The objective of the requirements in this section is to ensure the integrity and security of transactions during communication between various interfaces, Gaming Devices and Gaming Systems.

6.1 General Communication

6.1.1 The integrity and security of all gaming-related transactions must be maintained during communication between all Gaming Devices and Gaming Systems.

6.1.2 Gaming Systems including infrastructure, data, activity logs and all other related components must be protected from threats, vulnerabilities, attacks or breaches. Requirements – At a minimum:

  1. All users must be authenticated.
  2. All components must be hardened in accordance with industry and technology good practices prior to going live and prior to any changes.
  3. The appropriateness and effectiveness of steps taken to harden technology components must be regularly assessed.
  4. Patches to correct any security risks must be updated regularly.

6.1.3 Mechanisms must be in place to prevent the unauthorized alteration of all gaming-related transactions and Critical Game Data communicated between Gaming Devices, Gaming Systems, or both.

6.1.4 Interruptions in communication between Gaming Devices, Associated Equipment and Gaming Systems must not impact the integrity or security of the Game nor gaming related transactions or information. 

6.2 Mobile Gaming Devices within Gaming Sites

6.2.1 Mobile Gaming Devices must be played by an Eligible Individual.

Guidance:
This can be achieved through Operator Controls or other mechanisms within the mobile Gaming System. 

6.2.2 Any mechanism to ensure the eligibility of the individual playing mobile Gaming Devices must be capable of being initiated both on demand and at regular intervals.

6.2.3 All critical functions, including the generation of the outcome of any Game, must be generated by the Gaming System.  The generation of the outcome of the Game must be independent of the end player device, except in cases where player input from the end player device (e.g. input related to a Skill-Based Game) is required to generate the outcome of the Game.

Guidance:
The intent is for the Operator to maintain control of all critical game functions, and that compromising the software on the mobile Gaming Device will not compromise the Game.

6.2.4 The gaming application and its data must be protected from unauthorized alteration and corruption by other applications or any other means on the mobile Gaming Devices to ensure integrity and security of the Game.

6.2.5 Operation of the mobile Gaming Devices must not be permitted if the mobile Gaming Device goes outside the boundary of the Gaming Site.