13. Kiosks
The objective of the requirements in this section is to ensure the Kiosk and Kiosk backend system accurately perform transactions in an auditable manner while maintaining integrity and security.
13.1 General Construction and Error Conditions
13.1.1 Critical Memory, Critical Software, and areas holding Wagering Instruments must be protected from unauthorized access.
13.1.2 The Kiosk must immediately detect, record, and display error conditions that could affect the integrity of the Kiosk or completion of a transaction (e.g. door open, memory corruption, cashbox removed, etc.). Immediately upon any such error conditions being detected, the Kiosk must disable itself and the condition must be reported to the Kiosk backend system. The Kiosk may only be enabled after the error conditions have been resolved.
13.1.3 The Kiosk must immediately detect, record, and display appropriate error conditions that could affect the operational capabilities of the Kiosk (e.g. Bill Validator jam, printer paper out, etc.). Immediately upon any such error conditions being detected, the affected peripherals must be Disabled and the condition must be reported to the Kiosk backend system. The peripheral may only be enabled after the error conditions have been resolved.
13.2 Access Control and Security
13.2.1 The Kiosk and the Kiosk backend system must limit access to only authorized personnel, for various functions, based on segregation of duties.
13.2.2 All user accounts on the Kiosk and Kiosk backend system must be uniquely assigned to a single individual.
13.2.3 The Kiosk and the Kiosk backend system must automatically lock out accounts should identification and authorization requirements not be met after a defined number of attempts.
13.2.4 The Kiosk and the Kiosk backend system must comply with the standards in section 6.1 entitled, “General Communication”.
13.3 Critical Software and Data
13.3.1 The integrity and security of the Critical Software, critical data, and functions of the Kiosk including the Kiosk backend system must be maintained.
13.3.2 The Kiosk must validate and process all transactions accurately, rejecting any invalid transactions.
13.3.3 The Kiosk must maintain transaction integrity and prevent data loss due to power or communication loss.
13.3.4 The Kiosk must not send communication to the Gaming Management System for the purposes of altering the state of any transactions in the Gaming Management System until successful completion of the transaction by the Kiosk.
13.3.5 The integrity of Critical Software must be safeguarded during its execution.
13.3.6 All deployed software critical to the integrity of the Kiosk and the Kiosk backend system must be able to be securely authenticated on-demand using a mechanism provided by the Gaming-Related Supplier that meets industry good practices when deployed at Gaming Sites to ensure only approved Kiosk software is installed.
13.3.7 The Kiosk must have a settable limit for the maximum value of a Voucher it can accept and print.
13.3.8 The Kiosk must have a settable limit for the maximum value in cash it can accept in a single transaction.
Note: This standard will become effective July 1, 2020.
13.4 Audit Records and Reporting
13.4.1 Information must be readily available for accounting, reconciliation, and audit purposes.
13.4.2 Each connected Kiosk must be uniquely identified by the Gaming Management System and by the Kiosk backend system it is connected to.
13.4.3 The Kiosk must accurately record all transactions, player and Operator activities performed at the Kiosk.
13.4.4 The Kiosk must meet the standards in section 4 entitled “Wagering Financial Transaction Logging”.
13.4.5 The Kiosk system must have the capability to provide necessary information and reports used for auditing the Kiosk backend system and its transactions.
13.4.6 The Kiosk must have the capacity to display a complete transaction history for each the last thirty-five (35) transactions at minimum prior to the most recent transaction for each of the following transaction types:
- Voucher printing and Redemption;
- Jackpot Redemption; and
- Wagering Account Transactions.
For each transaction, the history must include disposition of transaction, date and time of occurrence of transaction, and the amount of transaction at minimum.