Any company that accepts or produces credit cards must be PCI compliant, which brings forth a series of requirements that a company must adhere to. In this article, we’re going to primarily address PCI DSS (data security standards), the more broadly applicable standard, and explain what type of security camera system you need to be compliant.
It is important that anyone who deals with credit cards adhere to these standards which can be found here.
According to the latest standards, PCI DSS applies to “all entities involved in payment card processing—including merchants, processors, acquirers, issuers, and service providers. PCI DSS also applies to all other entities that store, process or transmit cardholder data (CHD) and/or sensitive authentication data (SAD).”
There are other standards related to card production that have even stricter guidelines, but since that only deals with a few specific business types, we’re going to focus this article on the more applicable DSS standards.
The short answer is that it depends. To comply with the standard, you must use security cameras AND/OR access control in any sensitive areas. Sensitive areas are defined as below:
“Note: ‘Sensitive areas’ refers to any data center, server room or any area that houses systems that store, process, or transmit cardholder data. This excludes public-facing areas where only point-of-sale terminals are present, such as the cashier areas in a retail store.”
To summarize, if you don’t have access control, then YES, you need cameras in these sensitive areas to protect cardholder data.
In continuation from the answer above, you aren’t required to have security cameras around your point of sales machines. However, you need either a video security system and/or an access control system anywhere that might house or process sensitive information.
For a large retail store, this might be your server room, data closet, or anywhere else you have machines or servers that process cardholder data. The cameras must be at every entrance and exit so you can document who has entered and left this sensitive area.
For non-sensitive areas (places where you have credit card machines), there is no requirement to have video security and even if you do have it, there is no requirement for the duration the video needs to be retained.
If you are using security cameras for sensitive areas (as defined above), then you need to retain the footage for 3 months and it should capture all entrances and exits so you can identify who has entered and exited at any given time.
There is no explicit requirement for an offsite backup, but requirement 9.5.1 encourages entities to store all media at an off-site facility.
To properly secure sensitive areas, we recommend having 24x7 security footage so that you can see everyone who has entered or exited this area.
There are no other requirements around FPS, night vision, or anything else at the time of this article. If this changes in the future, we’ll be sure to update this article accordingly.
This article sums up the main requirements around PCI compliance. If you’re looking for a PCI compliant video security solution, please feel free to reach out and we can help design a system that works specifically for your needs!
Initially introduced in 2020, Cybersecurity Maturity Model Certification (CMMC) establishes cybersecurity standards for defense contractors who handle sensitive information. It affects all contractors who perform work for the Department of Defense (DoD) in the United States. In this blog, we’ll look at CMMC, how it pertains to video security cameras, and how you can use video surveillance to strengthen overall security compliance throughout your organization.
NIST represents a high standard of cybersecurity and data privacy that all organizations should aspire to. For federal agencies in the United States, NIST compliance is required. Organizations that require NIST compliance may wonder how video surveillance fits into their security strategy. In this blog, we’ll look at NIST, how it pertains to video security cameras, and how you can use video surveillance to strengthen overall security compliance throughout your entire organization.
As workers return to the office in the midst of Omicron, staying safe in the workplace is top of mind for employers and employees alike. To create a safer work environment, organizations need to develop and follow COVID-19 workplace policies. The CDC recommends that businesses start by “identifying where and how workers might be exposed to COVID-19 at work”. But how do you identify and assess these health risks at your workplace? In this article, we’ll discuss how smart physical security tools can help you.