Equipment Security and Theft Prevention
EMP susceptibility (Electro Magnetic Pulse Generator)
Equipment (Games)
Pulse configuration (by design this crediting is the easiest way to credit up a board utilizing a handheld EMP device). Please see the image below for an example of a handheld EMP device. When the game machine is turned on, it can send out high-frequency electromagnetic waves. The game machine's chip is on the motherboard, and it can be used to disrupt the game board, coin collector, key points, and high-field RF signal. This signal can get through the machine's wire, resistor, capacitor, chip, transistors, and other parts electrical parts.
The best way to combat this is by switching from pulse to Serial on all peripherals (bill acceptors & printers) connected to your note-in, coin-in, and key-in inputs on the board's edge connector. Buttons will still be susceptible to this EMP but will not credit, only mess with the gameplay. I have seen it at times get into the admin panel so if you can and I know some boards software will require a password to access. If this option is available please set your password for admin settings.
Most games have a serial option available for both the bill acceptor and printer. This will require harnessing and would also need to be set as such under "Configure Devices" but can vary depending on the game platform. I can help to walk you through most of them as it relates to our products but other manufacturers' requirements are mostly unknown to me but should be similar in all aspects.
If you are using Apex for your bill acceptors and our Phoenix printers and a serial configuration are available on your game board we can walk through setting that up. Some game manufacturers do not include the Apex as an option setting but this is easily adapted because our RS232 is a subset of MEI’s EBDS protocol. Others can be accomplished by a firmware update to emulate their current setting options. See below for a few examples.
- Banilla Game settings
Phoenix printer settings, Model PHX-SEN02
-
-
- 5P008 Serial harness
-
-
-
- Printer Dip switch settings, 1 On, 2 Off, 3 & 4 On
-
-
-
- Configure device settings to ICT GP58CR
-
Apex 7000 Bill acceptor settings
-
- 05AA0009 serial 12 volt or a 05AA0068 serial 120 volt
-
- Configure device settings as Apex 7000
- Bill acceptor configuration should be set as RS232 using our acceptor tools program
- Jenka Game Settings
Phoenix printer settings, Model PHX-SEN02
-
-
- 5P008 Serial harness
-
-
-
- Printer Dip switch settings, 1 On, 2 Off, 3 On, 4 Off
- Configure device settings to Pyramid
-
Apex 7000 Bill acceptor settings
-
- 05AA0009 serial 12 volt or a 05AA0068 serial 120 volt
-
- Configure device settings MEI (EBDS)
- Bill acceptor configuration should be set as RS232 using our acceptor tools program
- IGS Game Settings
Phoenix printer settings, Model PHX-SEN02
-
-
- 5P008 Serial harness
-
-
-
- Printer Dip switch settings, 1 On, 2 Off, 3 On, 4 Off
- Configure device settings to PHX POG CBM1 (Game default is CBM1)
-
Apex 7000 Bill acceptor setting
-
-
-
- 05AA0009 serial 12 volt or a 05AA0068 serial 120 volt
-
-
-
-
-
- Configure settings are not available and will default to an ICT RS232 protocol
- You will need to change the dip switch settings on the board for Dip Switch set 2 so that dip 2 is in the On as seen in the following image.
-
-
- Bill acceptor configuration should be set as RS232 using our acceptor tools program and will require a firmware update to use a special emulation firmware ST2. I can email it if needed. This will make the IGS think that an ICT bill acceptor is installed.
- Trestle Game Settings
Phoenix printer settings, Model PHX-SEN02
-
-
- 5P001 POG Serial harness
-
- Printer Dip switch settings, 1 On, 2 & 3 Off, 4 On
- Configure device settings to Pyramid
Apex 7000 Bill acceptor setting
-
- 05AA0009 serial 12 volt or a 05AA0068 serial for a 120 volt Apex
- Configure device settings MEI (EBDS)
- Bill acceptor configuration should be set as RS232 using our acceptor tools program
- Primero Game Settings
Phoenix printer settings, Model PHX-POG
-
-
- 5P008 Serial harness
-
- S09 firmware installed on the Phoenix printer
- Printer Dip switch settings, 1 On, 2 Off, 3 On, 4 Off
- Configure device settings to Pyramid Phoenix
Apex 7000 Bill acceptor setting
-
- Primero provided harness (18-pin molex to a DB9)
- Configure device game settings to Pyramid Apex and set it for TTL, not RS232
- Bill acceptor configuration should be set as Mars Serial 600 Baud
The next step you will need to do is to remove any pulse line that is still connected to the note-in, coin-in, and key-in inputs once you have successfully converted your peripherals to serial communication. These lines will act as a direct conduit back to the board's edge connector, like an antenna, and can transfer a pulse waveform directly to those available like the coin in or note in lines. It will use those and the board can not tell the difference between a fake pulse width signal vs. a real one as it will only see a pulse width modulation from high to low, aka a credit event. Please see the image below for an example of what wires should be de-pinned and removed from the harness. If you have an edge connector with crimped pins these are easily removed by using an AMP-465195-1 tool that you can readily order online. Below is a picture of that tool.
Next would be to disable (If applicable) in the game settings for any coin in line acceptance if available. Some games have this option to turn that port ON or OFF (example: Jenka as seen below). If this is unavailable, at a minimum you will need to de-pin the physical wires from the harness.
If no other option exists to implement any of these changes because your board can not be configured for serial you will need to install some type of EMP alarm system that will detect and kill power to the equipment. Below is an example of what one would look like.
This would also be a wise option to put on your equipment even after you have implemented all your pulse-to-serial conversions. Peace of mind really. I say this only because based on testing and experience some boards can be poorly manufactured and designed and even though you have done everything you can to prevent such occurrences it can still happen. For example, POG boards are older software and have been running for years in the field. Even though they run serial, the coin-in line is still present. This board design is still susceptible even with the wires removed. In the past I have suggested that the removal of the pull-up resistor on that circuit will be needed, this should be on pin 16 for the component side of the board. This will break the circuit and should no longer be available.
If you are using a Central printer system that is tied into the hard meters it is very susceptible to EMP as well. Some systems utilize the pulse method so that they can be compatible with any game system platform. As is with pros and cons to anything this is the major con. An EMP can flood the internal harness which is all connected sharing the same common ground. Once hit it will fake a signal on the Out Meter line and the Central printing system will then acknowledge the signal and print a ticket.
You basically will have three (3) options on this one.
- Get a system that does not tie into the hard meters. No system I know of has this option at this point, only ones that are tailored toward one game platform. (Serial or USB)
- Add an EMP alarm system. This will shut down power and send off an alarm if an EMP is detected.
- Remove the system altogether and move to something more secure.
Is there a particular reason why you would be running pulse protocol on any of your bill acceptors or printers? If we have an answer to this question we might be able to offer a solution that would accommodate and get you away from using pulse.
Counterfeit tickets (Redemption tickets)
- Thermal Printers
- Pulse printers should be avoided if at all possible. Printers are considered slave peripherals and will wait to receive a signal and print on command. If you utilize a pulse printer only because this is your only option please be sure to install some type of alarm system to identify any EMP occurrence.
- Given that any printer is readily available on the market for purchase, criminals can easily purchase one of the same being used on a game to create a counterfeit ticket. All they need is to get a legitimate ticket, copy the layout, and print one of their own with a higher payout amount. Tickets need to be secured. There are many ways you can skin this but below are a few that seem to be currently prevalent in the industry.
- Incremental voucher number present on each ticket - This can help but would require an attendant to keep track of its sequential ticket number for verification purposes. The con to this is that the person creating a fake ticket can use the same voucher number that hasn’t been redeemed and just add a higher value to it. Without verifying this from the game book data the attendant would be none the wiser.
- Security paper with a watermark - This will help initially by identifying any ticket with its special design and watermark making it legitimate. I say initially only because any sample paper can be sent off for duplication. Just a stopgap that buys the user more time to find a more robust solution. This has happened to a few customers that I know of.
-
Central printing system - The pro to this is having the ability to have one printer located behind the counter so that any ticket redeemed going forward will have no access to the player at any point. The cons to this can be found below.
- Networking all of your games - Routing cables to every game and then back behind the counter can be a task altogether.
- When your system is down the entire game room is offline.
- These systems still operate on a protocol of Pulse by tying into the hard meters of the game which will leave it open and susceptible to EMP vulnerabilities.
- Cost of removing all of your current printers, purchasing a central printing system, and installing it. Because it will still use pulse you will most likely want to install an alarm system on each game to detect an EMP event as these systems can be susceptible to such events.
-
Ticket Validation System - Depending on your location the best plan of action is to implement some type of ticket validation system. You can go a couple of different ways on this one but let's start with one that will not require any significant hardware adds or removals and round it out with a total system upgrade.
- Sentry Security Ticket validation system. Chances are that you might already have one of our Phoenix thermal printers installed in your game room. With the correct updated firmware, you can then add encrypted QR code generation to each ticket printed from the game. Once paired to either a Sentry tablet or a Sentry-enabled kiosk, the user can now verify or redeem their tickets without the worry of them ever being a counterfeit ticket.
- TITO system. This is a system that would require some significant hardware improvements, networking, server, printers, bill acceptors if you don’t already have TITO-capable bill acceptors available, etc...
Now I know there are numerous other options available on the market so these are just a few to get started. If you have any other systems you would like to know more about that you are contemplating using feel free to let me know and I will do my best to give you some feedback along with some pros and cons if available.
Fishing and Stringing events
One of the oldest hacks that criminals use to credit-up a game and retrieve their previously inserted note would be fishing and stringing. Over the years this cheat has evolved to counter bill acceptor manufacturers hardware and software fixes. Currently what they will use is a note that has all four sides enclosed in clear tape to add strength so that the note will not tear on a retrieval. On the note they will also attach a clear taped tail that is predominantly located off the side of the note with fishing string loops attached to the end of it. These loops are in place so that they can hook the note with a tool for retrieval. That tail is then folded like an accordion so that it lays flat and is exactly the length of the bill when folded. It is then held in place by a small piece of double-sided tape so that it will stay folded up on the bill while being inserted into the bill path. Once the note is accepted it will remain in the cash box and using a tool to insert through the bill path they will access that previously stacked note by hooking the loops and pulling it out. Below is an example of what one of those notes will look like.
To prevent this will consist of options all dependent on the manufacturers of the bill acceptor you are using. Some use software or hardware updates to combat this. I can’t speak of any particular manufacturer but I can provide you with information if using our Apex 7000 product line to help prevent this from happening.
We use a combination of software algorithms coupled with hardware. The hardware consists of teeth on the punch plate and teeth mounted in the cash box designed to snag any loop that may be present at the time of the cheat. These mechanical updates coupled with our Extended Security algorithm make it so that when a cheat occurs the criminal can no longer gain access to the currency in the cash box and will snag any fishing tool in the process. Below is a detailed instruction on how to enable this feature. Please note that in order for this to work Dip switch number 5 must be enabled.
CONFIGURATION FOR EXTENDED SECURITY FEATURE
The Extended Security Feature mode is available if a user should choose to activate it or deemed necessary depending on any install location or equipment the unit is being installed into.
To enable the Extended Security Feature mode:
1. Please turn dip switch number 5 to the ON position as seen below
To return the validator to default mode:
1. Please turn dip switch number 5 to the OFF position.
EXTENDED SECURITY FEATURE REQUIREMENTS
The Extended Security feature is available for the Apex 7400, 7600, and Spectra S600 bill validators. Starting in October of 2017 any of the previous models mentioned with the SS5 firmware variant installed included the Extended Security feature. If customers are wanting to update any model previous to this date for firmware that includes Extended Security Feature mode it can be easily downloaded by requesting a copy of the firmware from support@pyrmaidacceptors.com .
Bill Acceptors are also conveniently labeled with the following when the SS5 Firmware variant has been installed:
Please note that any validator using this feature must be in good working order before any updating to function with our Extended Security Feature. It is very important to maintain your validators so that they are in good working order. Please see the following link for our detailed cleaning guide. Apex 7000 Cleaning Instructions.pdf An excessively dirty or worn validator can result in unintentional bill jams, and/or mechanical failures.
OAS LOCKOUT MODE
If a cheat event has been detected while the Extended Security Feature is enabled, the bill acceptor will then go into an OAS lockout mode. During this OAS Lockout mode, the front blue LEDs will flash rapidly indicating that the bill acceptor is out of service.
Clearing The Bill Path
If the bill path or OAS sensor path is blocked, the bill acceptor will remain in an OAS Lockout Mode indefinitely until the blockage has been cleared. Once the bill path is cleared you can then clear the OAS Lockout mode.
Clearing The OAS Lockout Mode
The OAS Lockout mode can be cleared bringing the bill acceptor back into normal operation mode. There are three methods to clear the OAS lockout mode.
Method 1:
- In the event that no attendant is present, the bill acceptor will after random time intervals initiate a reset on its own. So long as it has no obstruction in the bill path it will then resume back to its normal operation mode.
Method 2:
- With power still being applied to the bill acceptor and any blockage cleared from the bill path press and release the diagnostic push button. Once done the bill acceptor will then perform a power cycle and return back to normal operation mode
Method 3:
- Being sure that any blockage to the bill path has been cleared you can then cycle power to the bill acceptor and it will then return back to normal operation mode.
Ultimately, these security risks have persisted for a long time and will remain troublesome in the future. The objective is to equip you with ample information so that you can make more informed decisions and be well-prepared in case such issues should arise. It is advisable to have these mentioned preventive measures in position or to swiftly devise a solution when necessary. Additionally, working together and communicating with technicians like yourselves and other manufacturers can help stay ahead of any emerging cheats.
If you ever have any inquiries or worries, Pyramid is always available to assist you!
Pyramid Technologies, Inc.
1907 S Hobson Suite 122
Mesa, AZ 85204
(480) 641-9733
Comments
0 comments
Please sign in to leave a comment.