CHAPTER 1407a. SPORTS WAGERING TESTING AND CONTROLS Sec.
1407a.1. Scope.
1407a.2. Definitions.
1407a.3. Testing and approval generally.
1407a.4. Wagering device requirements generally.
1407a.5. Self-service kiosks and point of sale system requirements.
1407a.6. Ticket/voucher requirements.
1407a.7. Ticket/voucher redemption requirements.
1407a.8. Sports wagering interactive system requirements.
1407a.9. Sports wagering system general requirements.Authority The provisions of this Chapter 1407a added under 4 Pa.C.S. § § 1202(b)(30) and 13C02, unless otherwise noted.
Source The provisions of this Chapter 1407a added September 10, 2021, effective September 11, 2021, 51 Pa.B. 5973, unless otherwise noted.
Cross References This chapter cited in 58 Pa. Code § 469a.4 (relating to responsibilities of a private testing and certification facility).
§ 1407a.1. Scope.
To ensure the integrity and security of sports wagering operations in this Commonwealth, the requirements of this chapter apply to all sports wagering certificate holders and sports wagering operators seeking to offer sports wagering to patrons in this Commonwealth. The requirements in this chapter supplement, where not in conflict with and where applicable, existing Board regulations in Subparts E and L (relating to slot machine, table game and associated equipment testing and control; accounting and internal controls; and interactive gaming) applicable to slot machine licensees, interactive gaming certificate holders and interactive gaming operators unless the context clearly indicates otherwise.
§ 1407a.2. Definitions.
The following words and terms, when used in this chapter, have the following meanings, unless the context clearly indicates otherwise:
Authentication processA method used by a system to verify the validity of software. The method requires calculation of an output digest, which is compared to a secure embedded value. The minimum output digest shall be of 128-bit complexity. Software shall be deemed to have been authenticated if the calculated digest equals the secure embedded value.
Communication technologyThe methods used and the components employed to facilitate the transmission of information including transmission and reception systems based on wire, cable, radio, microwave, light, optics or computer data networks.
Point of sale systemAll the hardware, software and communications that comprises a stand-alone or integrated system capable of accepting sports wagers by means of terminals attended to by a cashier and is located at a sports wagering certificate holders approved locations.
Self-service kiosksUnattended self-service booths or self-standing structure with computers, including touch-screen computers, at which a patron can place sports wagers and that dispenses sports wagering tickets/vouchers.
Sports wagering accountElectronic account that may be established by a patron for the purpose of sports wagering by means of a sports wagering certificate holders or sports wagering operators interactive sports wagering web site or interactive sports wagering mobile application under these regulations.
Sports wagering communicationThe transmission of a wager between a point of origin and a point of reception by aid of a communications technology.
Sports wagering device and associated equipmentA self-service kiosk, point of sale system or other device, including associated equipment, used to accept sports wagering as permitted for use in this Commonwealth by the Board.
Sports wagering interactive systemAll hardware, software and communications that comprise a type of server-based sports wagering system for the purpose of offering authorized interactive or mobile sports wagering in this Commonwealth when authorized by the Board.
Sports wagering systemAll sports wagering devices, equipment, communication technology, software and hardware approved by the Board to conduct sports wagering in this Commonwealth.
Ticket/voucher redemption deviceUnattended self-service booths or self-standing structures with computers, including touch-screen computers, at which a patron can redeem sports wagering tickets/vouchers and that dispense winnings in the form of cash or cash equivalent.§ 1407a.3. Testing and approval generally.
(a) Prior to operating a retail sportsbook or a sportsbook through a web site or mobile application as a form of interactive gaming, all sports wagering devices and software used in conjunction with these operations must be submitted to the Boards Office of Gaming Laboratory Operations for review and testing and be approved by the Board.
(b) For purposes of this section, sports wagering devices and software that shall be submitted for testing and approval include:
(1) Self-service kiosks.
(2) Point of sale systems.
(3) Ticket/voucher redemption devices.
(4) Sports wagering interactive system components, including all hardware, software and associated equipment that comprise a type of server-based sports wagering system for the purpose of offering authorized sports wagering, mobile sports wagering or interactive sports wagering.
(5) Other related devices or systems as required by the Board.
(c) The Board shall require the payment of all costs for the testing and approval of sports wagering devices and software used in conjunction with the operation of a retail sportsbook or an interactive or mobile sportsbook as a form of interactive gaming.
(d) Submissions to the Office of Gaming Laboratory Operations of sports wagering devices and software used in conjunction with the operation of a retail sportsbook or an interactive or mobile sportsbook shall adhere to the requirements in § 461a.4 (relating to submission for testing and approval) where applicable.
Cross References This section cited in 58 Pa. Code § 1409a.2 (relating to sports wagering contests, tournaments, pools or other organized events).
§ 1407a.4. Wagering device requirements generally.
(a) Wagering device programs shall contain sufficient information to identify the software and revision level of the information stored on the wagering device.
(b) Wagering devices shall have the ability to authenticate that all critical components being utilized are valid upon installation of the software, each time the software is loaded for use and on demand as required by the Board. Critical components may include wagering information, elements that control the communications with the sports wagering system or other components that are needed to ensure proper operation of the wagering device. In the event of a failed authentication (that is, program mismatch or authentication failure), the wagering device shall cease all wagering operations and display an appropriate error message. The sports wagering system shall have the ability to disable the wagering device upon any unsuccessful authentication.
(c) Wagering devices shall be capable of performing the following functions:
(1) Creating wagers.
(2) Settling wagers.
(3) Voiding wagers.
(4) Cancelling wagers.
(d) Wagering devices that offer in-game wagers shall be capable of the following:
(1) The accurate and timely update of odds for in-game wagers.
(2) The ability to notify the patron of any change in odds after placement of a wager is attempted.
(3) The ability for a patron to confirm the wager after notification of the change in odds.
(4) The ability to freeze or suspend the offering of wagers, when necessary.
(e) Wagering devices shall be capable of recording all of the following information for each wager made:
(1) Description of event.
(2) Event number.
(3) Wager selection.
(4) Type of wager.
(5) Amount of wager.
(6) Amount of potential payout.
(7) Date and time of wager.
(8) Identity of cashier accepting the wager.
(9) Unique wager identifier.
(10) Expiration date of the sports wagering ticket, which shall be no sooner than 1 year from the conclusion of the event in the case of a single wager, or the conclusion of the last event of a multiple wager ticket (that is, parlay or round robin wagers).
(11) Patron name, if known.
(12) Date, time, amount and description of the settlement.
(13) Location of where the wager was placed.
(14) Identity of the ticket writer settling the wager, if applicable.
(f) For lost or stolen tickets that are redeemed, a wagering device shall record and maintain the following information:
(1) Date and time of redemption;
(2) Employee responsible for redeeming the ticket;
(3) Name of patron redeeming the ticket;
(4) Unique ticket identifier;
(5) Location of the redemption.
(g) When a sports wager is voided or cancelled, the system shall clearly indicate that the sports wagering ticket is voided or cancelled, render it nonredeemable other than for the return of the value of the original wager, and make an entry in the system indicating the void or cancellation and identify the cahier or automated process.
(h) Wagering devices shall prevent past posting of wagers and the voiding or cancellation of wagers after the outcome of the event is known.
(i) In the event a person has a pending sports wager and then is excluded or self-excludes, the wager shall be cancelled and the funds returned to the patron.
(j) Wagering devices shall have controls in place to review the accuracy and timeliness of any data feeds used to offer or settle wagers. In the event that an incident or error occurs that results in incorrect or loss of communication with data feeds used to offer or redeem wagers, the errors shall be reported in accordance with reporting requirements under § 1408a.8 (relating to risk management).
§ 1407a.5. Self-service kiosks and point of sale system requirements.
(a) Self-service kiosks and point of sale devices shall have an identification badge affixed to the exterior of the device by the manufacturer. The identification badge shall not be removable without leaving evidence of tampering. This badge shall include all of the following minimum information:
(1) The complete name of the manufacturer or some appropriate abbreviation for same.
(2) A unique serial number.
(3) The self-service kiosk or point of sale device model number.
(4) The date of manufacture.
(b) Self-service kiosks and point of sale devices shall meet all of the following basic hardware requirements:
(1) Identification for any printed circuit board (PCB) that impacts the integrity of the self-service kiosk or point of sale device shall include all of the following:
(i) Each PCB shall be clearly identifiable by an alphanumeric identification and, when applicable, a revision number.
(ii) If track cuts, patch wires or other circuit alterations are introduced to the PCB, then a new revision number shall be assigned.
(2) If the self-service kiosk or point of sale device contains switches or jumpers, or both, they shall be fully documented for evaluation by the Boards Office of Gaming Laboratory.
(3) The self-service kiosk or point of sale device shall be designed so that power and data cables into and out of the self-service kiosk or point of sale device can be routed so that they are not accessible to the general public.
(4) Wired communication ports shall be clearly labeled and must be securely housed within the self-service kiosk or point of sale device to prevent unauthorized access to the ports or their associated cable connectors.
(b) Self-service kiosks and point of sale devices shall meet all of the following basic power requirements:
(1) The self-service kiosk and point of sale device shall not be adversely affected, other than resets, by surges or dips of ± 20% of the supply voltage. It is acceptable for the self-service kiosk or point of sale device to reset provided no damage to the equipment or loss or corruption of data is experienced.
(2) The power supply used in a self-service kiosk or point of sale device must be appropriately fused or protected by circuit breakers. The amperage rating of all fuses and circuit breakers must be clearly stated on or near the fuse or the breaker.
(3) An on/off switch that controls the electrical current supplied to the self-service kiosk or point of sale device shall be located in a place which is readily accessible within the interior of the self-service kiosk or point of sale device. The on/off positions of the switch shall be clearly labeled.
(c) Self-service kiosks and point of sale device shall meet all of the following basic security requirements:
(1) A self-service kiosk or point of sale device shall be robust enough to resist forced entry into any secured doors, areas or compartments. In the event that extreme force is applied to the cabinet materials causing a potential breach in self-service kiosk or point of sale device security, evidence of tampering must be conspicuous. Secured areas or secured compartments shall include the external doors such as the main door, cash compartment doors such as a drop box door, peripheral device access areas, or other sensitive access areas of the self-service kiosk or point of sale device.
(2) The following requirements apply to the self-service kiosks or point of sale devices external doors:
(i) External doors shall be manufactured of materials that are suitable for allowing only legitimate access to the inside of the self-service kiosk cabinet or point of sale device. Doors and their associated hinges shall be capable of withstanding determined and unauthorized efforts to gain access to the interior of the self-service kiosk or point of sale device and shall leave conspicuous evidence of tampering if an attempt is made.
(ii) The seal between the self-service kiosk cabinet or point of sale device and the door of a locked area shall be designed to resist the entry of objects. It shall not be possible to insert an object into the self-service kiosk or point of sale device that disables a door open sensor when the self-service kiosks or point of sale devices door is fully closed, without leaving conspicuous evidence of tampering.
(iii) External doors shall be secure and support the installation of locks.
(iv) Doors that provide access to secure areas of the self-service kiosk or point of sale device shall be monitored by a door access detection system.
(A) The detection system shall register a door as being open when the door is moved from its fully closed and locked position, provided power is supplied to the self-service kiosk or point of sale device.
(B) When any door that provides access to a secured area or secured compartment registers as open, the self-service kiosk or point of sale device shall cease wagering operations and display an appropriate error message.
(d) Self-service kiosks and point of sale devices shall meet all of the following basic critical nonvolatile memory requirements:
(1) Critical nonvolatile memory shall be used to store all data elements that are considered vital to the continued operation of the self-service kiosk or point of sale device, including self-service kiosk configuration and point of sale device data and state of operations.
(2) Critical nonvolatile memory shall not store sensitive information outside of self-service kiosk and point of sale device operations; however, critical nonvolatile memory may be maintained by any component of the sports wagering system.
(3) The self-service kiosk or point of sale device must have a backup or archive capability, which allows the recovery of critical nonvolatile memory should a failure occur.
(4) Critical nonvolatile memory storage shall be maintained by a methodology that enables errors to be identified. This methodology may involve signatures, check sums, redundant copies, database error checks or other methods approved by the Board.
(5) Comprehensive checks of critical nonvolatile memory data elements shall be made on startup. Nonvolatile memory that is not critical to self-service kiosk or point of sale device integrity is not required to be checked.
(6) An unrecoverable corruption of critical nonvolatile memory shall result in an error. Upon detection, the self-service kiosk and point of sale device software shall cease to function. Additionally, the critical nonvolatile memory error shall cause any communication external to the self-service kiosk to cease.
(e) Self-service kiosk and point of sale device software, after a program interruption, shall recover to the state it was in immediately prior to the interruption occurring. Any communications to an external device shall not begin until the program resumption routine, including any self-test, is completed successfully.
(f) On a scheduled basis, a sports wagering certificate holder or sports wagering operator shall remove the bill validator boxes in the self-service kiosks.
(1) The self-service kiosk drop shall be monitored and recorded by surveillance.
(2) The sports wagering certificate holder or sports wagering operator shall submit the self-service kiosk drop schedule to the Board, with the schedule to include:
(i) The time that a drop is scheduled to commence.
(ii) The number and locations of the self-service kiosks in the sports wagering area or on the gaming floor of a licensed facility.
(g) A security department member and a finance department member shall obtain the keys necessary to perform the self-service kiosk drop or currency cassette replacement, or both, in accordance with the sports wagering certificate holder or sports wagering operators key sign-out procedures.
(1) The security department shall control the keys to the outer door of the self-service kiosks.
(2) The finance department shall control the keys to the bill validator boxes or currency cassettes, or both.
(h) A finance department member with no incompatible job functions shall place empty bill validator boxes needed for the self-service kiosk drop into a secured cart which shall be transported in the presence of a member of the security department at all times.
(i) A sports wagering certificate holder or sports wagering operator shall reconcile the self-service kiosks on a scheduled basis under internal controls.
(1) Any variance of $500 or more shall be documented by the accounting department and reported in writing to the Office of Sports Wagering and Bureau of Casino Compliance within 72 hours of the end of the gaming day which the variance was discovered.
(2) The report shall indicate the cause of the variance and shall contain any documentation required to support the stated explanation.
(j) A sports wagering certificate holder or sports wagering operator shall include in its internal controls required under § 1408a.3 (relating to internal controls) the set of self-service kiosk key controls and accounting protocols, including the procedures for the drop and count of self-service kiosk funds, and all point of sale devices.
§ 1407a.6. Ticket/voucher requirements.
(a) Tickets/vouchers generated by a self-service kiosk or by a point of sale system shall include all of the following general information:
(1) Name and address of the party issuing the ticket/voucher.
(2) A barcode or similar symbol or marking, as approved by the Board, corresponding to a unique wager identifier.
(3) Method of redeeming a winning ticket/voucher by means of mail.
(4) Identification of the self-service kiosk or cashier at the point of sale device that generated the ticket/voucher.
(b) Tickets/vouchers generated by a self-service kiosk or by a point of sale system shall include all of the following specific information:
(1) Amount of ticket/voucher.
(2) Date, time and location of issuance.
(3) Unique voucher identifier.
(4) Expiration date of the ticket.
(5) Date, time and location of redemption, if applicable based upon the method of redemption.
(c) Tickets/vouchers generated by a self-service kiosk or by a point of sale system shall be capable of being processed and redeemed if lost, stolen, destroyed or otherwise mutilated.
(d) Tickets/vouchers generated by a self-service kiosk or by a point of sale system shall be capable of clearly indicating that a ticket/voucher is voided or cancelled and rendered nonredeemable or is expired in the case of a sports wagering ticket when redemption is attempted.
(e) A sports wagering voucher shall not expire in accordance with the provisions of § 461b.3(a) (relating to gaming vouchers).
(f) A winning sports wagering ticket may expire, with the expiration date to be no less than 1 year from the conclusion of the event in the case of a single wager, or the conclusion of the last event of a multiple wager ticket (that is, parlay or round robin wagers).
(g) A sports wagering certificate holder or sports wagering operator shall include in its internal controls required under § 1408a.3 (relating to internal controls):
(1) The sports wagering ticket expiration policy and procedures that will be implemented, including the procedures for the handling of funds from expired sports wagering tickets and the reporting of those funds for revenue purposes.
(2) The policies and procedures for paying or writing tickets, or both, that are over the set limits, voiding tickets, and issuing corrections to tickets.
§ 1407a.7. Ticket/voucher redemption requirements.
(a) Winning sports wagering tickets/vouchers shall be redeemed by a writer or a self-service kiosk after verifying the validity of the wagering ticket through the sports wagering system. The writer or a self-service kiosk shall cause the sports wagering system to electronically redeem and cancel the wagering ticket upon redemption.
(b) A patron may redeem by mail a winning sports wagering ticket/voucher to the address provided thereon in accordance with the sports wagering certificate holders or sports wagering operators internal controls.
(c) A patron may redeem a winning sports wagering ticket/voucher issued at a sports wagering certificate holders main retail sportsbook at any of the sports wagering certificate holders non-primary sports wagering locations or at sports wagering area of a Category 4 licensed facility, and vice versa.
(d) Self-service kiosks shall be capable of recognizing payment limitations or payment errors such as bill out jams and insufficient funds. When a payment limitation or error occurs, the self-service kiosk shall be designed to electronically record the payout limitation or error and perform all of the following:
(1) Reject the transaction.
(2) Issue an error receipt.
(3) Issue a replacement sports wagering ticket/voucher.
(e) When an error receipt is issued from a self-service kiosk, the self-service kiosk or receipt shall advise the patron or employee to see a point of sale cashier for payment. Error receipts shall be designed to include all of the following, at a minimum:
(1) The time and date.
(2) Identification of the issuing self-service kiosks.
(3) Specifies the amount of money that the self-service kiosks failed to dispense.
(f) When used to redeem sports wagering tickets/vouchers, self-service kiosks shall work in conjunction with an approved sports wagering system and shall be designed to:
(1) Accurately obtain the unique identification number of the item presented for redemption and cause the information to be accurately and securely relayed to the sports wagering system for the purpose of redemption.
(2) Issue currency or a sports wagering ticket/voucher, or both, in exchange for the item presented only if the sports wagering system has authorized and recorded the transaction.
(3) Return a sports wagering ticket/voucher to the patron when it cannot be validated by the sports wagering system or is otherwise unredeemable.
(g) When used to redeem sports wagering tickets/vouchers, the self-service kiosk or kiosk computer system shall be capable of generating a Sports Wagering Ticket/Voucher Redemption Machine Report for each gaming day. The report shall include the ticket/vouchers unique identifier, the date and time of redemption and the value of the ticket/voucher.
§ 1407a.8. Sports wagering interactive system requirements.
(a) Sports wagering platforms must adhere to the requirements in Chapter 809a (relating to interactive gaming platform requirements) of these regulations.
(b) Sports wagering interactive systems must adhere to the requirements in Chapter 810a (relating to interactive gaming testing and controls) of the Boards regulations.
§ 1407a.9. Sports wagering system general requirements.
(a) A sports wagering system shall, at least once every 24 hours, perform a self-authentication process on all software used to offer, record and process wagers to ensure there have been no unauthorized modifications. In the event of an authentication failure, at a minimum, the sports wagering system shall immediately notify the certificate holders or operators sports wagering manager and the Board within 24 hours. The results of all self-authentication attempts shall be recorded by the system and maintained for a period of not less than 90 days.
(b) The sports wagering certificate holder or sports wagering operator operating the sports wagering system shall provide to the Board real time in-person administrative access and remote access to wagering transaction and related data as deemed necessary in a manner approved by the Board. A sports wagering certificate holder or sports wagering operator shall include in its internal controls required under § 1408a.3 (relating to internal controls) the policies and procedures that will be implemented regarding real time in-person administrative read-only access and remote read-only access to the sports wagering system by the Board.
(c) A sports wagering system shall be capable of preventing any sports wager in excess of $10,000 or making a payout in excess of $10,000 until authorized by the sports wagering manager. A sports wagering certificate holder or sports wagering operator shall include in its internal controls required under § 1408a.3 the policies and procedures that will be implemented regarding those wagers and payouts.
No part of the information on this site may be reproduced for profit or sold for profit.
This material has been drawn directly from the official Pennsylvania Code full text database. Due to the limitations of HTML or differences in display capabilities of different browsers, this version may differ slightly from the official printed version.