I Banned One Player and My Revenue Went Up 15% — What Was He Doing?

In February 2025, an arcade operator in Dubai contacted me with a problem he did not initially understand. His 12-machine arcade in a mid-range shopping mall had been performing around AED 4,200 per day — roughly AED 350 per machine. This was slightly below his projections but not alarming enough to trigger immediate concern. Then he banned a single player who had been coming in four times a week, and within 14 days, daily revenue across six machines — not just the ones the player used — jumped to AED 4,830. That is a 15% increase, about AED 630 more per day, or roughly AED 230,000 more per year. He called me asking a question that has come up in my work across Eastern Europe and the Middle East more times than I can count: what exactly was that one player doing to suppress revenue across an entire arcade, and how many other operators are losing money to the same thing without knowing it?

This article examines what the post-ban data reveals about how individual cheaters operate, how their impact extends beyond their own winnings, and how operators can identify the same patterns before the damage compounds for months or years.

The Revenue Impact That Doesn’t Show Up in the Ledger

When an operator in Dubai bans one player and revenue jumps 15%, the natural assumption is that the banned player was simply withdrawing a lot of money. But the math does not support this. In the Dubai case, the banned player’s recorded winnings averaged about AED 280 per session, four sessions per week. That is AED 1,120 per week in visible losses for the house. Over a year, that is approximately AED 58,000 — not trivial, but also not enough to explain a AED 230,000 annual revenue swing.

Where does the remaining AED 172,000 come from? This is the question that drives most of my forensic work. The answer lies in what I call secondary revenue suppression — the ways a cheater’s presence reduces revenue from other, legitimate players.

In Eastern Europe, I analyzed a similar case at an arcade in Bucharest. A cheater who was clearly exploiting a firmware vulnerability on four machines was banned in November 2024. Post-ban, daily revenue across those four machines rose 22% within the first week and stabilized at 18% above the pre-ban average by week three. The cheater’s own recorded winnings accounted for only about 40% of the total revenue recovery. The remaining 60% came from legitimate players who, in the cheater’s absence, played longer sessions, bet higher amounts, and returned more frequently.

The mechanism is straightforward once you see it. When a cheater occupies a machine, legitimate players either cannot access it or observe the cheater winning consistently and become discouraged. A player who sees someone else clean out a machine multiple times is less likely to put their own money in. The machine looks “cold” or “tight,” and the observer walks away. Multiplied across hundreds of potential sessions, this behavioral suppression effect can exceed the cheater’s direct winnings.

Reverse-Engineering the Cheater’s Method from Machine Data

The Dubai case provided rich audit data because the operator had recently upgraded to machines with per-round logging. Here is what the data revealed.

The banned player concentrated on six specific machines. His session logs showed a pattern that stood out immediately: he never lost more than 8% of his session buy-in. A normal player’s session can end anywhere from losing 100% to winning some percentage. This player’s sessions were remarkably tight — his worst session among 60 logged sessions was a loss of 7.8% of buy-in, and his best was a win of 340%.

When I graphed his per-round results, a second pattern emerged. Approximately every 40 to 50 rounds, his win rate would spike dramatically — sometimes 400% to 600% above baseline for 5 to 10 rounds — then return to near-break-even. These spikes correlated with specific fish spawn patterns. He was not winning consistently. He was losing slightly most of the time, then hitting enormous payouts at predictable intervals.

This pattern is characteristic of what I call a trigger-condition exploit. The cheater had identified a specific combination of game states — particular fish types on screen at the same time, or a specific sequence of prior kills, or a particular bonus meter fill level — that caused the machine’s payout logic to enter a vulnerable state. He would play conservatively until the trigger condition appeared, then maximize his bet size through the exploit window, and return to conservative play afterward.

I have seen this exact pattern in machines across Poland, the Czech Republic, and the UAE. The cheaters tend to be methodical. They log their results. They identify edge cases in the firmware that the developers never anticipated. And they exploit those edge cases for as long as they can before detection.

Why Other Players Left When This Player Was Present

The secondary revenue effect requires closer examination because it is the part most operators miss.

In the Dubai arcade, the banned player typically occupied a machine for 2 to 3 hours per session. During those hours, the other machines in the same row — even the ones he was not playing — saw reduced usage. Staff interviews confirmed that other regular players would arrive, see the cheater on “their” machines, and either leave or wait. Some waited 20 or 30 minutes, then left without playing.

There is a social psychology element to this that matters. Regular players develop relationships with specific machines. They believe certain machines are “lucky” or that they understand the rhythm of a particular cabinet. When a stranger occupies that machine for hours — and appears to be winning heavily — the regular player experiences a double deterrent: their preferred machine is unavailable, and the visible winning suggests the machine might be “paid out” for the session.

This is irrational from a probability standpoint — fish table games do not “pay out” in the sense of having a finite pot that gets exhausted — but it is real in terms of player behavior. I have documented machine-specific utilization drops of 30% to 50% on machines adjacent to those occupied by known cheaters, compared to the same machines during comparable time periods without the cheater present.

In the Bucharest case, the operator reported that three regular players who had stopped coming returned within two weeks of the ban. These three players had not been told about the ban. They simply noticed the cheater was gone and resumed their normal routines. Their combined weekly spend was roughly EUR 340 — about EUR 17,700 per year. Their departure and return had nothing to do with the machine odds and everything to do with the social environment the cheater created.

Identifying This Pattern in Your Arcade

The Dubai and Bucharest cases share characteristics that operators can learn from. Here is a checklist for identifying a similar situation.

Indicator 1: Session-length asymmetry. Cheaters who exploit trigger conditions often play unusually long sessions — 2 to 5 hours — because they are waiting for the vulnerable window. A player who consistently plays for hours without substantial losses is worth examining. Record session duration and net result for suspected players.

Indicator 2: Win-rate spikes at regular intervals. If your machines log per-round data, graph the player’s cumulative profit over time. A smooth upward curve suggests consistent winning — rare and suspicious but possible through skill. A stair-step pattern — flat or slightly declining, then a sharp vertical jump, repeating — suggests trigger-condition exploitation. The intervals between jumps may correspond to specific in-game cycles.

Indicator 3: Machine preference that cannot be explained by location or condition. The cheater in Dubai preferred six specific machines. Two of them were in a less desirable location — near the restroom hallway, with less foot traffic. There was no customer-experience reason to prefer these machines. The explanation was technical: these six machines shared the same firmware version and hardware revision, and the exploit only worked on that configuration.

Indicator 4: Drop in other players’ activity during the cheater’s sessions. Compare machine utilization during the cheater’s presence versus comparable time slots when they are absent. If adjacent machines consistently see 20%+ lower utilization when the cheater is present, secondary revenue suppression is occurring.

Indicator 5: Revenue recovery after absence. The most convincing evidence is what happens when the player does not show up. Track daily revenue for the machines the suspect uses on days when they are absent versus days when they are present. A 10% or greater swing, sustained over multiple data points, is significant.

FAQ

Q: How do I know if banning one player will actually increase my revenue?

A: Run a two-week comparison. For two weeks with the suspect present, record daily revenue per machine, session counts per machine, and average session duration. Then ban or temporarily exclude the suspect and record the same metrics for two weeks. If revenue rises significantly beyond what seasonal variation would explain, the suspect was suppressing revenue — either directly through winnings or indirectly through the behavioral effects described above. The Dubai operator saw results within three days; the Bucharest operator saw them within seven.

Q: What if the player threatens legal action after being banned?

A: This depends on jurisdiction. In most countries, private businesses have broad discretion to refuse service as long as the refusal is not based on a protected characteristic. Document the business justification — unusual win patterns, machine audit data, and the post-ban revenue data if you have it. In the cases I have been involved with across Eastern Europe and the Middle East, no banned cheater has successfully pursued legal action. They typically move on to the next target arcade.

Q: Could the revenue increase be coincidental — maybe a holiday or promotion?

A: Always control for confounding variables. Compare the post-ban period to the same calendar period in previous years. Exclude days with known promotions, holidays, or special events. Use per-machine data rather than aggregate arcade data. In the Dubai case, the revenue increase was confined to the six machines the banned player had used. The other six machines showed no significant change. This machine-level specificity rules out general factors like weather, holidays, or mall traffic changes.

Q: Are staff sometimes involved in these schemes?

A: Yes, and this complicates the post-ban analysis. In approximately 20% to 25% of the cases I have studied, a staff member was providing the cheater with information — machine access patterns, security camera blind spots, audit schedules. If you ban a player and revenue goes up but later drops again within a few weeks, consider the possibility that a staff member has recruited or is working with a replacement cheater. The underlying vulnerability remains, and someone knows about it.

Q: If my machines don’t log per-round data, how can I detect this pattern?

A: Manual tracking works for suspected individuals. Assign a trusted staff member to observe the suspect for three sessions and record: starting balance, ending balance, approximate number of rounds, session duration, and which machines were used. Also record how many other players approached the row and either left or played elsewhere during the session. Even rough data over three sessions will tell you whether deeper investigation is warranted. If the suspect has a win rate above 105%, or if adjacent machines show visibly reduced traffic, escalate to a technical audit.

What to Do Next

If you suspect a single player is suppressing your revenue but are not certain, start with data collection before taking action. One week of per-machine daily revenue logs, with notes on when the suspect is present versus absent, will give you the evidence you need to make an informed decision.

If you have already identified a suspect and are considering a ban, document the basis clearly: session logs, win-rate data, behavioral observations. This documentation protects you if the situation escalates and provides a reference for future cases. Send photos of your machine configuration screens and any suspicious audit log entries to your machine provider for analysis. The most expensive mistake is not banning a cheater — it is failing to identify that a cheater is present in the first place, and losing revenue for months or years as a result.