
ILT-U-3964
Application Architecture Inspection. Gaming System Inspection Proficiency Testing Scheme (GSI-PTS)
DETERMINATION | METHOD |
| Secure communication protocols are used during player registration, password change, logon, play, deposits, and withdrawals | MGA/F/016 §1.1.2 |
| Applications are installed in documented locations and version numbers match documented values | MGA/F/016 §1.2.2, §1.2.3 |
| Backup inventory system is in place in line with the Backup Policy | MGA/F/016 §1.2.4 |
| Games offered are in line with approved Game Providers and/or Gaming Specifications Document | MGA/F/016 §2.1.2 |
| Back-end system automatically logs off after maximum one hour of inactivity | MGA/F/016 §2.2.1 |
| Password security: stored in one-way cryptographic hash, robust password policy enforced, passwords not identical to usernames | MGA/F/016 §2.2.2, §2.2.4, §2.2.5 |
| Different system access levels are granted to employees based on need-to-know principle | MGA/F/016 §2.2.6 |
| Player account security: auto-logoff after 30 minutes, account lockout after failed attempts, secure lost password procedure, mandatory password change on first logon | MGA/F/016 §2.3.1, §2.3.2, §2.3.3, §2.3.4 |
| Audit trail is maintained for changes to regulatory data | MGA/F/016 §2.4.3 |
| System accurately calculates compliance contribution and monies due to the Authority | MGA/F/016 §2.7.2 |
| Registration controls: email duplicate check, self-exclusion filter, no duplicate player data, deregistered players blocked | MGA/F/016 §3.3.2, §3.3.5, §3.3.6, §3.3.9 |
| System does not accept wagers exceeding player funds | MGA/F/016 §3.5.4 |
| VFA controls: wallet verification before deposits/withdrawals, flagging at €1,000/month accumulation | MGA/F/016 §3.6.1, §3.6.3 |
| System does not accept wagers in contravention of player-set limits or exclusions | MGA/F/016 §4.3.7 |
| System offers reality check alerts at configurable intervals, suspending play and displaying winnings/losses | MGA/F/016 §4.4.1 |

