|
|
|
NEWSWIRE
|
|
Envysion 'only web-based video firm' to be PCI compliant |
By Rhianna Daniels - 08.26.2008 
|
LOUISVILLE, Colo.--Six months ago, if you asked anyone in the video space whether they needed to be PCI compliant, the answer would have been no.
Even though a video company most likely doesn't touch credit card data, even if it is integrated with a POS system, it still resides on a network built to manage this data and video provider Envysion believes video should be monitored for compliance.
"What we discovered in talking to a number of our customers, is that this isn't the case," said Matt Steinfort, CEO of Envysion. "We think there is a big role video plays in overall PCI compliance."
In late July, Envysion passed a PCI-DSS certification audit, making it the "only web-based video surveillance firm to meet new security guidelines aimed at reducing credit card fraud," company officials said.
Steinfort said being PCI compliant helps protect customers from identity fraud by ensuring all components of its solution meet the payment card industry's security requirements. Any business that processes, stores or transmits credit card data must comply with PCI standards or risk losing the ability to process credit card transactions.
But why does video play a role in this? Steinfort said that any service, such as remote video, that has direct access to a customer's network much also be PCI compliant or it puts the compliance at risk.
"Basically, video is another way for hackers to take control of the device and then take control of a company's network," he said. "A network addressable device on the network suddenly introduces a level of risk and exposes company infrastructure. Customers are making it clear that they will not let any device onto their network unless it is PCI compliant."
According to a recent online survey by MerchantLink, the security of credit card data ranks at the top of all credit card transaction concerns for restaurants and 68 percent of executives worry that credit card data issuers are only getting worse.
Steinfort said the company had to comply with 268 total requirements, both physical and IT security, to be PCI compliant. As the standards body continues to look at the scope of network vulnerabilities, he said more service providers, such as digital signage vendors, are going to find themselves under the PCI standard umbrella in the coming year.
|
|
|
| SECURITY DIRECTOR NEWS INFO CENTER |
| |
|
|
|
|
|
|
|
|
|
|
|
