# What to Ask Before Buying an Arcade Machine Security System
Last month I received a message from an arcade operator in Mexico City. He had just spent $4,200 on a “complete security system” for his 15-machine gaming hall. Three weeks after installation, he caught a player using a Bluetooth cheat device on one of his fish tables. The security system never triggered an alarm. When he contacted the seller, they told him the device “only detects certain types of signals” and that Bluetooth relay attacks were “not covered in the basic package.”
He had never asked the right questions before buying. The seller’s website used impressive-sounding terms like “multi-frequency protection” and “advanced threat detection,” but the actual device was a basic RF detector with a fancy case.
Over my 14 years installing anti-cheat hardware across Southeast Asia, Latin America, and the Middle East, I’ve seen this pattern repeat constantly. Operators buy security systems based on marketing language rather than technical reality. Then they discover the gaps when it’s too late.
This article gives you the exact questions to ask any security vendor before you hand over money. These questions will expose vague claims, identify real capabilities, and help you compare products on what actually matters.
## The Problem With Arcade Security Marketing
The arcade anti-cheat industry has a marketing problem. Most vendors describe their products using language that sounds technical but means very little in practice. Terms like “military-grade encryption,” “AI-powered detection,” and “proprietary algorithms” appear on product pages without any verifiable details.
I recently reviewed 12 competitor websites for a client in Thailand. Eight of them claimed “AI detection,” but when I asked for specifics, only two could explain what their system actually learned and how it was trained. The other six were using basic threshold-based detection with a fancy label.
The reality is that effective arcade machine protection comes down to specific, measurable capabilities:
– What frequencies does it monitor?
– What is the detection latency?
– How does it distinguish cheat signals from legitimate wireless traffic?
– What is the documented false positive rate?
– What attack vectors does it actually protect against?
If a vendor can’t give you clear answers to these questions, you’re not buying security. You’re buying a feeling of security.
## Question 1: What Specific Attack Vectors Does This System Protect Against?
This is the most important question, and it’s where most vendors reveal their limitations. A complete answer should cover at least these attack categories:
**RF Signal Interference**
The system should detect electromagnetic signals injected into the machine to manipulate game outcomes. Ask specifically about frequency range (should cover 300MHz-6GHz minimum) and whether it can identify pulse patterns versus continuous signals.
**Bluetooth and Wireless Relay Attacks**
Many modern cheat devices use Bluetooth Low Energy (BLE) to relay information between players. The system must distinguish between normal Bluetooth traffic (headphones, phones) and the specific communication patterns used by cheat hardware.
**Motherboard Trojan Detection**
Some attacks modify the machine’s internal software or replace the game board entirely. Ask whether the security system monitors the motherboard’s behavior for anomalies, or if it’s purely an external detector.
**Joystick and Controller Manipulation**
Analog signal tampering at the input level can give players precise control advantages. The system should monitor voltage ranges on input lines and flag anomalies.
**Data Exfiltration**
In multiplayer or networked machines, result data can leak through side channels. Ask whether the system monitors data output paths.
If the vendor’s answer is vague — “it protects against all common attacks” — press for specifics. Ask them to name the attack methods they’ve tested against and how they validated each one.
## Question 2: What Is the Detection Latency?
Detection latency is the time between a cheat signal being transmitted and the system recognizing it as an attack. This matters because many cheat methods work in milliseconds.
A Bluetooth relay attack on a fish table machine might involve a signal burst lasting 50-100ms. If your security system takes 500ms to process and alert, the cheat has already succeeded before you know it happened.
Ask for the specific latency number in milliseconds. Professional-grade systems should have detection latency under 100ms. If the vendor says “real-time” or “instant” without a number, that’s a red flag.
Also ask about alert latency — the time from detection to when you actually receive the notification. Some systems detect quickly but queue alerts, meaning you might not see the warning for several seconds.
## Question 3: How Does the System Handle False Positives?
False positives are the silent killer of security systems. When your device beeps constantly for legitimate signals, your staff will ignore it. Within two weeks, the system becomes background noise.
A busy arcade environment has dozens of legitimate wireless sources:
– Customer smartphones and smartwatches
– Staff communication radios
– Wireless payment terminals
– Nearby WiFi networks
– Bluetooth headphones and earbuds
– Security cameras with wireless feeds
Ask the vendor:
– What is the documented false positive rate in an active arcade?
– Does the system learn your environment, or does it use fixed thresholds?
– Can you adjust sensitivity without disabling protection?
– What happens when a new wireless device enters your space?
The best systems use adaptive learning. They monitor your arcade’s RF environment for several days, build a baseline of normal activity, and then alert only on signals that deviate significantly from that baseline. Fixed-threshold systems will either miss subtle attacks or generate constant false alarms — there’s no middle ground.
## Question 4: What Is the Installation Process?
Installation complexity reveals a lot about how deeply the system integrates with your machines. There are three general approaches:
**External Monitoring**
The device sits on or near the cabinet and monitors wireless signals in the area. Installation is simple — mount the device, connect power, configure alerts. However, external monitoring has limited effectiveness since it can’t see internal machine signals.
**Cabinet Integration**
The device mounts inside the cabinet and connects to internal power. It may monitor the airspace inside the cabinet, which is cleaner than external monitoring. Installation requires opening the cabinet but doesn’t modify machine electronics.
**Motherboard Integration**
The device connects directly to the motherboard and I/O board, monitoring actual signal paths. This provides the most comprehensive protection but requires technical installation and may affect machine warranties.
Ask the vendor which approach their system uses. If they claim “full protection” but only offer external monitoring, they’re overselling. Also ask whether they provide installation support or documentation. A system that requires motherboard integration but comes with only a generic manual is a recipe for installation errors.
## Question 5: What Ongoing Support and Updates Are Included?
Cheat methods evolve. A security system that can’t adapt will become ineffective within 12-18 months as attackers develop new techniques.
Ask specifically:
– How often does the vendor release detection signature updates?
– Are updates included in the purchase price, or is there a subscription fee?
– How are updates delivered — physical visit, remote connection, or self-service?
– What is the vendor’s track record for responding to new cheat methods?
– Is there a warranty, and what does it cover?
One operator in Brazil bought a system that promised “lifetime updates.” Six months later, the vendor’s website disappeared. The device still worked for known attack patterns, but new cheat methods went undetected. “Lifetime” only matters if the company stays in business.
## Question 6: Can You Provide References From Similar Operations?
This is a question that separates established vendors from resellers and fly-by-night operations. A legitimate security provider should be able to connect you with existing customers who operate similar machines in similar environments.
When you speak with references, ask:
– How long have they used the system?
– How many false positives do they get per week?
– Have they caught actual cheating attempts?
– How responsive is the vendor’s support?
– Would they buy from this vendor again?
Be cautious if the vendor only provides testimonials without contact information, or if all their references are from completely different types of operations (like office buildings instead of gaming halls).
## Question 7: What Happens When the System Detects an Attack?
Detection without response is only half a solution. Ask the vendor to walk you through the complete incident flow:
1. **Alert delivery** — How do you receive notifications? Loud alarm, silent alert to phone, dashboard notification?
2. **Alert detail** — What information does the alert include? Just “attack detected” or specific details about attack type and location?
3. **Logging** — Does the system record detection events for later review?
4. **Integration** — Can it trigger other systems like security cameras or access control?
5. **Response guidance** — Does the vendor provide guidance on how to respond to different attack types?
A system that screams “ALERT! ALERT!” without telling you what happened or what to do next will create panic without solving problems.
## Question 8: What Are the Total Costs of Ownership?
The purchase price is just the beginning. Calculate the full cost over three years:
– **Initial hardware cost** — Price per unit, quantity discounts
– **Installation cost** — Professional installation or your time
– **Training cost** — Teaching staff to use and respond to the system
– **Update costs** — Subscription fees for signature updates
– **Maintenance** — Calibration, hardware replacement, cleaning
– **Support costs** — Phone support, on-site visits, warranty claims
One vendor might charge $200 per unit with no ongoing fees. Another charges $300 per unit with a $50/year update subscription. Over three years, the “cheaper” option actually costs more.
## Red Flags That Should Make You Walk Away
During your conversations with vendors, watch for these warning signs:
**Vague technical answers** — If they can’t explain how their technology works in specific terms, they probably don’t understand it themselves.
**Pressure to buy immediately** — “This price is only good today” or “We only have three units left” are classic high-pressure tactics. Professional security vendors don’t need urgency tricks.
**No trial period** — A vendor confident in their product should offer a way to test it in your environment before committing to a large purchase.
**No physical address** — If the vendor only exists as a website and email address, you have no recourse if something goes wrong.
**Claims of “100% protection”** — No security system is perfect. Honest vendors will discuss limitations and edge cases.
**Reluctance to provide references** — If they won’t let you speak with existing customers, ask yourself what they’re hiding.
## How to Document Your Evaluation
I recommend creating a simple scorecard when comparing vendors. Rate each vendor 1-5 on these criteria:
| Criteria | Vendor A | Vendor B | Vendor C |
|———-|———-|———-|———-|
| Attack vector coverage | | | |
| Detection latency | | | |
| False positive handling | | | |
| Installation support | | | |
| Update policy | | | |
| Customer references | | | |
| Total cost (3 years) | | | |
| Incident response features | | | |
This prevents you from making decisions based on a single factor like price or a slick website.
## Frequently Asked Questions
### Q: Should I buy from a local distributor or directly from the manufacturer?
A: Both have advantages. Local distributors can provide faster support and installation services. Manufacturers often have deeper technical knowledge and may offer better pricing on volume orders. If buying through a distributor, verify that they’re authorized and that warranty support flows through properly.
### Q: How many machines can one security system protect?
A: This depends entirely on the system architecture. External monitoring devices typically cover one cabinet each. Centralized monitoring systems can aggregate data from multiple devices but still require one detection unit per machine. Ask the vendor for specific scaling guidance.
### Q: Can I mix security systems from different vendors?
A: Technically yes, but it’s rarely efficient. Different systems may conflict with each other, create overlapping alerts, or leave gaps where neither system monitors effectively. Standardizing on one vendor’s ecosystem usually provides better overall protection.
### Q: What certifications should I look for?
A: Certifications in the arcade security space are limited. FCC or CE compliance indicates the device meets electromagnetic emissions standards, which is important but doesn’t guarantee effectiveness. Look for vendors who can demonstrate independent testing rather than relying solely on certification badges.
### Q: How do I know if a vendor will still be in business next year?
A: Check how long they’ve been operating, whether they have a physical presence, and whether they have an established customer base. New companies aren’t necessarily bad, but established vendors with a track record are lower risk for long-term support.
### Q: Is it worth buying a cheaper system and upgrading later?
A: Usually not. Cheaper systems often lack the integration points needed for upgrade paths. You’ll end up replacing the entire system rather than upgrading components. It’s better to buy the right system once than to buy twice.
## What to Do Next
Before you contact any vendor, document your current situation. How many machines do you operate? What types? What specific symptoms have you observed? Have you identified particular attack methods, or are you looking for general protection?
Send me a description of your operation — machine types, location, any incidents you’ve experienced — and I’ll help you prioritize which questions matter most for your specific situation. I’ve evaluated security systems for operations ranging from single-machine arcades to 200-machine gaming halls, and the right questions depend heavily on your scale and environment.
Don’t let a vendor’s sales pitch replace your own due diligence. The 30 minutes you spend asking these questions could save you thousands of dollars and months of frustration.