Facing the challenges of technology

*By Malcolm Rutherford

New technologies, in particular facial recognition, have the potential to revolutionize the interaction between the casino and its customers, though regulators may be less enthusiastic.

In the past, except for the gilded few at the top of the high-roller pyramid, the casino neither knew, nor gave much of an impression that it cared, who the vast majority of its clientele were, or what they were doing in the property.

Away from the slots floor this data was mostly “made up” and even within the electronic gaming field the information available was limited; a snapshot of play and behaviour, not a holistic recreation of what the patron was doing.

Now facial recognition technologies are going to be able to identify clients as they approach "choke areas," such as entrances and exits and when they interact with specific areas of the gaming floor, such as cashing TITO vouchers out at kiosks as opposed to at the cash desk.

It’s questionable whether the current state-of-the-art of facial recognition can track an individual across the chaos of a gaming floor, for a number of reasons: the ceilings are too high to get decent "facial shots" for recognition purposes, the cameras are typically not of sufficient resolution to "see" the face, or the view is simply too far away.

However, as technology advances, this will doubtless change. We can easily see a day when patrons can be tracked across a gaming floor, not to know who they are and put a name to the face, although this is a target of course, but to acknowledge them as being unique.

Currently the best way to track people across wider geographical distributions of a casino floor is by the use of so called "beacon technologies," either using mobile phones that can be uniquely identified and tracked, or using specific devices.

This technology has the advantage that the uniqueness of electronic devices is much easier to establish via radio signals and near field technologies than it is via the physical recognition of something as complex and expressive as the human face.

Beacon technologies can also switch from lower to higher spatial discriminations depending upon proximity to places of interest. So you can have a general tracking capability for the usual customer wanderings, while when they approach a table far more discrimination can be adopted so the individual can be isolated to a specific place, or even seat.

Of course knowing where clients are is only a part of the story. Once you have the location of people you have to do something with it.

So imagine the gaming floor of the future where all segments of clientele can be tracked as they interact with casino operations. Where they go allows people to focus on what they do when they get there and this can be collected and analysed using other methodologies.

This information can be appended to the beacon and facial “signature” of the patron in the form of meta-data. Indeed here the very concept that we now consider to be a market segment can be done away with to a large extent. Every patron would be a unique individual for whom a marketing plan could be specifically crafted to cater to their particular interests.

But technology is only part of the equation, the other aspect is regulatory. Should you do the things that can be done?

The regulatory landscape has changed of late, especially with regards to the automation of the data gathering process and especially the automation of the decision making process where the interaction of people is either limited to a degree, or eliminated entirely.

The European Union General Data Protection Regulation of May 25th, 2018 (GDPR) has tightened up existing EU laws, as well as expanding upon them. It has the provision for draconian fines to be employed to ensure that the personal data of EU citizens is respected with regards to processing, storage and the uses to which it is put. The GDPR regulates data that can be used to directly, or indirectly, identify a person. It is easy to envisage the technologies discussed above having this exact feature.

It is clear that there will be regulatory pressures, especially surrounding consent and the potential for data rectification and data erasure. The concept of consent, whereby casino clients actively opt in to any scheme whereby personal data is collected and that they understand why it is being collected and the use to which it is being put, is the most likely to directly impact technological innovations.

This includes the sorts of technologies that can build up “unknown” patron identification, via facial recognition linked with patterns of activity and perhaps especially where the potential exists to link this data with actual patron identification, such as when membership details are collected too.

This is where the concept of legitimate interest comes in, as one of six lawful basis’ for allowing data processing. GDPR specifically mentions fraud prevention as being a legitimate interest, allowing the processing and disclosing of information about possible criminal acts and security threats to the appropriate authorities.

This is not to claim that legitimate interest is a blanket cover for any and all technologically automated data collection and processing, it is unlikely to be. But regulators have acknowledged that there are cases where processing data without explicit consent is justified.

In our future casino we have a tension between the unfettered convergence of data systems and their increasing powers of identification and autonomous detection and regulatory concerns that the shrinking sphere of personal privacy will shrink further. This tension will define what we can do and how.

Operators may need to adopt a dual approach. For those clients who do opt-in every effort would have to be devoted to knowing not only where they were, but also what they were likely to be doing. If, for example, data shows your client is at a Blackjack table at certain hours, it would be a waste of time to give a slots bonus, or invite to a restaurant.

For those who opted-out, data would only be processed anonymously, which would flag up activities falling under the narrower legal basis of legitimate interest geared toward the identification of potentially criminal acts.

It’s clear technology will continue to evolve and regulators will chase to get to grips with the new realities. Operators will need to be able to identify and adapt to these twin forces and only those that do will thrive and succeed.

*By Malcolm Rutherford, director for Asia Pacific at eConnect