products or services to the system
and/or its components must cover all relevant security requirements.
b) The services, reports and records provided by the third-party service providers must be
monitored and reviewed annually or as required by the regulatory body.
c) Changes to the provision of third-party service providers, including maintaining and improving
existing security policies, procedures and controls, must be managed, taking account of the
criticality of systems and processes involved and re-assessment of risks.
d) The access rights of third-party service providers to the system and/or its components must be
removed upon termination of their contract or agreement or adjusted upon change.
B.6
Technical Controls
Domain Name Service (DNS) Requirements
The following requirements apply to the servers used to resolve Domain Name Service (DNS) queries
used in association with the Event Wagering System.
a) The operator shall utilize a secure primary DNS server and a secure secondary DNS server which
are logically and physically separate from one another.
b) The primary DNS server must be physically located in a secure data center or a virtualized host in
an appropriately secured hypervisor or equivalent.
c) Logical and physical access to the DNS server(s) must be restricted to authorized personnel.
d) Zone transfers to arbitrary hosts must be disallowed.
e) DNS Security Extensions (DNSSEC) must be in place.
f) Multi-factor authentication must be in place.
g) Registry lock must be in place, so any request to change DNS server(s) will need to be verified
manually.
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
57
Version 1.1 Public Comment Draft
Cryptographic Controls
A policy on the use of cryptographic controls for protection of information must be developed and
implemented.
a) Any player data and/or sensitive information must be encrypted if it traverses a network with a
lower level of trust.
b) Data that is not required to be hidden but must be authenticated must use some form of message
authentication technique.
c) Authentication must use a security certificate from an approved organization.
d) The grade of encryption used must be appropriate to the sensitivity of the data.
e) The use of encryption algorithms must be reviewed periodically to verify that the current
encryption algorithms are secure.
f) Changes to encryption algorithms to correct weaknesses must be implemented as soon as
practical. If no such changes are available, the algorithm must be replaced.
g) Encryption keys must be stored on a secure and redundant storage medium after being encrypted
themselves through a different encryption method and/or by using a different encryption key.
Encryption Key Management
The management of encryption keys must follow defined processes established by the operator
and/or regulatory body. These defined processes must cover the following:
a)
b)
c)
d)
e)
Obtaining or generating encryption keys and storing them;
Managing the expiry of encryption keys, where applicable;
Revoking encryption keys;
Securely changing the current encryption keyset; and
Recovering data encrypted with a revoked or expired encryption key for a defined period after
the encryption key becomes invalid.
B.7
Remote Access and Firewalls
Remote Access Security
Remote access is defined as any access from outside the system or system network including any
access from other networks within the same site or venue. Remote access must only be allowed if
authorized by the regulatory body and must:
a)
b)
c)
d)
Be performed via a secured method;
Have the option to be disabled;
Accept only the remote connections permissible by the firewall application and system settings;
Be limited to only the application functions necessary for users to perform their job duties:
i. No unauthorized remote user administration functionality (adding users, changing
permissions, etc.) is permitted; and
ii. Unauthorized access to the operating system or to any database other than information
retrieval using existing functions is prohibited.
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
58
Version 1.1 Public Comment Draft
NOTE: Remote access security will be reviewed on a case-by-case basis, in conjunction with the
implementation of the current technology and approval from the regulatory body.
Remote Access Procedures and Guest Accounts
A procedure for strictly controlled remote access must be established. It is acknowledged that the
supplier may, as needed, access the system and its associated components remotely for product and
user support or updates/upgrades, as permitted by the regulatory body and the operator. This remote
access must use specific guest accounts which are:
a) Continuously monitored by the operator;
b) Disabled when not in use; and
c) Restricted through logical security controls to access only the necessary application(s) and/or
database(s) for the product and user support or providing updates/upgrades.
Remote Access Activity Log
The remote access application must maintain an activity log which updates automatically depicting
all remote access information, to include:
a)
b)
c)
d)
Identification of user(s) who performed and/or authorized the remote access;
Remote IP Addresses, Port Numbers, Protocols, and where possible, MAC Addresses;
Time and date the connection was made and duration of connection; and
Activity while logged in, including the specific areas accessed and changes made.
Firewalls
All communications, including remote access, must pass through at least one approved application-
level firewall. This includes connections to and from any non-system hosts used by the operator.
a) The firewall must be located at the boundary of any two dissimilar security domains.
b) A device in the same broadcast domain as the system host must not have a facility that allows an
alternate network path to be established that bypasses the firewall.
c) Any alternate network path existing for redundancy purposes must also pass through at least one
application-level firewall.
d) Only firewall-related applications may reside on the firewall.
e) Only a limited number of user accounts may be present on the firewall (e.g., network or system
administrators only).
f) The firewall must reject all connections except those that have been specifically approved.
g) The firewall must reject all connections from destinations which cannot reside on the network
from which the message originated (e.g., RFC1918 addresses on the public side of an internet
firewall).
h) The firewall must only allow remote access over the most up to date encrypted protocols.
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
59
Version 1.1 Public Comment Draft
Firewall Audit Logs
The firewall application must maintain an audit log and must disable all communications and
generate an error if the audit log becomes full. The audit log must contain:
a) All changes to configuration of the firewall;
b) All successful and unsuccessful connection attempts through the firewall; and
c) The source and destination IP Addresses, Port Numbers, Protocols, and where possible, MAC
Addresses.
NOTE: A configurable parameter ‘unsuccessful connection attempts’ may be utilized to deny further connection
requests should the predefined threshold be exceeded. The system administrator must also be notified.
Firewall Rules Review
If required by the regulatory body, the firewall rules must be periodically reviewed to verify the
operating condition of the firewall and the effectiveness of its security configuration and rule sets
and must be performed on all the perimeter firewalls and the internal firewalls.
B.8
Change Management
General Statement
A change management policy is selected by the regulatory body for handling updates to the Event
Wagering System and its components based on the propensity for frequent system upgrades and
chosen risk tolerance. For systems that require frequent updates, a risk-based change management
program may be utilized to afford greater efficiency in deploying updates. Risk-based change
management programs typically include a categorization of proposed changes based on regulatory
impact and define associated certification procedures for each category. The independent test
laboratory will evaluate the system and future modifications in accordance with the change
management policy selected by the regulatory body.
Program Change Control Procedures
Program change control procedures must be adequate to ensure that only authorized versions of
programs are implemented on the production environment. These change controls must include:
a) An appropriate software version control or mechanism for all software components and source
code;
b) Records kept of all new installations and/or modifications to the system, including:
i. The date of the installation or modification;
ii. Details of the reason or nature of the installation or change such as new software, server
repair, significant configuration modifications;
iii. A description of procedures required to bring the new or modified component into service
(conversion or input of data, installation procedures, etc.);
iv. The identity of the user(s) performing the installation or modification;
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
60
Version 1.1 Public Comment Draft
c) A strategy for reverting back to the last implementation (rollback plan) if the install is
unsuccessful, including complete backups of previous versions of software and a test of the
rollback plan prior to implementation to the production environment;
d) A policy addressing emergency change procedures;
e) Procedures for testing and migration of changes;
f) Segregation of duties between the developers, quality assurance team, the migration team and
users; and
g) Procedures to ensure that technical and user documentation is updated as a result of a change.
Software Development Life Cycle
The acquisition and development of new software must follow defined processes established by the
operator and/or regulatory body.
a) The production environment must be logically and physically separated from the development
and test environments. When cloud platforms are used, no direct connection may exist between
the production environment and any other environment.
b) Development staff must be precluded from having access to promote code changes into the
production environment.
c) There must be a documented method to verify that test software is not deployed to the
production environment.
d) To prevent leakage of sensitive information, there must be a documented method to ensure that
raw production data is not used in testing.
e) All documentation relating to software and application development must be available and
retained for the duration of its lifecycle.
Patches
All patches should be tested whenever possible on a development and test environment configured
identically to the target production environment. Under circumstances where patch testing cannot
be thoroughly conducted in time to meet the timelines for the severity level of the alert and if
authorized by the regulatory body, then patch testing should be risk managed, either by isolating or
removing the untested component from the network or applying the patch and testing after the fact.
B.9
Periodic Security Testing
Technical Security Testing
Periodic technical security tests on the production environment must be performed as required by
the regulatory body to guarantee that no vulnerabilities putting at risk the security and operation of
the Event Wagering System exist. These tests must consist of a method of evaluation of security by
means of an attack simulation by a third-party following a known methodology, and the analysis of
vulnerabilities will consist in the identification and passive quantification of the potential risks of the
system. Unauthorized access attempts must be carried out up to the highest level of access possible
and must be completed with and without available authentication credentials (white box/black box
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
61
Version 1.1 Public Comment Draft
type testing). These allow assessments to be made regarding operating systems and hardware
configurations, including but not limited to:
a)
b)
c)
d)
e)
UDP/TCP port scanning;
Stack fingerprinting and TCP sequence prediction to identify operating systems and services;
Public Service Banner grabbing;
Web scanning using HTTP and HTTPS vulnerability scanners; and
Scanning routers using BGP (Border Gateway Protocol), BGMP (Border Gateway Multicast
Protocol) and SNMP (Simple Network Management Protocol).
Vulnerability Assessment
The purpose of the vulnerability assessment is to identify vulnerabilities, which could be later
exploited during penetration testing by making basic queries relating to services running on the
systems concerned. The assessment must include at least the following activities:
a) External Vulnerability Assessment – The targets are the network devices and servers which are
accessible by a third-party (both a person or a company), by means of a public IP (publicly
exposed), related to the system from which is possible to access sensitive information.
b) Internal Vulnerability Assessment – The targets are the internal facing servers (within the DMZ,
or within the LAN if there is no DMZ) related to the system from which is possible to access
sensitive information. Testing of each security domain on the internal network must be
undertaken separately.
Penetration Testing
The purpose of the penetration testing is to exploit any weaknesses uncovered during the
vulnerability assessment on any publicly exposed applications or systems hosting applications
processing, transmitting and/or storing sensitive information. The penetration testing must include
at least the following activities:
a) Network Layer Penetration Test – The test mimics the actions of an actual attacker exploiting
weaknesses in the network security examining systems for any weakness that could be used by
an external attacker to disrupt the confidentiality, availability and/or integrity of the network.
b) Application Layer Penetration Test – The test uses tools to identify weaknesses in the
applications with both authenticated and unauthenticated scans, analysis of the results to remove
false positives, and manual testing to confirm the results from the tools and to identify the impact
of the weaknesses.
Information Security Management System (ISMS) Audit
The audit of the Information Security Management System (ISMS) is to be conducted, including all
the locations where sensitive information are accessed, processed, transmitted and/or stored. The
ISMS will be reviewed against common information security principles in relation to confidentiality,
integrity and availability, such as the following sources or equivalent:
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
62
Version 1.1 Public Comment Draft
a) ISO / IEC 27001 – Information Security Management Systems;
b) Payment Card Industry Data Security Standards (PCI-DSS); and
c) World Lottery Association Security Control Standards (WLA-SCS).
Cloud Service Audit
An operator making use of a cloud service provider (CSP), as allowed by the regulatory body, to store,
transmit or process sensitive information must undergo a specific audit as required by the regulatory
body. The CSP will be reviewed against common information security principles in relation to the
provision and use of cloud services, such as ISO/IEC 27017 and ISO/IEC 27018, or equivalent.
a) If sensitive information is stored, processed or transmitted in a cloud environment, the applicable
requirements will apply to that environment, and will typically involve validation of both the
CSP’s infrastructure and the operator’s usage of that environment.
b) The allocation of responsibility between the CSP and the operator for managing security controls
does not exempt an operator from the responsibly of ensuring that sensitive information is
properly secured according to the applicable requirements.
c) Clear policies and procedures must be agreed between the CSP and the operator for all security
requirements, and responsibilities for operation, management and reporting must be clearly
defined and understood for each applicable requirement.
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
63
Version 1.1 Public Comment Draft
Glossary of Key Terms
Access Control – The process of granting or denying specific requests for obtaining and using
sensitive information and related services specific to a system; and to enter specific physical facilities
which houses critical network or system infrastructure.
Algorithm – A finite set of unambiguous instructions performed in a prescribed sequence to achieve
a goal, especially a mathematical rule or procedure used to compute a desired result. Algorithms are
the basis for most computer programming.
ARP, Address Resolution Protocol – The protocol used to translate IP addresses into MAC addresses
to support communication on a wireless or wired local area network. The ARP is a request and reply
protocol and it is communicated within the boundaries of a single network, never routed across
Internetwork nodes (connection points, either a redistribution point or an end point for data
transmissions).
Audit Trail – A record showing who has accessed a system and what operations the user has
performed during a given period.
Authentication – Verifying the identity of a user, process, software package, or device, often as a
prerequisite to allowing access to resources in a system.
Backup – A copy of files and programs made to facilitate recovery if necessary.
Barcode – An optical machine-readable representation of data. An example is a barcode found on
printed wager records.
Barcode Reader – A device that is capable of reading or interpreting a barcode. This may extend to
some smartphones or other electronic devices that can execute an application to read a barcode.
Biometrics – A biological identification input, such as fingerprints or retina patterns.
Bluetooth – A low power, short-range wireless communications protocol utilized for the
interconnection of cellular phones, computers, and other electronic devices, including Wagering
Devices. Bluetooth connections typically operate over distances of 10 meters or less and rely upon
short-wavelength radio waves to transmit data over the air.
Commission – An amount retained and not distributed by the operator from the total amount
wagered on an event.
Contingency Plan – Management policy and procedures designed to maintain or restore event
wagering operations, possibly at an alternate location, in the event of emergencies, system failures,
or disaster.
Coupon – A wagering instrument that is used primarily for promotional purposes and which can be
redeemed for restricted or unrestricted credits.
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
64
Version 1.1 Public Comment Draft
Critical Component – Any sub-system for which failure or compromise can lead to loss of player
entitlements, government revenue or unauthorized access to data used for generating reports for the
regulatory body.
Critical Control Program – A software program that controls behaviors relative to any applicable
technical standard and/or regulatory requirement.
Cryptographic RNG – A Random Number Generator (RNG) which is resistant to attack or
compromise by an intelligent attacker with modern computational resources who has knowledge of
the source code of the RNG and/or its algorithm. Cryptographic RNGs cannot be feasibly ‘broken’ to
predict future values.
Data Integrity – The property that data is both accurate and consistent and has not been altered in
an unauthorized manner in storage, during processing, and while in transit.
DDOS, Distributed Denial of Service – A type of attack where multiple compromised systems,
usually infected with a destructive software program, are used to target a single system. Victims of a
DDOS attack consist of both the end targeted system and all systems maliciously used and controlled
by the hacker in the distributed attack.
Dividend – The amount corresponding to the winner of a pari-mutuel wager.
DNS, Domain Name Service – The globally distributed internet database which (amongst other
things) maps machine names to IP numbers and vice-versa.
Domain – A group of computers and devices on a network that are administered as a unit with
common rules and procedures.
DRP, Disaster Recovery Plan – A plan for processing critical applications and preventing loss of data
in the event of a major hardware or software failure or destruction of facilities.
Encryption – The conversion of data into a form, called a ciphertext, which cannot be easily
understood by unauthorized people.
Encryption Key – A cryptographic key that has been encrypted in order to disguise the value of the
underlying plaintext.
Event – Occurrence related to sports, competitions, matches, and other types of activities approved
by the regulatory body on which wagers may be placed.
Event Wagering – The wagering on sports, competitions, matches, and other event types approved
by the regulatory body where the player places wagers on markets within an event.
Event Wagering System – The hardware, software, firmware, communications technology, other
equipment, as well as operator procedures implemented in order to allow player participation in
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
65
Version 1.1 Public Comment Draft
wagering, and, if supported, the corresponding equipment related to the display of the wager
outcomes, and other similar information necessary to facilitate player participation. The system
provides the player with the means to place and manage wagers. The system provides the operator
with the means to review player accounts, if supported, suspend events, generate various
wagering/financial transaction and account reports, input outcomes for events, and set any
configurable parameters.
Firewall – A component of a computer system or network that is designed to block unauthorized
access or traffic while still permitting outward communication.
Fixed Odds Wagers – Wager types where the payout is to be fixed at the time the wager is placed. If
the predictions are correct, the odds are first multiplied by each other and then by the amount of the
wager.
Free Play Mode – A mode that allows a player to participate in wagering without placing any
financial wager, principally for the purpose of learning or understanding wagering mechanics.
Geolocation – Identifying the real-world geographic location of an internet connected Remote
Wagering Device.
Group Membership – A method of organizing user accounts into a single unit (by job position)
whereby access to system functions may be modified at the unit level and the changes take effect for
all user accounts assigned to the unit.
Hash Algorithm – A function that converts a data string into an alpha-numeric string output of fixed
length.
HTTP, Hypertext Transfer Protocol – The underlying protocol used to define how messages are
formatted and transmitted, and what actions servers and browsers must take in response to various
commands.
In-Play Wager – A wager that is placed while an event is in-progress or actually taking place.
Internet – An interconnected system of networks that connects computers around the world via
TCP/IP.
IDS/IPS, Intrusion Detection System/Intrusion Prevention System – A system that inspects all
inbound and outbound network activity and identifies suspicious patterns that may indicate a
network or system attack from someone attempting to break into or compromise a system. Used in
computer security, intrusion detection refers to the process of monitoring computer and network
activities and analyzing those events to look for signs of intrusion in your system.
IP Address, Internet Protocol Address – A unique number for a computer that is used to determine
where messages transmitted on the Internet should be delivered. The IP address is analogous to a
house number for ordinary postal mail.
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
66
Version 1.1 Public Comment Draft
Jailbreaking – Modifying a smartphone or other electronic device to remove restrictions imposed
by the manufacturer or operator to allow the installation of unauthorized software.
Key – A value used to control cryptographic operations, such as decryption, encryption, signature
generation or signature verification.
Line Posting – A value that establishes a wager’s potential payout (e.g., money line + 175) or the
conditions for a wager to be considered a win or loss (e.g., point spread + 2.5).
MAC, Message Authentication Code – A cryptographic checksum on data that uses a symmetric key
to detect both accidental and intentional modifications of the data.
Malware – A program that is inserted into a system, usually covertly, with the intent of
compromising the confidentiality, integrity, or availability of the victim’s data, applications, or
operating system or of otherwise annoying or disrupting the victim.
“Man-In-The-Middle” Attack – An attack where the attacker secretly relays and possibly alters the
communication between two parties who believe they are directly communicating with each other.
Market – A wager type (e.g., money line, spread, over/under) on which opportunities are built for
wagering on one or more events.
Message Authentication – A security measure designed to establish the authenticity of a message
by means of an authenticator within the transmission derived from certain predetermined elements
of the message itself.
Mobile Code – Executable code that moves from computer to computer, including both legitimate
code and malicious code such as computer viruses.
Multi-Factor Authentication – A type of authentication which uses two or more of the following to
verify a user’s identity: Information known only to the user (e.g., a password, pattern or answers to
challenge questions); An item possessed by a user (e.g., an electronic token, physical token or an
identification card); A user’s biometric data (e.g., fingerprints, facial or voice recognition).
NCE, Network Communication Equipment – One or more devices that controls data communication
in a system including, but not limited to, cables, switches, hubs, routers, wireless access points, and
telephones
Operator – A person or entity that operates an Event Wagering System, using both the technological
capabilities of the Event Wagering System as well as their own internal procedures.
Pari-Mutuel Wagers – Wager types where individual wagers are gathered into a pool. The winnings
are calculated by sharing the pool among all winning bets.
Parlay – A single wager that links together two or more individual wagers and is dependent on all of
those wagers winning together.
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
67
Version 1.1 Public Comment Draft
Participant – The athlete, team, or other entity that competes in an event.
Password – A string of characters (letters, numbers, and other symbols) used to authenticate an
identity or to verify access authorization.
Past-Post Wager – A wager that was made after the result of an event is accepted or after the selected
participant has gained a material advantage (e.g., a score).
Perfecta (aka “Exacta”) – A wager in which the player picks the first and second place finishers in a
competition in the correct order.
Physics Engine – Specialized software that approximates the laws of physics, including behaviors
such as motion, gravity, speed, acceleration, mass, etc. for a virtual event’s elements or objects. The
physics engine is utilized to place virtual event elements/objects into the context of the physical
world when rendering computer graphics or video simulations.
PIN, Personal Identification Number – A numerical code associated with an individual and which
allows secure access to a domain, account, network, system, etc.
Player Account (aka “Wagering Account”) – An account maintained for a player where information
relative to wagering and financial transactions are recorded on behalf of the player including, but not
limited to, deposits, withdrawals, wagers, winnings, and balance adjustments. The term does not
include an account used solely by an operator to track promotional points or credits or similar
benefits issued by an operator to a player which may be redeemed for merchandise and/or services.
Player Data – Sensitive information regarding a player and which may include items such as full
name, date of birth, place of birth, social security number, address, phone number, medical or
employment history, or other personal information as defined by the regulatory body.
Player Loyalty Program – A program that provides incentives for players based on the volume of
play or revenue received from a player.
POS Wagering Device, Point-of-Sale Wagering Device – An attendant station that at a minimum
will be used by an attendant for the execution or formalization of wagers placed on behalf of a player.
Port – A physical entry or exit point of a module that provides access to the module for physical
signals, represented by logical information flows (physically separated ports do not share the same
physical pin or wire).
Printer – A Wagering Device peripheral that prints wager records and/or wagering instruments.
Proxy – A proxy is an application that “breaks” the connection between client and server. The proxy
accepts certain types of traffic entering or leaving a network and processes it and forwards it. This
effectively closes the straight path between the internal and external networks. Making it more
difficult for an attacker to obtain internal addresses and other details of the internal network.
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
68
Version 1.1 Public Comment Draft
Protocol – A set of rules and conventions that specifies information exchange between devices,
through a network or other media.
Quinella – A wager in which the first two places in a competition must be predicted, but not
necessarily in the finishing order.
Remote Access – Any access from outside the system or system network including any access from
other networks within the same site or venue.
Remote Wagering – Wagering conducted using Remote Wagering Devices on an in-venue wireless
network or over the internet, depending on the implementation(s) authorized by the regulatory
body.
Remote Wagering Device – A player-owned device operated either on an in-venue wireless
network or over the internet that at a minimum will be used for the execution or formalization of
wagers placed by a player directly. Examples of a Remote Wagering Device include a personal
computer, mobile phone, tablet, etc.
Risk – The likelihood of a threat being successful in its attack against a network or system.
RNG, Random Number Generator – A computational or physical device, algorithm, or system
designed to produce numbers in a manner indistinguishable from random selection.
Rooting – Attaining root access to the operating system code to modify the software code on the
mobile phone or other Remote Wagering Device or install software that the manufacturer would not
allow to be installed.
Secure Communication Protocol – A communication protocol that provides the appropriate
confidentiality, authentication and content integrity protection.
Security Certificate – Information, often stored as a text file that is used by the TSL (Transport
Socket Layers) Protocol to establish a secure connection. A Security Certificate contains information
about whom it belongs to, who it was issued by, valid dates, a unique serial number or other unique
identification that can be used to verify the contents of the certificate. In order for an TSL connection
to be created, both sides must have a valid Security Certificate, which is also called a Digital ID.
Security Policy – A document that delineates the security management structure and clearly assigns
security responsibilities and lays the foundation necessary to reliably measure progress and
compliance
Self-Service Wagering Device – A kiosk that at a minimum will be used for the execution or
formalization of wagers placed by a player directly and, if supported, may be used for redemption of
winning wager records.
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
69
Version 1.1 Public Comment Draft
Sensitive Information – Information such as player and wagering data, validation numbers, PINs,
player data, passwords, secure seeds and keys, and other data that must be handled in a secure
manner.
Server – A running instance of software that is capable of accepting requests from clients, and the
computer that executes such software. Servers operate within a Client‐Server Architecture, in which
“servers” are computer programs running to serve the requests of other programs (“clients”). In this
case the “server” would be the Event Wagering System and the “clients” would be the Wagering
Devices.
Shellcode – A small piece of code used as a payload in the exploitation of security. Shellcode exploits
vulnerability and allows an attacker the ability to reduce a system’s information assurance.
Stateless Protocol – A communications scheme that treats each request as an independent
transaction that is unrelated to any previous request so that the communication consists of
independent pairs of requests and responses.
System Administrator – The individual(s) responsible for maintaining the stable operation of the
Event Wagering System (including software and hardware infrastructure and application software).
TCP/IP, Transmission Control Protocol/Internet Protocol – The suite of communications
protocols used to connect hosts on the Internet.
Threat – Any circumstance or event with the potential to adversely impact network operations
(including mission, functions, image, or reputation), assets, or individuals through a system via
unauthorized access, destruction, disclosure, modification of information, and/or denial of service.
Also, the potential for a threat-source to successfully exploit a system vulnerability.
Time Stamp – A record of the current value of the Event Wagering System date and time which is
added to a message at the time the message is created.
Touch Screen – A video display device that also acts as a user input device by using electrical touch
point locations on the display screen.
Trifecta – A wager in which a player wins by selecting the first three finishers of a competition in the
correct order of finish.
Unauthorized Access – A person gains logical or physical access without permission to a network,
system, application, data, or other resource.
User Interface – An interface application or program through which the user views and/or interacts
with the Wagering Software to communicate their actions to the Event Wagering System.
Version Control – The method by which an evolving approved Event Wagering System is verified to
be operating in an approved state.
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.GLI-33 – Standards for Event Wagering Systems
70
Version 1.1 Public Comment Draft
Virtual Event Wagering – A form of wagering that allows for the placement of wagers on sports,
contests, and matches whose results are determined solely by an approved Random Number
Generator (RNG).
Virtual Participant – The athlete or other entity that competes in a virtual event.
Virus – A self-replicating program, typically with malicious intent, that runs and spreads by
modifying other programs or files.
Virus Scanner – Software used to prevent, detect and remove computer viruses, including malware,
worms and Trojan horses.
Voucher – A wagering instrument which can be redeemed for cash or used to subsequently redeem
for credits.
VPN, Virtual Private Network – A logical network that is established over an existing physical
network and which typically does not include every node present on the physical network.
Vulnerability – Software, hardware, or other weaknesses in a network or system that can provide a
“door” to introducing a threat.
Wager – Any commitment of credits or money by the player on the results of events.
Wager Record – A printed ticket or electronic message confirming the acceptance of one or more
wagers.
Wagering Device – An electronic device that converts communications from the Event Wagering
System into a human interpretable form and converts human decisions into communication format
understood by the Event Wagering System.
Wagering Instrument – A printed or virtual representative of value, other than a chip or token and
includes coupons and vouchers. A virtual wagering instrument is an electronic token exchanged
between a player’s mobile device and the wagering device which is used for credit insertion and
redemption.
Wagering Rules – Any written, graphical, and auditory information provided to the public regarding
event wagering operations.
Wagering Software – The software used to take part in wagering and financial transactions with the
Event Wagering System which, based on design, is downloaded to or installed on the Wagering
Device, run from the Event Wagering System which is accessed by the Wagering Device, or a
combination of the two. Examples of Wagering Software include proprietary download software
packages, html, flash, etc.
Wi-Fi – The standard wireless local area network (WLAN) technology for connecting computers and
electronic devices to each other and/or to the internet.
Copyright  2019 Gaming Laboratories International, LLC
All Rights Reserved.

42 LinkNYC Kiosks Vandalized by Brick Thrower

Surveillance video taken on April 16th, from 771 8th Ave (Midtown North Precinct) is attached and available at DCPI. Anyone with information in regard to the identity of this male is asked to call the NYPD’s Crime Stoppers Hotline at 1-800-577-TIPS (8477) or for Spanish, 1-888-57-PISTA (74782). The public can also submit their tips by logging onto the CrimeStoppers website at WWW.NYPDCRIMESTOPPERS.COM, on Twitter @NYPDTips.

PYMNTS.COM – Kiosks Going International

Published March 28 on Pymnts.com

Excerpt:

peerless-av kioskThere are other reasons, too.

For instance, kiosks can increase consumer spending, no matter the market, according to various reports and QSR-focused kiosk research from PYMNTS. The increase in consumer spending when ordering through self-service kiosks is 30 percentLéa French Street Food in Illinois, for example, found that kiosks encouraged customers to customize their orders. As a result, the restaurant noticed orders at the kiosk had much higher check sizes than counter orders. For example, kiosk orders had an average check size of $17.17, while counter orders had an average check size of $9.79.

When it comes to the future of kiosks, one market that certainly will lead the way is China, which by nearly all accounts is ahead of every other country when it comes to forms of unattended retail, including retail kiosks.

As Bloomberg has noted, kiosks have gained significant attention – that is, capital – from major retail and technology players. “Names from Alibaba Group Holding Ltd. and Tencent Holdings Ltd. to Walmart Inc. and Sequoia have poured more than $1.7 billion into startups such as Mr. Fresh and Xingbianli (Gorilla Convenience) that for now offer little more than tricked-out vending machines or kiosks,” the news provider said. The appeal of kiosks? Much of it has to do with serving the masses of office workers in cities such as Shanghai, the report said.

Cashless Stores Backlash – AP News

Associated Press story published on Oil City News 5/12/2019

Editors note: There should be a way to accept cash without the usual liabilities and the usual ways. Cash for credit conversion machines for example.

By ALEXANDRA OLSON and KEN SWEET AP Business Writers

NEW YORK (AP) — Hembert Figueroa just wanted a taco.

So he was surprised to learn the dollar bills in his pocket were no good at Dos Toros Taqueria in Manhattan, one of a small but growing number of establishments across the U.S. where customers can only pay by card or smartphone.

Cash-free stores are generating a backlash among some activists and liberal-leaning policymakers who say the practice discriminates against people like Figueroa, who either lack bank accounts or rely on cash for many transactions.

Figueroa, an ironworker, had to stand to the side, holding his taco, until a sympathetic cashier helped him find another customer willing to pay for his meal with a card in exchange for cash.

“I had money and I couldn’t pay,” he said.

Read complete story published on Oil City News 5/12/2019

Bill Payment Mistakes – Avoid These 12 mistakes

bill payment mistakes

The road to creating a payment kiosk is fraught with pitfalls that can wreak havoc on your bottom line if you’re not careful.

In this article I’m going to cover the 12 most common pitfalls I’ve seen companies fall into when building their first payment kiosk.

It was hard to limit the article to only the top 12, but top 100 would have been too lengthy a read.

I’m not going to get too technical here, as this article is geared more towards project managers than developers.

Here are the top 12 mistakes in no particular order…

1. Not budgeting for ongoing maintenance

The typical annual reoccurring cost for ongoing maintenance on a kiosk application is roughly 20% of the initial price tag.  This is not including the hardware warranty of service level agreements (labor for fixing broken parts).

If you spend $100,000 to develop the kiosk application, figure you should budget at least $20,000 annually for ongoing maintenance.

This might strike you as high, but as the developers out there will attest, technology moves fast, and you don’t want to fall far behind.

Servers need upgrading, frameworks need updating, bugs need fixing and there’s always new features to be added.

2. Kiosk is sluggish or unresponsive

A sluggish kiosk can result from a spotty internet connection or poor design.

The illusion of responsiveness matters.  For example, when the user is completing their order the kiosk should display an animation to show that it’s processing the customer’s request.

If the UI completely freezes, the customer will worry that the machine locked up.

On the other hand, if there’s an animation conveying the kiosk is busy processing the customer’s request, the customer will assume the kiosk is still responsive and not to worry.

3. Poorly handling internet outages

Internet outages are inevitable, so you better plan for them.

This doesn’t necessarily mean your kiosk needs to function in “offline mode.” At a minimum you should display a screen to indicating to the customer that your kiosk is out of order and helpful advice on how to solve their problem.

For example, “The kiosk is out of order, please pick up the red phone in the lobby and dial #0 for assistance.”

When possible, you should process transactions in offline mode and store them in a local database. Then sync them up with the server when internet connectivity is restored.

4. Too much text on the screen

Your kiosk is not a giant tablet or smart phone, so don’t treat it like one. Each screen should clearly and concisely communicate what you want the customer to do.

It’s better to have more screens that clearly guide the customer through the process, than a few cluttered and confusing screens. This is an amateur kiosk mistake.

Below is a good example from Redbox on how much text is appropriate.

5. Using the wrong enclosure (or none at all!)

The PC or tablet is the brains of your kiosk and it must be protected by a secure enclosure. Exposed USB ports are a hacker’s wet dream because they make it easy to install malware.

Several turnkey enclosure options are available for tablets and kiosks. Here are a few options…

Tablet Enclosures

Full Kiosk Enclosures

6. Not monitoring for downtime

Do your kiosks have regular downtime and you don’t even know it?  Are your customers opting for the cashier without your knowledge?

The answer may be YES if your system experiences regular downtime. Worst of all, you might not know the extent of the damage until your customers are thoroughly pissed off.

Kiosk downtime can cost you more than you think and it’s easy to monitor your kiosks in real-time so you can address issues quickly.

A couple good options which offer both monitoring and remote access include…

7. Unengaging kiosk attract screen

The kiosk attract screen is the first thing your customer sees when they approach your kiosk.

The kiosk attract screen should entice customers to engage with your kiosk.  Many times, this is not the case because the attract screen is poorly designed.

Below is a good example of a kiosk attract screen from McDonald’s.

A well-designed kiosk attract screen should incorporate the following:

  • Clearly communicate your kiosk’s purpose
  • Convey the benefit of using your kiosk
  • Use short, large and easily readable text
  • Incorporate eye-catching photography
  • Be relevant to your customer demographic

8. Waiting until too late to consider payment devices

This is one of the biggest problem’s companies encounter where they really paint themselves into a corner.

I regular get questions like, “how do I integrate payment device X into my Android app?”

Payment device manufacturers typically only support one or two operating systems (Windows, Linux, iOS, Android, etc.). In many cases the payment device manufacturer doesn’t make an SDK for Android, so you’re left with doing a very low-level hardware integration, or scrapping the entire kiosk app and starting over in a supported operating system.

I’m not trashing Android; my point is to consider early in your project if the payment device you need supports the operating system you want to use.

iOS and Android in particular, will have a limited selection when it comes to payment devices. Whereas Windows and Linux will have the broadest number of options.

This is one of those mistakes that can completely wreck your budget and timeline.

9. Failing to understand EMV and PCI Compliance

What’s the difference between EMV compliance vs PCI compliance?  The short answer is they’re both guidelines for protecting cardholder data for the purpose preventing fraud, but they focus on different elements of the credit card transaction.

“To clarify it even further and more simply, PCI is about making sure the card data doesn’t get stolen and is secure in the first place and EMV is making sure if the data IS stolen that the content is rendered useless.”

CPI

10. Not considering technical debt

Technical debt (also known as design debt or code debt) is a concept in software development that reflects the implied cost of additional rework caused by choosing an easy solution now instead of using a better approach that would take longer.

 Wikipedia

Technical debt is a broad term, but I’m going to use it in the context of the framework you use to develop your kiosk application (.NET, Electron, React Native, Swift, etc.).

Your code base will need regular maintenance, so make sure to select a popular framework which you can actually find developers to maintain.

Your developer may love coding in Flutter, but can you easily find a replacement in a pinch if your current developer were to quit?

The ugly truth is, whatever framework you choose today will seem old and outdated 2 years from now. You might as well choose a framework that’s popular and trending upwards.

11. Improperly storing customer data

A security breach is always a possibility. To minimize the risk, it’s best to ask ourselves, “What’s the worst thing a hacker could get if this kiosk got hacked?”

By not storing any cardholder or other sensitive data on the kiosk it goes a long way towards minimizing the damage if your kiosk were to get hacked.

Modern EMV devices will completely separate your kiosk application from the card holder data so you don’t even have the opportunity to store or transmit cardholder data.

12. Not offering concierge service for your first MVP kiosk

A minimum viable product (MVP) is a concept from Lean Startup that stresses the impact of learning in new product development. Eric Ries, defined an MVP as that version of a new product which allows a team to collect the maximum amount of validated learning about customers with the least effort. This validated learning comes in the form of whether your customers will actually purchase your product.

Agile Alliance

The kiosk MVP is a whole series unto itself. Long story short, get a basic version of your kiosk out in the real-world as soon as possible and start collecting real customer feedback.

In order to maximize the value of customer feedback, place a real-life human being near your kiosks to assist customers and see how they interact with your MVP kiosk.

As a developer, it’s easy to get ivory tower syndrome and think customers will know exactly how to use your kiosk. When in reality, this is likely the first time they’ve ever encountered your kiosk and it’s probably not as “user friendly” as you think.

You’ll learn a lot by listening to your first customers and be able to quickly incorporate their feedback to provide a superior self-service experience.

Wrapping Up

Self-service payment kiosks are a powerful tool for boosting sales, reducing customer wait times and combating a rising minimum wage, but it’s also a double-edged sword.

Due to the disconnected nature of self-service, it’s easy to lose touch with your customers and their needs.

This is why the concierge service for your first MVP kiosk is so critical.

By being forward thinking and following these tips, you will avoid some of the most common and costly pitfalls companies make on their first payment kiosk.

Andrew Savala
Andrew Savala
CEO at RedSwimmer Inc.
Andrew Savala is the CEO of RedSwimmer, with a background in designing and deploying complex payment kiosk systems.Andrew offers high-value, strategic consulting services to companies looking to develop their payment kiosks.

Kiosk Magazine – FMA Magazine Spring 2019

FMA Magazine Spring 2019 Issue Released

The Impulse Buy – The Psychology Behind Retail

  • How Interactive Can Change the Cannabis Dispensary Industry
  • Usability and Accessibility: Guidelines Brands Must Consider When Developing a Kiosk Program
  • The Psychology Behind Retail Marketing
  • On the Road with FMA

Frank Mayer and Associates, Inc. is a leader in the development of in-store merchandising displays, interactive kiosks, and store fixtures for brands and retailers nationwide. The company helps retailers and brands utilize the latest display solutions and technologies to create engaging customer experiences.

 

More on Frank Mayer and Associates, Inc.

Photo Kiosks – Generation Next Acquires Print Mates™

Generation Next Franchise Brands, Inc. Acquires Print Mates™, Expanding Company’s Unattended Retail Portfolio

photo kiosk printmates
Click photo kiosk image to expand to larger view

SAN DIEGO, CA, April 09, 2019 (GLOBE NEWSWIRE) — via NEWMEDIAWIRE – Generation NEXT Franchise Brands, Inc. (OTCQB: VEND) announced today that it has reached terms to acquire the assets of Print Mates, LLC, a small team of entrepreneurs, software engineers, and photography professionals in San Diego that are on a mission to reinvent the premium-quality photo printing experience by making it fast, fun, and inexpensive to get your photos “out of your phone and into your hand” with the Print Mates™ Kiosk.

Nick Yates, CEO of Generation NEXT Franchise Brands, said that the Print Mates assets will be held by a wholly owned subsidiary of Generation Next which will operate separately with its own facilities, staff, and resources. “It is extremely important to us that Print Mates, or any acquisition, is mature enough and has the right team, product and supply chain to operate independently, as a wholly-owned but separate subsidiary. For us, anything less would have been a non-starter,” Yates said, noting that the nationwide rollout of the company’s flagship unattended franchising concept, Reis & Irvy’s, has both his and Generation Next’s “undivided attention.”

“Print Mates™ is a turn-key subsidiary for us.  The team, facilities, manufacturing and product fulfillment; everything is in place. The Print Mates™ Kiosk perfectly complements our product portfolio, and is ready to ship. The timing of the acquisition was designed to allow us to be first to market with a complementary unattended retail concept that is even more autonomous than our flagship Reis & Irvy’s kiosks, requiring only about 30 minutes per month in human maintenance,” Yates said. “The ultimate goal however is to own and operate thousands of these replicating the Redbox/Coinstar model and the team at Print Mates has already established relationships and tests with the country’s largest retail, convenience and grocery chains.

Generation Next is assuming the liabilities of Print Mates, LLC in exchange for the assets. There is no cash consideration being paid by Generation Next to Print Mates or any of its members. The assets acquired include five patent applications, complete engineering documents for the kiosk, customer contracts, supplier agreements, intellectual property, and proprietary software. A contract with a Canadian licensee with a commitment to purchase $7,000,000 of Print Mates Kiosks over a 5-year term is part of the assets acquired by Generation Next. The liabilities assumed by Generation Next net of kiosk inventory value are approximately $300,000.

An Unfulfilled Demand in a Billion Dollar Industry

Due in large part to consumers’ adoption of the smartphone, at least 1.5 trillion photos are estimated to have been captured in 2018. Predictions to 2022 continue to show a compounded annual growth (CAGR) in that figure of greater than 10 percent, so that by 2022 the number of photos captured annually will grow to over 2.3 trillion.  Print Mates™ is an innovative new way to monetize consumers’ craze for the phone camera.

Print Mates™ unattended kiosks are designed to reinvent the premium-quality photo printing experience by making it fast, fun, and inexpensive to get your photos “out of your phone into your hand,” while creating a low-to-no maintenance, extremely high margin business opportunity in unattended retail for entrepreneurs and retailers.  Recent consumer research reports show that consumers in every age group – from tweens to Millennials; from Generation X to Baby Boomers – still desire to preserve their most cherished memories in high-quality photo prints. But until now, professional-quality, third party services that turned digital photos into prints were either too inconvenient, too slow, or too expensive for today’s consumer.

Print Mates™ easy-to-use, patented touchscreen kiosks are promising to close the loop on the consumer photo lifecycle, as well as drive much-needed foot traffic to traditional brick-and-mortar businesses ranging from supermarkets, grocery and drug stores to big box retailers, shopping malls, family fun centers, convenience stores, hotels, airports, and more.     The Print Mates™ Kiosks put reliable and quality photo printing at customers’ fingertips while allowing independent operators and business owners to earn a very high margin from each sale. Customers love using the Print Mates™ Kiosk because they can instantly, easily and cost-effectively print high-quality photos directly from their smartphones or through their favorite social media (Facebook, Instagram, Google Photos, Dropbox, and Flickr) photo sharing, or cloud storage accounts in six different sizes of prints in just seconds.

Consumers can also conveniently order decor and other photo products, gifts and accessories ranging from frames, picture books, posters, jumbo-sized prints, and fridge magnets to beautiful canvas and wood prints and have them conveniently shipped to their home with just a few taps. A soon-to-be-released software update will also add an option for passport photos, a product many retailers are asked for daily.

“The team at Print Mates is solving another problem with a simple, unattended retail kiosk solution,” Yates said. “We all have hundreds, if not thousands, of photos stuck in our cell phones and stored on social media accounts like Facebook and Instagram. The only reason most of us don’t print them is because we don’t have a convenient way to do so, staring us in the face,” Yates continued. “Print Mates kiosks can be placed in any number of location categories, from grocery chains to hotels and big box retailers, just to name a few.  And the kiosks earn extremely high margins on each sale with some products on the kiosks’ menu selling for as much as $125 dollars. The team at Print Mates has secured agreements to test the kiosks in some of the largest grocery, convenience and big box retail chains across the U.S., representing tens of thousands of potential locations, and our plan is to provide Generation Next, our shareholders, and our franchisees the exclusive opportunity to own, operate and share in the revenue provided by this extraordinary product,” Yates concluded.

Print Mates™ location partners will be supported by a unique marketing program that leverages Google Business to drive consumers in real time directly to their machines whenever they need to quickly and conveniently print their photos.  If a customer types “photo printing” in to the google search engine, it will point them to the closest Print Mates retailer. The strategy will be paired with a national regional marketing program to create awareness of the Print Mates™ brand.

Item 404 of Regulation S-K requires disclosure of any transaction over $120,000 in which the Company is a participant and any related person has a direct or indirect material interest. “Related persons” include directors, nominees, executive officers, five percent shareholders and their immediate family members. The present acquisition of the assets of Print Mates, LLC is a related party transaction as the sole member of Print Mates, LLC, Franklyn Yates, is an immediate family member (Brother) of Nicholas Yates, the CEO and Chairman of Generation Next Franchise Brands, Inc. The transaction has been duly authorized by the Board of Directors of the Company who have been informed of the related party interest.

Generation NEXT Website: www.gennextbrands.com

About Generation NEXT Franchise Brands, Inc.

Generation NEXT Franchise Brands, Inc., based in San Diego, California, is a publicly traded company on the OTC Markets trading under the symbol OTCBB: VEND. Generation NEXT Franchise Brands, Inc. is parent company to Reis and Irvy’s Inc, 19 Degrees Corporate Service LLC and Print Mates.www.gennextbrands.com

About Print Mates

Print Mates™ was formed by a team of entrepreneurs, engineers, and photography professionals in San Diego that are on a mission to reinvent the premium-quality photo printing experience by making it fast, fun, and inexpensive to get your photos “out of your phone and into your hand” with the Print Mates™ Kiosk – and creating a golden opportunity for retailers in the process.

Print Mates’™ easy-to-use, patented touchscreen kiosks are promising to close the loop on the consumer photo lifecycle, as well as drive much-needed foot traffic to traditional brick-and-mortar businesses ranging from supermarkets, grocery and drug stores to big box retailers, shopping malls, family fun centers, hotels, airports and more.

The company began a nationwide expansion in 2019 by offering retailers, business owners and forward-thinking retailers across the country an opportunity to own a piece of an emerging multi billion-dollar industry.

Print Mates™ Kiosks and ever-expanding product line of photographic decor, gifts, prints and accessories are proudly Made in the USA.www.printmates.com

About Reis & Irvy’s, Inc.

Reis & Irvy’s, Inc. is a subsidiary franchise concept of Generation NEXT Franchise Brands, Inc. (VEND). Launched in early 2016, the revolutionary Reis & Irvy’s Vending Robot serves seven different flavors of frozen yogurt, ice cream, sorbets and gelatos, a choice of up to six custom toppings, and to customers within 60 seconds or less at the point of sale. The unique franchise opportunity has since established itself as a high-demand product and currently showcases a franchise network both domestically as well as internationally. www.reisandirvys.com

McDonalds Kiosk Free Burger Hack from Australia

Two friends in Australia appear to have cracked the McDonald’s kiosk system, allowing them to score a free burger. A YouTube video shows the pals taking advantage of a burger discount by tricking the machine.

In the video, they order 10 burgers for $1 each using the kiosks. Then, they remove the meat from the ten burgers, which discounts each of the burgers by $1.10—leaving enough surplus to cover the cost of a regularly priced burger at McDonald’s.

Read full post on Delish

More on McDonalds Kiosks

CTS Launches Software for Check-In Workflow

Healthcare Software for Patient Check-In

Menomonee Falls, WI: Connected Technology Solutions (CTS) launched a workflow automation software product for kiosk users across all industries this week. Kwerk is the name of the new software, capable of quick, secure self-service without onsite servers. The software streamlines administrative processes by allowing users to check-in, update demographics, sign forms and make payments – ideal for businesses in healthcare, hospitality, security and transportation.

The software is fully customizable and can be branded to be consistent with any client’s brand standards. Capabilities of the software include: document and resources management, payment collection, real time data updates and API integration. Installing Kwerk can traditionally be done completely remotely, reducing employers’ on-site expenses.

Currently, Kwerk is integrated with AthenaHealth and Indian Health Services, with more integrations and deployments to be released in the fall of 2019. Ben Heise, Director of New Product Development at CTS, offered “Patient self-service is just the beginning. Kwerk was designed and is implemented to facilitate workflows from all industries. By providing
a cloud-based workflow solution on Chrome, Kwerk can be quickly implemented and launched to minimize the implementation take time and maximize ROI.”  Heise and the team at CTS intend to take a proactive approach for identifying more applications for Kwerk, as applications for the software seem limitless.

About Connected Technology Solutions: Connected Technology Solutions (CTS) is the thought leader in branded user experiences including point of purchase kiosks, digital signage, interactive displays and retail fixtures, with an extensive roster of clients in the healthcare, retail, hospitality, transportation industries and more. Recognized for its outstanding creative talent and innovative engineering, the Wisconsin-based company has won numerous prestigious awards for its customized software and hardware design, implementation, and customer service and support since its founding in 2002. CTS is the parent company of CTS Healthcare Services and Mighty Touch. For more information, visit connectedts.com.

GLI Industry Advisory – Wagering Systems

“GLI-33 – Standards for Event Wagering Systems” Release for Industry Comment

gaming labs logoApril 3, 2019 – Gaming Laboratories International, LLC (GLI), is pleased to announce the release of the draft of “GLI-33 v1.1, Standards for Event Wagering Systems” for industry-wide comment.

GLI-33 v1.1 reflects a revision to the core event wagering standard to provide better clarity between technical requirements, which would be evaluated in the lab, and operational controls and procedures, which would be evaluated on-site post system install. Additionally, this revision enhances sections pertaining to operational controls and procedures, including periodic security testing to help regulators and operators create more efficient and alternative processes to monitor sports wagering operations. In general, the changes are largely designed to improve the clarity and consistency of requirements.

The draft of GLI-33 v1.1 is being provided to industry stakeholders for review and comment at this time. Stakeholders include wagering, gaming and lottery regulators, suppliers, test laboratories, operators, and industry trade associations. Written comments are encouraged and can be submitted to GLI by using the linked PDF copy of GLI-33 v1.1 provided below. The formal comment period begins with the issuance of this Advisory and concludes in 3 weeks, on April 26, 2019. Comments should be submitted to the “GLI Compliance” mailbox at Compliance@gaminglabs.com. Please note that this public comment draft is not final-formatted.

To further facilitate industry review, an Executive Summary of the Changes from the prior GLI-33 v1.0 is linked above for reference. GLI will process the comments received from industry stakeholders and collaborate as-needed to address their interpretation, evaluation, and resolution in the context of the revision to this technical standard.

Each standard in the GLI Standard Series is a culmination of industry best-practices and is continually updated based on industry feedback. The GLI Standards are true “industry standards” in that they are created using a collaborative approach which involves thousands of gaming industry stakeholders. These standards are intended to assist regulators by creating baseline technical guidelines which they can adopt and/or utilize in the manner they see fit. In addition to assisting regulators, the standards are of tremendous value to suppliers who use the standards as a guide in their design and development process, saving both time and expense. GLI-33 and the rest of the GLI Standards Series are available for free download on the ‘GLI Standards’ tab found at www.gaminglabs.com.

Privacy Exploit – Easy Lobby Visitor Kiosk Access Systems and Others

Read full article on ThreatPost

Student researchers working with IBM X-Force Red team find security holes in five leading visitor management systems.

Excerpt:

Visitor-management systems protect business against physical threats such as unwanted and unidentified guests. But many of these lobby-based perimeter checkpoints are opening up companies to a bevy of cyber-threats.

On Monday, IBM’s penetration testing team, X-Force Red, released a report that outlines 19 bugs found across five leading visitor-management systems. Vulnerabilities range from data leakage, complete program takeover and the ability for a visitor to press Windows’ hotkeys to break out of the kiosk environment. Affected are systems made by HID Global (EasyLobby Solo), Threshold (eVisitorPass), Envoy (Envoy Passport) and The Receptionist (The Receptionist).

Interestingly, the research was conducted by IBM summer interns (Hannah Robbins and Scott Brink) under the guidance of the X-Force Red research team.

“These are really interesting targets. By their very nature, they are exposed to the public that has no credentials,” said Daniel Crowley, IBM X-Force Red’s research director.

Crowley said researchers had three goals in testing the visitor-management systems. “One, was how easy is to get checked-in as a visitor without any sort of real identifying information. Secondly, we set out to see how easy is it to get other people’s information out of the system. And third, is there a way that an adversary can break out of the application, cause it to crash or get arbitrary code-execution to run on the targeted device and gain a foothold to attack the corporate network,” he said.

Researchers said they were able to accomplish all three.

Read full article on ThreatPost