PCI: Pushing Physical and Cyber-Security Closer Together With Standards

by John Gallagher | Aug 6, 2015 5:43:23 PM

As retailers well know, security standards like PCI must evolve (sometimes quickly) to address new and different types of threats. In moving to PCI 3.0 (and now 3.1) one highly significant change is in how physical security technology (in particular video surveillance) is incorporated into the standard. Very often video surveillance is used in conjunction with cyber-security to understand and defend against threats (think of video cameras in stores turning to the cash register when potential fraud is detected). What makes these recent changes meaningful is that it’s moved the integration of video surveillance and cyber-security from a best practice to a requirement, not to mention as a requirement thousands of businesses must quickly adapt to.

Two requirements of PCI in particular call for a solution such as Viakoo to ensure that compliance is being achieved. Requirement 9 broadly addresses physical access and point-of-sale environments, where CCTV is leveraged for ensuring that tampering and other physical changes have not been made. Virtually all of the video surveillance directives in Requirement 9 can be handled automatically by Viakoo. Requirement 9.1.1 specifically calls for video surveillance to be used, and for the video evidence to be retained for 90 days (automatically checked by Viakoo). 9.3 and 9.4 requires that physical security be observed – another thing Viakoo can automatically ensure is being done correctly. Viakoo checks to make sure the video files have not been tampered with during the retention period (9.5, 9.6, and 9.7). And in 9.9, the requirement to observe and inventory devices on the network is also a strength of Viakoo.

In addition, Requirement 2.4 is worth highlighting; it requires the retailer to maintain an inventory of system components in scope. Viakoo has worked with dozens of organizations where generating an inventory report was one of the most difficult thing for them to do, and by its nature also one of them most necessary things in order to maintain and manage a complex video surveillance network. Viakoo’s service is fully automated – meaning there is no data entry or programming required. In the case of Requirement 2.4, knowing exactly what is on your security video network and what its status is can be truly “push of a button”.

Viakoo is the leader in helping organizations manage and optimize the use of their video surveillance infrastructure. As the trend towards integrating physical and cyber-security continues (rapidly in the case of PCI), Viakoo’s focus is to provide automated and easy to deploy solutions that help both IT and Physical Security to meet standards that all of us rely on to maintain safe and secure transactions in the world at large.

If you’d like to learn more about how Viakoo helps retailers in meeting PCI requirements, join our upcoming webinar on August 25 at 11am Pacific by clicking here.

Subscribe Now

Additional Reading