As casinos increase their reliance on technology, including AI-driven systems, cooperation and vigilance across management, security, surveillance, and regulatory teams become essential, according to tribal gaming experts.
Dave Vialpando, executive director of the Pala Gaming Commission, hosted a panel discussion on the topic Tuesday that featured Tim Cotton, chief technology office for the National Indian Gaming Commission; Oscar Schuler, chairman of the Board of Regulators for the Alabama-Coushatta Tribal Gaming Agency; George Jenkot, vice president of security and surveillance for the Firekeepers Casino Hotel; and Rudolph Wambsgans, chairman of the Tunica-Biloxi Tribal Gaming Commission.
“We live in interesting times and it’s a wide-open topic, whether it’s internal threats or external threats,” Vialpando said.
Schuler said email phishing remains a big problem. “We’re dealing with that daily and weekly. And we’re a small Class II facility in Texas.”
Wambsgans said one of the biggest challenges they deal with employees hitting a button and filling in personal information on a scam email.
“It’s a big issue and it’s every conceivable way, whether it’s emails, text messages, or fake calendar events,” Wambsgans said. “We’re inundated with attempts. It’s absolutely ridiculous.”
Cotton said tribes are better today in understanding what controls they need in place to help thwart hacking attempts. But smaller and mid-size tribes that don’t have the resources can be hit by an outside remote user.
“Someone gets into the network and looks for opportunities,” Cotton said. “That remote part is still an external threat where someone can get in your system and figure things out and see where the money trail goes and learn the names of the personnel.”
Jenkot cited a myriad of threats and recounted the cage-theft scam that continues to be a concern.
A man called in and said the tribal council needed money from the cage, but their controls were strong enough to thwart the attempt, Jenkot said.
Cotton said they visit a lot of tribal casinos across the country and are surprised how often NIGC staff under cover are able to talk their way into different places in the casinos, including sensitive areas within the operation.
“That’s also alarming. We have to continue to train folks within the operation, as well to ask the next-level question,” Cotton said. “No one asks why you’re here and validates you being there. We wear fake badges, T-shirts, and jeans. Being able to access certain areas behind the house are threats that need to be at top-of-mind.”
Vialpando said it’s about the strength of internal controls and policies and procedures and collaboration between regulators and casino management. Those able to hit all of those marks help create “a robust protection layer when it comes to internal threats as well as external threats.”
Vialpando recounted an incident several years ago where a day-one employee walked out of a casino with $700,000. The No. 1 weak link is employees, he noted.
“You can tell them not to fall for this and tell them to follow the procedures and not to digress from what they have been taught and lo-and-behold, they will,” Vialpando said.
Vialpando cited one case in 2019 where a disguised slot tech for a casino stole about $1,000 a week. When there was a down game with credit on it and no one was watching, the tech downloaded the credit onto the ticket, then converted the little tickets into one big one and cashed out.
“The question is, where were the internal controls?” Vialpando said. “Why didn’t the revenue audit notice the discrepancy? We think in terms of the AI threats and big threats and scammers out there, but the little folks who are part of our family may be taking us for $1,000 a week for who knows how many years. You always have to be watching and always have be cognizant. You have to have that conspiracy mindset.”
