If you count retailers in your customer base, you are well aware of the importance of payment card industry (PCI) compliance. If not, you are soon to be on the fast track to understanding how this three-letter acronym will impact your business. 

Today, any merchant that accepts credit cards must be in compliance with PCI Security Council standards. These standards were enacted to help safeguard credit card data from being stolen through network breaches and ineffective IT security practices. While there are several PCI security standards, the most applicable to the video surveillance industry is the PCI-DSS (Payment Card Industry — Data Security Standards). PCI-DSS outlines actions that must be taken by both payment software vendors (such as point-of-sale applications that handle credit card transactions) and the merchant themselves in how they configure and protect the network that the payment systems are connected to.

“PCI compliance is a basic requirement for our retail clients today,” stated Bob Lynch of Loss Prevention Solutions Inc., a Pennsylvania-based business security specialist. “Our clients demand certain features specific to their business model and part of that is PCI-compliance.”

To many, PCI compliance appears to be an issue between the payment card companies, such as Visa, MasterCard, American Express, etc., and the merchants who accept or process payment cards. But as more devices reside on the network, merchants want to know that those devices will not compromise their network’s integrity or security. Their concern is that a device or application that sits on their network could in effect be a potential entry point into their protected network and lead to a compromise of cardholder data. This makes PCI compliance a real issue for any video surveillance equipment utilizing the network.

“PCI compliance is a must for our network folks,” emphasized Loss Prevention Director Joe Lindstrom, Ratner Companies, the largest family-owned and operated chain of hair salons in the country, operating nearly 800 salons in 16 states. “Our IS/IT department requires written documentation of PCI compliance and wants to scan any equipment we are considering to deploy in order to verify that our customer’s data will not be compromised.”

It is this need to secure the merchants’ entire network as well as the devices and software attached to the network that creates the demand for video surveillance vendors to meet PCI standards. The stakes are high: failure to comply with the standards could result in significant fines for merchants and the possible cancellation of their credit and debit card processing privileges.

“Only a few video surveillance manufacturers claim to have PCI-compliant products,” Lynch said. “Those that can actually document their compliance are few and far between. I found [3xLOGIC] to be on the cutting-edge as it relates to being PCI-compliant.”

So how do video surveillance vendors demonstrate that their devices are secure and compliant with PCI standards? Currently those options are limited. Manufacturers like 3xLOGIC, Westminster, Colo., need to engage a certified Cardholder Information Security Program (CISP)-compliant auditing firm to determine if their processes and products are found to comply with PCI standards and requirements. Products are subjected to a full scan by an approved scanning vendor (ASV) with the product configured exactly as it will be deployed. A thorough scan will expose commonly exploited vulnerabilities that will need to be mitigated by the manufacturer.

“We take all of our prospective vendors and we put them in front of our IS/IT department to help us in our decision-making process because we want to make sure that our data will be secure and that it is going to fit today as well as tomorrow, understanding that PCI compliance changes,” Lindstrom pointed out. “3xLOGIC was the only video surveillance vendor selected by our IS/IT department, especially given our commitment to data security. They proved to be the only supplier that could actually provide us written documentation of PCI compliance and allowed us to scan their equipment in order to verify that.”

The concern that devices added to a network can serve as a potential breach to the network’s integrity cannot be overlooked, yet many loss-prevention teams want to access and view surveillance footage remotely on a daily basis. As such, network connectivity and bandwidth utilization of video management systems is also a concern.

“We suffered before with poor quality video and that was certainly hurting our case for existing capital expenditures as well as securing additional capital, because a system is only as good as its end use,” Lindstrom observed. “What we found very valuable with 3xLOGIC was crystal clear video and the ease-of-use for all of the regional loss prevention folks that were out there. The system actually takes the video and makes it incredibly easy to playback for someone who may not be extremely technical.”

The typical configuration of a camera installation at one of Ratner Companies’ hair salons involves two cameras: one megapixel camera on the front desk and one 360-degree camera in the center of the salon.

“We found that 3xLOGIC’s compression enabled us to have excellent quality video with a megapixel camera, most notably the 360-degree camera — even with our limited bandwidth. Our business is a service-based business and we need to be able to see from all angles to differentiate what type of service is being performed and the megapixel camera from 3xLOGIC provides that,” Lindstrom described.

As the demands for PCI-compliant products grow, the expertise in knowing how to deploy such products without compromising the integrity of a client’s network security plan is paramount — and can lead to long-term relationships. 

PROJECTS in the News

The North Adams Housing Authority, North Adams, Mass., sought to have an IP-based CCTV system installed at three of its locations. The objective was to obtain much needed 24/7 coverage of some key areas of its properties. BCM Controls Corporation, Woburn, Mass., served as the integrator on the project.

The project, which got underway in August 2010, was the initial phase of installing CCTV throughout the North Adams Housing Authority’s sites. Knowing that the plan was to add cameras in the future, it made sense to install wireless mesh at the townhouse site to accommodate connectivity of the additional cameras where hardwired connections would be very costly. BCM Controls had deployed many wireless mesh networks both on large and smaller scales and determined it was the way to go to provide the 24/7 coverage the Housing Authority required.

BCM Controls installed Arecont AV8360 360 degree cameras connected to Fluidmesh FM1100E-HW with 10Mbit throughput plug-ins out in the field that were connected to one FM2200E-D with two sector antennas installed on a smokestack to create the wireless mesh network. The cameras are managed and recorded by an Exacqvision server in the site manager’s office.

“While this was not our first mesh network deployment, it was our first with Fluidmesh Networks, Boston,” said Steve Drapeau, project engineer for BCM Controls. “With minimal training, we were able to deploy a stable and reliable mesh network fairly quickly and easily. The Fluidmesh software and alignment tools enabled us to attain maximum signal quality with minimal time and effort.”

PHOTO COURTESY OF FLUIDMESH

Western Washington University‘s sprawling campus in scenic Bellingham stretches 215 acres, with nearly 15,000 students walking the grounds during the fall and spring semesters. The university gives prominence to campus safety, recently upgrading its fire alarm system in 47 buildings and adding a mass notification system featuring Technomad advanced audio loudspeakers to improve audio quality and long-distance coverage outdoors.

Mills Electric Co., a Bellingham-based electrical and systems contractor serving the commercial and industrial markets, installed the multi-zone audio system in conjunction with Western Washington University support staff. The project marries all indoor/outdoor PA points and associated Pelco pan/tilt/zoom cameras to an existing Edwards EST-3 campus-wide fire alarm system — tying every significant component to a central network infrastructure. The central fiber network routes campus-wide, with monitoring capabilities in every building.

The complete system enables administration, campus police and other offices to deliver voice notifications to any single location, multiple zones, or every PA point in an “all-call” scenario. When in mass notification mode, an amber-colored light blinks while the announcement is ground out — allowing campus officials to decide between making an audio notification and/or triggering a fire alarm.

“I have seen mass notification systems at other campuses, but this is by far the most impressive,” said Cory Kovacevich, a service and project manager at Mills Electric Co.  “This system eliminates the traditional separate public address system and combines it with the fire alarm system into a single powerhouse. The campus can still make regular announcements and quickly go into alert mode as needed, and localize announcements to specific buildings or areas. It’s designed to get the information to where it needs to go.”

Mills Electric Co. teamed with Performance System Integration on the project.  Performance System Integration is an Edwards EST Life Safety and Communications Strategic Partner, responsible for programming and upgrading the fire alarm system.  Kovacevich and his team focused on the audio portion, installing Technomad weatherproof loudspeakers outdoors in three zones. Technomad PowerChiton amplifier modules power all live and pre-recorded messages heard across the campus. 

PHOTO COURTESY OF TECHNOMAD

The Department of Defense used System Sensor notification devices for installation and integration of fire and intelligible mass notification systems (MNS) systems at Fort Sam Houston in San Antonio, one of the largest military medical education and training facilities in the world. With more 60 medical programs and 24,000 annual graduates, that’s an average daily student load of about 9,000 with a support staff of nearly 4,000. The Medical Education & Training Campus (METC) centralizes all Army, Navy and Air Force basic and specialty enlisted medical training at Fort Sam Houston. The first medical instructional facilities, METC 1 and METC 2, which are interconnected by a common mechanical room, were among the initial buildings to meet the MNS challenge.

“This is a big job because of footprint. There are more exam rooms and more smaller spaces, and a lot of wide-open class rooms,” explained Duane Hannasch, president of Fire Alarm Control Systems Inc., San Antonio, and part of the team involved in planning and integrating the fire and life safety systems and MNS for METC. “What made the system integration seem seamless was teamwork: working with the engineering team to get a design that will provide the readings that are needed for audibility and intelligibility.”

One part of the design involved integrating the speaker and strobe placements. In all locations that had a fire alarm speaker strobe with a clear lens, a mass notification amber strobe was placed adjacent to it. The fire speaker strobes were ceiling mounted to achieve better sound distribution in these areas.

Hannasch pointed out that the System Sensor strobe lights had an added benefit: They were easy to mount. Because of their plug-in design, the mounting plate allows the installing technicians to pre-check the wiring before mounting the devices.

 “That’s a big help, and it cuts installation time,” he said.

PHOTO COURTESY OF SYSTEM SENSOR