For Dusane infotech, security of the lottery software deployed is the most critical aspect for successful adoption of the solution. All systems, processes, and procedures are designed, implemented, and executed with a clear and purposeful intention to maintain a high level of security and integrity in all aspects of the operation.
Dusane offers below security measures for its online lottery software solution:
Prevention of security breaches is accomplished via
- Limiting access to sensitive data on a need basis only
- Logging all access to systems
- Logging all transactions, including details of what was changed and by whom
- Encrypting sensitive data such that it is not humanly readable or alterable
- Physically securing access to the data center and ticket storage areas via access controls and cameras
Detection of security breaches is accomplished via
- Independent auditing of sales and liability (winner) figures
- Regular auditing and reconciliation of data
- Cross-checking of winning tickets against computer records
- Physical inspection of winning tickets
Logical Access Security:
The system provides a multi-level security control whereby users are granted certain types of access to certain screens/functions based on their role. Roles are defined and then users are assigned to one of the roles. Roles are then granted access only to the data required to perform under that role.
Password protection is provided in the operational systems at several levels.
- Operating System
- Lottery Terminals
- Management Terminals
Dusane’s lottery software offers 2 level data encryption to prevent unauthorized access to system data. First level encryption is applied when data traverses between the lottery terminal and lottery software central system. This is performed by either the network through which data is sent or the terminal lottery software itself before data is sent.
The other level is encryption on the database stored at lottery software central system. All transaction data as well as retailer accounting data is encrypted to prevent unauthorized viewing and modification.
The lottery software system keeps records of all tickets sold, including losing tickets. A ticket presented for payment is presented via the unique and encrypted serial number on the ticket (and represented in the barcode). The serial number is sent to the central system as part of the validation request where it is decrypted and looked up in the database. If the ticket is not present, it is not a valid ticket or the ticket is so old that it has expired.
Winning ticket tracking:
The lottery software system maintains a record of all winning tickets, i.e. where paid and the date and time. A winning ticket can never be paid twice. The lottery system helps retailer identify previously paid ticket and he will know not to pay it. Lottery software also facilitates returning winning tickets back to operator as required by many governments and regulators in Africa.
Counterfeit ticket Avoidance and Detection:
The lottery management software assigns a unique, encrypted ticket serial number to each and every ticket sold. Also ticket rolls serialized with the starting and ending serial numbers help in tracking claim tickets. Lottery software provides to emblem graphical lottery logis on the roll stock to discourage lame counterfeit attempts. An attempt to encash a fraudulent ticket will result in a response from the system of “invalid or no such ticket”. Such errors are recorded by the lottery software system and operations staff can obtain reports of retailers who are regularly trying to pay invalid tickets.
Prize Pay-out Security:
For Lotto games lottery software authorizes payouts for low-tier prizes immediately after winner scan whereas the high tier prizes can only be authorized after external audit and verification checks have been completed. This way the vast majority of winning tickets can be cashed by players while only the highest winners are delayed.
Audit Validation file:
The lottery software generates a validation file once a draw is closed but before drawing of winning numbers. This file is used for audit purpose to verify the sales and liability figures reported by lottery software against the independent calculations done by auditors. Any discrepancy halts the prize payout process.
Log and Audit Trails:
The lottery software by Dusane maintains a daily log file of all transactions performed on the lottery system. This includes both point-of-sale terminal transactions and management terminal transactions. Details logged include the before and after values as well as who (or which terminal) performed the transaction and the date & time of the transaction.
The lottery software automatically, accurate to within 1 second, starts and stops sales of draws based on the predefined draw schedule. Once a draw closes, no further sales shall be allowed avoiding fraudulent draws.
Pay Tickets Once:
The lottery system marks a paid ticket as paid in the database before sending the pay response to the terminal. A second attempt to pay a ticket will always be rejected.
Policies & procedures:
Dusane Infotech consults on security policies & procedures based on security requirements specific for each customer. Some of the common security policies deployed which strengths the security of lottery operations are:
- Within the operational area keycard access shall be required and will only be granted to personnel who require access
- Entry by any visitor will be logged with name and time it and time out
- No recording devices including disks, flash drives, cameras, and similar items will be allowed to be taken into the secure operational area unless approved by a supervisor and logged into the log book
- Password should be at least 8 characters in length and contain at least one number and one letter. It should expire every 30 days
- Terminal lottery software version should always be in sync with software version at central system. If not then central system should employ a force download of same
- A utility program is advised to schedule to run periodically to make sure that the terminal lottery software is not tempered with