Live from CA World: A Behind the Scenes Look at Casino Compliance

Published: November 19, 2008 | No Comments

By: Sumner Blount


Sumner Blount reporting live from CA World, shares his experiences on an exclusive behind the scenes tour of the hotel, and conversations with the hotel's VP of IT.

 

Last night, I was part of a “behind the scenes tour” of the risk and compliance facilities here at the Venetian hotel in Las Vegas.  We are all here for CA World, and this tour was arranged to show us how casinos handle their compliance challenge.

The Venetian and the Palazzo constitute the biggest resort in the world, with over 7000 rooms.  It has many thousands of employees, with several thousand more non-employees working onsite daily (they don’t own or
operate the shops and restaurants in the hotels).

We spoke with the VP of IT, and asked him about his biggest compliance challenges.  Interestingly, he said that SOX was fairly easy for them.  They already had well-defined controls, and so all they had to do was formalize some testing and documentation, and they were done.

PCI, on the other hand, has always been a huge challenge for them.  This is primarily based on two factors.  First, PCI has been modified and the requirements strengthened, causing them a lot of ongoing work.  Second, as you can imagine, credit cards are the heartbeat of a large casino, so handling this sensitive information places very significant privacy requirements on them.

He said that card information is encrypted immediately upon swiping, so that the cleartext card numbers never appear anywhere in their databases.  This results in some interesting customer service challenges, such as when a guest orders something from their room, and says “just put it on my credit card.”  Since the card info doesn’t exist anywhere in a form that they can use it, the guest has to trudge down to the front desk to provide their card again.  Sometimes, the requirements for customer privacy have some convenience challenges.

We were hoping to be shown the surveillance facilities, where they watch out for card cheaters, and the like.  Unfortunately, but not surprisingly, that area was off-limits to outsiders.  But, we got a very interesting view of how compliance impacts almost all aspects of their business.

Tags: , , ,

Leave a Comment Share/Save/Bookmark

By: Sumner Blount
Sumner Blount has spent his 25-year career focused on the development and marketing of software products for a range of top-tier enterprise IT firms. Currently, he’s the Senior Principal Product Marketing Manager for GRC at CA. Previously he managed the large computer operating system development group at Digital Equipment and Prime Computer, and managed... Read More...

Please Leave a Comment:

All fields marked with "*" are required.

Subscribe

[-]

Your email:  
Subscribe Unsubscribe  

Bottom

Recent Comments

[-]

  • Doug Cornelius 4 is the no-brain er but also the most unpredic table. It looks like the SEC will spend more time inves...

  • Christopher Fox Making CobiT more useful to IT manageme nt is a very importan r objectiv e for ISACA and the ITGI. In...

  • Sumner Blount I agree with the points being made in these comments . It is clearly critical ly importan t that the Board be...

  • Christopher Fox @Tejus I agree. A key assumpti on that is made in the risk manageme nt discussi on is that a board effec...

  • Tejus Trivedi You are absolute ly spot on when you blame risk manageme nt or the lack thereof as one of the primary reasons...

Bottom

Archives

[-]
Bottom

CA GRC On Twitter

[-]
Bottom