GLI-18 Promotional Systems v2.1: Certification Requirements for Casino Promotions, Player Tracking, and Loyalty Programmes

GLI-18: Standards for Promotional Systems in Casinos, version 2.1, released 6 September 2011 by Gaming Laboratories International (GLI), sets the minimum technical and operational requirements that a Promotional Host System and its associated devices must satisfy before receiving certification. Suppliers deploying player tracking systems, slot club platforms, loyalty programmes, or any system that transfers promotional credits to electronic gaming devices (EGDs) must certify against this standard. Operators accepting uncertified promotional systems into their casino environments risk regulatory non-compliance in every jurisdiction that mandates GLI-18 conformance.

Scope: What GLI-18 Governs and What It Does Not

GLI-18 v2.1 section 1.3.3 defines its scope precisely: the standard governs Promotional Host Systems and Device requirements necessary to achieve certification. It does not govern cashless or bonusing system requirements. Suppliers whose products perform electronic fund transfers outside the promotional context must refer to GLI-16 (Standards for Cashless Systems and Technologies) for cashless transactions, and to GLI-17 (Standards for Bonusing Systems in Casinos) for bonus awards triggered by gaming machine events rather than patron account activity. GLI-18 section 1.3.4 makes this boundary explicit, and labs will decline to certify cashless or bonusing functionality under GLI-18.

The standard governs two types of promotional award. Static promotional awards are those based on predefined criteria that do not require patron or gaming machine activity prior to redemption and are generally single-instance use, such as coupons or cards that can be inserted into devices to entitle the player to free credits. Dynamic promotional awards are tied to a patron’s account and reflect ongoing play activity, enabling marketing departments and slot club operations to reward patrons through direct monetary transfers from the host system. GLI-18 v2.1 section 1.1.1 distinguishes these categories, with static awards relying on credential verification at point of redemption while dynamic awards require continuous account-level tracking, parameter management, and audit log maintenance.

A key accounting assumption underpins the entire standard: all promotional credits awarded under the GLI-18 framework are assumed to have no impact on the calculation of theoretical payback percentage for a gaming machine. GLI-18 v2.1 section 1.1.1 requires that provisions be made to ensure awards are metered uniquely by the gaming device so they will not affect hold percentage calculations. This separation of promotional accounting from game accounting is a non-negotiable design requirement.

What Is GLI-18 Certification? Two Mandatory Phases

GLI-18 v2.1 section 1.1.2 requires that the approval of a Promotional System be certified in two phases. No promotional system may go live having completed only the first phase.

The first phase is initial laboratory testing, where the test laboratory tests the integrity of the system in conjunction with EGDs, with the equipment assembled in the laboratory setting. This phase validates system architecture, communication protocols, audit log functionality, software integrity mechanisms, and patron identification procedures against the standard’s requirements.

The second phase is on-site certification, where communications and setup are tested on the casino floor prior to implementation. This field-based phase verifies that the laboratory-tested configuration translates correctly into the live casino environment, including network hub security, device identification on the floor, and communication stability between the host and the EGDs. Both phases must be completed and signed off by the test laboratory before a certificate of compliance is issued.

GLI-18 v2.1 section 1.3.1 states the certification purpose in three parts: to eliminate subjective criteria in analysing and certifying Promotional System operation, to test only those criteria which impact the credibility and integrity of gaming from both the Revenue Collection and game play point of view, and to create a standard that will ensure that Promotional Systems in Casinos are fair, secure, and able to be audited and operated correctly. These three principles govern how labs interpret ambiguous implementation scenarios.

Device-Level Requirements: Audit Trails and Transaction Logging

GLI-18 v2.1 section 2.1.3 sets the minimum audit trail requirement for every promotional gaming device. Each device must have the ability to recall the last 25 promotional transactions received from the host system and the last 25 promotional transactions transmitted to the host system. Where a gaming device has Bonusing or host-Cashless features enabled simultaneously with promotional features, a single 100-event log is sufficient provided it meets the combined data requirements. The log must display the type of transaction, including whether it is an upload or download and any credit restrictions (cashable or non-cashable); the transaction value, and the time and date.

Section 2.1.2 adds a configuration requirement: any Gaming Device that allows promotional gaming as a selectable feature must conform to the Configuration Setting requirements in GLI-11 Gaming Devices in Casinos, section 2.13.4, because a promotional feature impacts the electronic accounting meters. Suppliers integrating promotional capability into multi-function EGDs must confirm their GLI-11 configuration compliance before submitting under GLI-18.

Error handling at the device level is addressed in section 2.1.6. The system must monitor specified error conditions and display messages to the patron indicating the reason for any transaction failure. The two mandatory error states are: invalid PIN or Player ID (the system may prompt for re-entry up to a maximum number of attempts); and Account Unknown. Where a promotional transaction would exceed a device’s configured credit limit, section 2.1.7 requires that the patron be clearly notified they have received or deposited less than requested, to avoid patron disputes.

Host System Requirements: Parameter Control and Unauthorised Transaction Prevention

GLI-18 v2.1 section 2.2 addresses the host system’s obligations for parameter security and communication robustness. Section 2.2.1 requires the communication process to be robust and stable enough to secure each promotional transaction such that failure events can be identified and logged for subsequent audit and reconciliation.

Section 2.2.2 sets out the change management log requirement. All changes to parameters that may impact promotion redemption frequency or amount must be logged, capturing who made the change, the altered parameter, the time and date of change, the parameter value before and after the change, and the reason for the parameter adjustment. The requirement is a minimum standard, not a best-practice recommendation, and any promotional system that cannot produce this log on demand will fail certification testing.

“All changes to parameters that may impact promotion redemption frequency or amount, must be logged indicating: a) who made the change, b) the altered parameter, c) the time and date of change, d) the parameter value before and after the change, and e) the reason for the parameter adjustment.”

Section 2.2.3 specifies the minimum controls required to prevent unauthorised transactions. Network hubs must be secured in a locked or monitored room or area, with no access permitted on any node without valid login and password credentials. These controls are tested during both the laboratory phase and the on-site phase. A system that relies on open network architecture without node-level authentication will not satisfy this requirement.

Section 2.2.5 addresses communication loss. If communication between the promotional accounting system and the gaming device is lost, promotional transfers must not be processed until communications are re-established. The standard recommends that the game or interface element provide a means for informing the player that promotional transfers cannot currently be processed for any player-initiated transfers. The player notification is a recommendation, the suspension of transfers during a communication outage is mandatory.

Central System Audit Trails

GLI-18 v2.1 section 2.3.1 requires the central system to have the ability to produce logs for all complete promotional transactions, including the same information required on gaming machine audit logs. These central logs must be filterable by machine number, patron account, or promotional identification. This three-way filterability is a certification test criterion and systems that produce monolithic logs without filterable fields will not pass.

Section 2.3.2 requires that the player be provided the ability to review a complete and comprehensive transaction report of all promotional transactions concluded, indicating each separate transaction with amount. The standard notes this audit trail can be accessed on the gaming device via the card reader or equivalent, or such information can be requested from the host system. The access method is at the operator’s discretion, but the player’s right to retrieve the information is mandatory.

Requirement	Applies to	Mandatory or Recommended	GLI-18 v2.1 Section
25-transaction device audit log (send and receive)	Promotional Gaming Device	Mandatory	2.1.3
100-event combined log (if Bonusing/Cashless also enabled)	Promotional Gaming Device	Mandatory (alternative)	2.1.3
Error message display for transaction failures	Promotional Gaming Device	Mandatory	2.1.6
Player notification when transfer is below requested amount	Promotional Gaming Device	Mandatory	2.1.7
Parameter change log (who, what, when, before/after, reason)	Host System	Mandatory	2.2.2
Network hub access controls (locked/monitored + login/password)	Host System	Mandatory	2.2.3
Suspension of transfers during communication loss	Host System	Mandatory	2.2.5
Player notification during communication loss	Host System / Device	Recommended	2.2.5
Central log filterable by machine, patron account, promotion ID	Central System	Mandatory	2.3.1
Player access to full transaction report	Central System or Device	Mandatory	2.3.2

How Does Patron Identification Work Under GLI-18?

GLI-18 v2.1 section 2.5.1 addresses patron identification for account-tied awards. A casino typically issues a patron a unique magnetic card and may require a personal identification number (PIN), in conjunction with an account on the host system’s database, although the standard permits any method of uniquely identifying patrons. All transactions between a supporting gaming machine and the host system must be secured either by card insertion into a magnetic card reader attached to the host system or other protected means. The promotional options are presented on the LCD or VFD display of the card reader and should require selection using a keypad or touchscreen before the transaction occurs.

The standard is technology-neutral on the identification method: biometric, RFID, or mobile-based identification may be implemented provided the transaction security requirement is met. GLI-18 v2.1 section 1.3.2 explicitly states that the document should not be read as limiting the use of future technology. The test laboratory will assess any non-card-based identification method against the underlying security principle rather than rejecting it for not matching the magnetic card reader example.

Section 2.5.2 defines three and only three ways promotional credits may be removed from a player’s account: downloading the promotional credits to the gaming device, redeeming the promotional credits for merchandise or cash via a cashier, or expiration of the promotional credits. Section 2.5.3 permits players to move some of their system promotional credits between accounts, subject to host system controls, but does not permit transfers outside these defined channels.

Software Verification and Independent Integrity Checks

GLI-18 v2.1 section 2.6 requires each system component that affects the integrity of the system to have the ability to allow for an independent integrity check of the component’s software critical to its operation, from an outside source. This must be accomplished by authenticating via a third-party device, which may be embedded within the component’s software or accessible via an interface port for a third-party device to authenticate the media. The test laboratory must approve the integrity check method prior to system or component approval.

Where the authentication programme is contained within the software itself, the manufacturer must receive written approval from the test laboratory before submission. This written-approval requirement is a common point of delay in certification engagements: suppliers who embed their own authentication routines and proceed to submission without prior written approval will face an interruption to the certification process. The approval request should be submitted as part of pre-submission consultation, not at the point of formal testing.

“Each component within the System, that would affect the integrity of the System, must have the ability to allow for an independent integrity check of the component’s software that is critical to its operation, from an outside source.”

Promotional Device Identification on the Casino Floor

GLI-18 v2.1 section 2.1.8 requires that a patron be able to identify each machine that supports a promotion by a means left to the discretion of the individual jurisdiction. The standard provides three illustrative examples: removing display menu items that pertain to promotional operation for gaming machines not participating, providing a host message indicating promotional capability, or applying a specific sticker on participating gaming machines. The identification method chosen must be approved by the applicable regulatory authority. This section is the primary point at which jurisdiction-specific requirements override GLI-18’s baseline, as a jurisdiction may require a specific identification method that the standard itself leaves optional.

Compliance teams operating across multiple jurisdictions, particularly those managing property-level deployments in North American markets where AGCO, AGLC, or state-level gaming control boards have adopted GLI-18, should verify the jurisdiction’s specific floor-identification requirement before the on-site certification phase. Proceeding to on-site inspection without pre-confirming the jurisdiction’s preferred machine-identification method risks a failed inspection. For a broader comparison of how Ontario and Alberta apply GLI standards in their respective iGaming frameworks, see our article on AGCO vs AGLC key differences in Ontario and Alberta internet gaming regulation.

GLI-18 and Its Relationship to the Broader GLI Standard Family

GLI-18 does not operate in isolation. Section 1.4.1 identifies the related standards that may apply to a full promotional system deployment. GLI-11 (Gaming Devices in Casinos) governs device-level configuration requirements that promotional EGDs must satisfy alongside the GLI-18 requirements. GLI-13 (On-Line Monitoring and Control Systems) governs the monitoring and control layer that communicates with promotional devices. GLI-16 (Cashless Systems and Technologies) governs any electronic fund transfer mechanisms that are separate from the promotional credit system. GLI-17 (Bonusing Systems) governs bonus awards that arise from gaming machine events rather than patron account activity.

In practice, a casino floor system frequently involves components governed by all five standards simultaneously. A gaming device may have promotional, cashless, and bonusing features enabled at the same time. In that scenario, the audit log requirements compound: GLI-18 section 2.1.3 permits the 100-event combined log where Bonusing or Cashless features are also enabled, but all transaction types must be captured within that log and the device must remain compliant with each applicable standard’s individual requirements. Certification submissions that span multiple standards should be scoped carefully with the test laboratory to confirm which standards govern which components and whether combined or separate certification submissions are appropriate.

For compliance professionals navigating the broader GLI certification landscape across interactive gaming and event wagering, our article on GLI-19 vs GLI-33: choosing the right standard for your certification path addresses the structural differences between those two standards, which govern distinct system architectures from the ones covered by GLI-18.

Restricted Credits and Credit Priority Rules

GLI-18 v2.1 section 2.1.4 establishes a credit-priority rule for restricted promotional credits. Restricted (non-cashable) promotional credits must be committed first, before any non-restricted credits are applied. This ordering rule exists to protect the integrity of wagering requirements associated with non-cashable promotions, as applying cashable credits first would allow a patron to withdraw funds before satisfying the wagering condition attached to a restricted award. Any promotional system that does not enforce this credit priority at the device level will fail certification testing on this requirement.

The distinction between cashable and non-cashable credits also feeds directly into the transaction type display requirement in section 2.1.3. The audit log must record whether each transaction is cashable or non-cashable, which means the system must track credit type throughout the promotional lifecycle from award through redemption or expiration.

Diagnostic Access Controls

GLI-18 v2.1 section 2.2.4 addresses diagnostic access to the promotional system. Diagnostic activities that affect gaming machine associated meters must be attributable to specific accounts and to the individual or individuals tasked to perform those diagnostics. All promotional diagnostic activity that affects gaming machine associated meters must be auditable by the local regulatory group. This requirement ensures that any test or maintenance access to the system that could alter credit balances or meter readings leaves a traceable record tied to a named individual, preventing post-incident attribution disputes.

Suppliers should implement role-based access controls at the diagnostic level, with each diagnostic role assigned a unique login credential and a defined scope of permitted actions. The test laboratory will verify during certification that diagnostic access cannot be performed anonymously and that the audit trail identifies the individual performing each diagnostic action. Operators with questions about how the local regulatory group’s audit access expectations apply in a specific jurisdiction should consult qualified legal counsel.

Key Resources

GLI-18: Standards for Promotional Systems in Casinos, Version 2.1 (Gaming Laboratories International, released 6 September 2011), primary standard document. Available via the GLI product certification request process at gaminglabs.com.

GLI-17: Standards for Bonusing Systems in Casinos, Version 1.3 (Gaming Laboratories International), governs bonus awards triggered by gaming machine events, distinct from patron-account-based promotional awards under GLI-18.

GLI-16: Standards for Cashless Systems and Technologies, Version 3.0 (Gaming Laboratories International), governs cashless electronic transactions, explicitly excludes promotional account systems from its scope.

GLI-11: Gaming Devices in Casinos (Gaming Laboratories International), device-level configuration standard referenced by GLI-18 section 2.1.2 for promotional EGD configuration requirements.

GLI-13: On-Line Monitoring and Control Systems (MCS) and Validation Systems in Casinos (Gaming Laboratories International), monitoring and control layer referenced by GLI-18 for system-level communication requirements. To begin your GLI-18 certification engagement or to assess your current promotional system’s readiness for testing, contact a GLI-accredited test laboratory or consult with a gaming compliance professional familiar with your jurisdiction’s specific regulatory expectations.