The Three “D’s” of Surveillance

Principles for operating successfully in a modern casino environment

In the movie Dodgeball, the fictional dodgeball all-star Patches O’Houlihan talks about the “Five D’s of Dodgeball: Dodge, Duck, Dip, Dive and Dodge,” the joke being, of course, that Dodge is mentioned twice.

In the casino surveillance field, we can make an argument that there are “Three D’s of Surveillance: Deter, Detect, and Deal with.” Which, at least, means that I have not repeated myself with any of the topics, but what are these things really? Do we all agree with them and their relative importance? What priority should we assign each one in the competition for resources and demands upon time?


Deter is the most overarching of the D’s. The one that encompasses the greatest timeframe and, to some degree, the one that is the most passive of the three, while simultaneously being the most important.

From the American Heritage Dictionary:

Deter (v.)

  1. To prevent or discourage from acting, as by means of fear or doubt.
  2. To prevent or discourage (an action or behavior).
  3. To make less likely or prevent from happening.

The ultimate goal of any surveillance or security system is to deter activity, typically criminal activity. You do not want clients, guests, or team members to believe that they can steal from you, defraud you in any way, or collude with others to achieve one of these outcomes.

I used to phrase it as follows – everyone who aims to steal from or defraud an organization has a risk/reward scenario built up in their head.

While the balance of the risks willing to be undertaken varies by individual against the potential reward to be gained, I believe that such a determination is always there. My job, and the jobs of the teams that I recruited and managed, was to alter the perceived balance of that model, with the goal to raise the perceived risk of being caught, with all the negative connotations that this gives rise to, while still lowering the potential rewards available.

As an aside, this also implies that the risks should be real risks. Not just the loss of employment, but the potential for law enforcement involvement. Back when I started in the casino business, there were a few cases where team members caught stealing were just allowed to resign because the operation did not want “bad publicity.” In my opinion, this was counterproductive since it sent the message that stealing from us only generated a “slap on the wrist,” and that the criminal was able to simply move on, without sanction, to perpetrate their crimes elsewhere.

So, with that being said, how do we deter harmful activities our properties? Solid, well-written policies and procedures are an excellent start. If you design these well, then the only way left for people to defraud or steal is to circumvent what they should be doing, which provides a tell that we will deal with in Detect below. Also, there is no real reason that policies and procedures need to be written to be so onerous or complicated to carry out that people instinctively try to circumvent them. They can be written to keep the games and cage, food and beverage and slot operations flowing smoothly, while also being secure. This is an area where knowledgeable stakeholders, who will have to be involved in the day-to-day running of their departments, and thus dealing with the practicality of the developed procedures, should be involved in their drafting.

Once you have the policies and procedures in place, make sure that your team members know them and adhere to them. As alluded to above, one of the best “tells” that something is suspicious is when policies and procedures are not being followed by people who should know better. Enforcing policies and procedures closes loopholes for team members to work on their own account, or in collusion with player agents to defraud the system, enhancing security.


Make sure that team members and guests know that they are being watched – at least potentially so, and that discrepancies will be investigated thoroughly. This is where “active” surveillance comes in, focusing resources on areas that seem to be concentrated with an issue or problem, not wasting them on random patrols of the gaming floor, hoping to stumble across something.

With the real dangers to operational profitability out of the way, what is left is outside theft, which is usually much harder to pull off and much less lucrative. Where it is not, you can, almost inevitably, trace the root cause back to a failure of policy and procedure. I cannot stress enough that this is, first and always, your major deterrent.

Detect (v.)

  1. to discover or catch (a person) in the performance of some act: to detect someone cheating.
  2. to discover the existence of: to detect the odor of gas.
  3. to find out the true character or activity of: to detect a spy.

As mentioned above, one of the easiest ways to detect issues such as fraud, theft and collusion is to watch for the patterns of activity that bypass policies and procedures. Sometimes these procedural violations stand out between peers because the activities of the would-be thief naturally differ from the activities of an honest team member. This is where the likes of exception-based reporting come into play.

As a colleague of mine is wont to say, “the thief has to cash out.” Anyone who wishes to commit fraud or theft has to obtain financial instruments, most typically cash or chips, or even TITO vouchers, turn them into cash, and then get away with this cash successfully. Every step in this process is an opportunity for the surveillance department to detect part of the transaction and to Deal with it, which is the next step in the process.

The suspect may attempt to obscure the trail of funds, but each action they take is another opportunity for surveillance to detect and thwart the activity. In order to do this, your surveillance team must have both the ability and willingness to analyze the data. If you are relying solely on “active patrols,” then only the simplest of thefts will be detected. You might stumble upon someone taking money from a cash drawer and putting it in their pocket, or someone dropping a cash chip on the floor and placing it in their shoe, but more sophisticated heists will rarely be “witnessed live.”

It is essential that you utilize all possible data analytics tools, and therefore all possible associated data, to build up a picture of what is going on. Indeed, in my experience it has often been the case that until you have a working hypothesis of what is being done, it is difficult to decide what you need to watch for on the camera. Only when you have a clear picture of the steps that the suspected fraudster is taking, can you determine when and if elements of theft are even visible.

Surveillance departments should have access to all the data systems and data analytics tools that the casino operates, as well as receive consistent training to undertake data analysis and successfully use the tools obtained. Only then will you be capable of undertaking the detection of the more complex, and thus more lucrative, frauds and thefts perpetrated against your operation.

Deal With

Since it’s not a single word, Deal with is slightly different when it comes to a definition. However, we might think of deal with as:

Deal With (verbal phrase)

  1. to handle verbally or in some form of artistic expression; to addressor discuss as a subject.
  2. to take action with respect to (someone or something).
  3. to consider, as an example.

As you might imagine, I am going to concentrate on the second definition listed above. A major factor in any plan of deterrence is that once you have detected wrongdoing, you act swiftly, decisively, and without fear or favor, to deal with the perpetrators and the overall situation.

So, what could be meant by this somewhat ambiguous phrase?

Well, for example, clearly what I do not mean here is to “deal with” in the same manner as what used to happen to people who ended up on the wrong side of the casino management and owners back when the Mob ran Las Vegas. In terms of that, being dealt with might see you stuffed in an oil drum and dumped in Lake Mead, only to resurface in 2022, when the lake levels dropped far enough to expose your final resting place. While satisfying as a flight of fancy, we live in a corporate world now, thank goodness, and there should be rules for dealing with almost any eventuality.

Indeed, this is another area where firm policies and procedures will reap dividends. In my experience, team members crave consistency when it comes to the application of policies and the rewards and punishments that operational management are authorized to implement. There is little more detrimental to team member morale than seeing “one rule for them and one rule for us.” Humans, actually most animals in general, have an intrinsic conception of “fairness,” and even fairly draconian solutions will be accepted if they are perceived to be both fair and applied with consistency across departments and team members.

Above all, the internal theft and fraud policies should be stated clearly and openly. This should be widely promulgated to team members with its receipt and acknowledgement recorded. The communication of these policies should include an initial assumption of innocence, but investigations should be carried out in an unbiased manner and without regard to who the individual being investigated is, and who he or she might be related to. This can be difficult in certain times, locations, and situations, but unbiased and ethical investigations should be leveraged at minimum.

If the evidence of some form of malfeasance is deemed sufficient, then the previously decided upon sanctions, as detailed in the company policies and procedures, should be followed. Whether this would require termination, the involvement of law enforcement, or some civil penalty.

I also consider it very important, for the benefit of deterrence, that these outcomes should be publicized widely within the organization, if not necessarily outside of it. There is often a temptation to keep things secret when “clearing house,” a desire “not to air dirty laundry in public.” But this can be damaging to an organization when team members who may be, at least vaguely, aware of what has been going on, are then left in ignorance of the consequences.

Clear, decisive outcomes are always better than obscure, ambiguous ones. In addition, knowing that theft and fraud will be dealt with openly and fairly will reassure innocent team members while deterring those who might, in other circumstances, be willing to “take a chance” with fraud or theft.

In addition, while I have concentrated on fraud and theft in these descriptions, as a model it works equally well if we substitute anti-money laundering (AML) or responsible gaming for fraud and theft. In each case you would like to deter those who may wish to circumvent legal requirements for the operation, whether that would be through laundering money or coming back in the casino to play after self-excluding themselves. You would aim to detect those who have not been sufficiently deterred and who have tried to gamble when they should not, or launder money or proceed with crime. Then, once you have detected these individuals or groups of individuals, you want to deal with them, in line with the policies and procedures that you have decided upon. So, for me, these “three d’s” are the major planks on which a surveillance department can operate in a modern casino environment.