My Distributor Said 30% of His Customers Report Score Theft — Is It That Common?

In January 2025, during a distributor conference in Bangkok, a regional sales manager mentioned a figure that made the room go quiet. He said that nearly 30% of his customer base had reported some form of score theft or revenue anomalies attributable to cheating over the previous 18 months. The room had roughly forty arcade operators. By the end of the session, twelve had stayed behind to ask follow-up questions. The number sounded high to many in the room — until they started comparing notes. Within thirty minutes, the group had identified at least one suspicious incident per operator among those twelve. The 30% figure was not an exaggeration. It was likely an undercount.

This article examines what distributor-reported statistics actually mean, why the real prevalence of arcade cheating is almost certainly higher than published numbers, and how operators should interpret industry warnings that include specific percentages.

Why Distributor Numbers Are a Lower Bound, Not an Upper Bound

When a distributor says 30% of customers have reported score theft, that number counts only the operators who noticed, investigated, and then voluntarily reported the incident back to the distributor. It does not count:

• Operators who noticed anomalies but attributed them to normal business variance.
• Operators who suspected cheating but lacked the technical knowledge to confirm it.
• Operators who confirmed cheating internally but did not want to alert their distributor (fearing it would affect their reputation or insurance).
• Operators whose machines were compromised in ways that did not produce obvious anomalies — slow-bleed exploits that shave 3–5% per month rather than dramatic one-time losses.

In my work across Thailand, the Philippines, and Malaysia, I estimate that for every operator who reports an incident to their distributor, there are at least two to three who experience it without reporting. If the distributor’s reported rate is 30%, the actual rate among their customer base may be 50% to 60%. This is not to create alarm — it is to correctly interpret what industry statistics actually capture.

What “Score Theft” Means in Distributor Language

Distributors use “score theft” as an umbrella term that covers several distinct phenomena. Understanding the breakdown matters because different problems require different responses.

Type 1: External device exploitation. A player uses a physical device (remote control, Bluetooth module, NFC emulator) to manipulate machine behavior. This is what most operators think of when they hear “cheating.” It is also the category most likely to be reported because the evidence is visible once you know what to look for.

Type 2: Internal revenue leakage. Staff collusion, misconfigured payout tables, or firmware modifications that shift revenue away from the machine. This category is underreported because operators often blame themselves (“I must have set the payout wrong”) rather than recognizing it as an attack.

Type 3: Slow-bleed exploits. Firmware or hardware modifications that produce small but consistent revenue reduction — 2% to 5% per month — that compound over time. These are almost never reported because the changes are within the noise floor of normal business variance. I have only found them during forensic audits triggered by other incidents.

When a distributor says 30% of customers report score theft, they are almost certainly counting only Type 1 incidents. Types 2 and 3 are underreported by design — the operators do not know they are happening.

Regional Variations in Reported Prevalence

The 30% figure from the Bangkok distributor is not uniform across all markets. Based on distributor interviews I have conducted across Southeast Asia and Latin America, reported prevalence varies significantly by region:

• Philippines: High reported prevalence (35–40%) due to concentrated arcade clusters in Manila and Cebu where exploit knowledge spreads quickly through player networks.
• Thailand: Moderate reported prevalence (25–30%) with significant underreporting in smaller cities where operators have fewer peers to compare notes with.
• Vietnam: Lower reported prevalence (15–20%) but this likely reflects less awareness and fewer operators investigating anomalies rather than a genuinely lower rate of incidents.
• Mexico/Brazil: High reported prevalence (30–35%) in urban centers; lower in rural areas where technical exploit tools are less available.

The pattern is clear: reported prevalence correlates with operator connectivity. Markets where operators talk to each other, attend distributor events, and share information have higher reported rates — not because cheating is more common there, but because operators in those markets are more likely to recognize and report it.

What 30% Actually Means for Your Venue

If your distributor says 30% of customers have reported incidents, the practical question is not whether the number is accurate — it is what the number implies about your own risk. Here is the framework I use when advising operators who bring me these statistics:

If you have never audited your machines for anomalies, 30% prevalence among your peers means you are likely in the 70% who have not yet detected a problem — not the 70% who do not have one. The distinction matters. Most arcade machines are never forensically audited by their operators. They are visually inspected, cleaned, and serviced. But the kind of audit that reveals firmware modification or hardware interposers is rare.

If your machines are more than three years old and have never had a firmware update, you are in a higher-risk category. Exploits target known vulnerabilities. Machines running 2019-era firmware in 2025 are vulnerable to exploits that have been circulating in cheat communities for four to five years. The 30% figure includes many operators in exactly this situation.

If you operate in a high-density arcade cluster (shopping malls, arcade rows, entertainment zones), your exposure is higher than the average. Cheat developers target locations where they can test exploits across multiple venues quickly. If your neighbor has reported an incident, your machines are likely being probed even if you have not detected it yet.

FAQ

Q: Should I ask my distributor for more detail on what “30%” actually covers?

A: Yes. Ask how many of those incidents were confirmed through technical audit versus reported by staff observation. Ask what machine models were involved. Ask what exploit methods were identified. A distributor who is transparent about their data is giving you actionable intelligence. A distributor who quotes a percentage without breakdown is giving you a talking point, not a diagnosis.

Q: If 30% of venues are affected, why is this not front-page news?

A: Because arcade operations are private businesses. Operators who experience revenue loss from cheating rarely publicize it — they fear it will discourage customers, lower their venue’s value, or alert other cheaters that their machines are vulnerable. The silence is not evidence that the problem is small. It is evidence that the problem is privately bourne.

Q: My distributor has never mentioned this. Does that mean my region is safe?

A: Not necessarily. Distributors vary in how proactive they are about sharing threat intelligence. Some view it as their responsibility to warn customers; others worry that discussing cheating will discourage new operators from entering the market. If your distributor has been silent, that may reflect their communication policy, not your risk level. Seek information from peer operators, not just from suppliers.

Q: What is the single most effective action to reduce my probability of being in the 30%?

A: Keep your firmware current. The majority of reported incidents involve machines running firmware that is two or more years behind the manufacturer’s current release. Firmware updates patch known vulnerabilities. They are also, typically, free. The cost is the 20 minutes per machine to download and install the update. The operators in the 30% who had not updated their firmware have generally not done so because they “never got around to it” — not because the updates were difficult or expensive.

Q: If I discover my machines have been compromised, should I tell my distributor?

A: Yes. Your experience helps other operators. Distributors aggregate these reports to identify which exploit methods are circulating in which regions. The more data they have, the more specific their warnings can be. You do not need to advertise the incident to your customers or competitors. But sharing technical details with your distributor protects the broader operator community — including you, when they issue the next alert.

What to Do Next

If you have not audited your machines in the past six months, start now. Pull firmware versions, compare them against manufacturer current releases, and document any discrepancies. Take photos of your control boards and send them to your distributor or a technical consultant for review. If your distributor has shared a prevalence statistic with you, ask for the underlying data — what models, what exploit types, what time frame. The more specific your information, the more targeted your防护 can be.

The 30% figure is not a cause for panic. It is a cause for inspection. Most operators who discover and fix vulnerabilities go back to normal operations without recurring incidents. The damage comes from not looking — not from what you might find if you do.