Envysion passes PCI-DSS certification audit

July 22, 2008
Firm meets new security guidelines aimed at reducing credit card fraud

Envysion, the leading Managed Video as a Service (MVaaS) provider, announced Monday it has passed its PCI-DSS certification audit, making it the only web-based video surveillance firm to meet new security guidelines aimed at reducing credit card fraud. Envysion Video helps retail, restaurant and hospitality customers improve their profitability and enhance their customer experience by providing remote access to in-store video that is tied to business applications, such as Point of Sale (POS) systems.

Being compliant with the PCI-DSS standard provides added protection for Envysion's customers against identity fraud by ensuring that all components of its MVaaS solution meet the industry's stringent security requirements. Many consumer-oriented companies are themselves rushing to become PCI certified to protect their customers' sensitive information and to avoid the severe fines and limitations that would otherwise be placed on their businesses. PCI DSS was developed by credit card companies to help businesses that process card payments prevent fraud and other security threats.

"There's a good reason why retailers and restaurant owners are taking this very seriously; any company that processes, stores or transmits payment card data must comply with the PCI-DSS requirements or they risk losing their ability to process credit payments," explains Robert Hagens, CTO of Envysion. "Furthermore, they could be audited and/or fined. The consequences aren't trivial, and could easily put a small retail owner out of business if a breach occurs and they are not compliant."

"Just six months ago, if you had asked most operators and video providers if video services needed to be PCI compliant, most of the responses would have been 'no,'" said Matt Steinfort, CEO of Envysion. "What the industry has discovered, however, is that any service, such as remote video, that has direct access to a customer's PCI compliant network must also be PCI compliant or it puts the customer's own PCI compliance at risk. We are proud and excited that Envysion continues to drive the industry forward and has developed the first and only PCI compliant managed video service."

According to a recent online survey conducted by Merchant Link LLC, a subsidiary of Chase Paymentech, the security of credit card data ranks at the top of all credit card-transaction concerns for technology executives of the nation's restaurants, and 68 percent of them say worries about credit card data's security are deepening. Fewer than half of attendees at the recent Multi-Unit Restaurant Technology Conference in Las Vegas said their restaurants comply with PCI DSS (48 percent), while 39 percent said they were "well on their way" to complying.

"We have worked aggressively to ensure that all facets of Envysion Video fully comply with the PCI-DSS standards. Our strong telecom heritage and our unique MVaaS architecture enable us to meet these requirements and to provide the highest level of security for our customers," Hagens said. "Our customers have the peace of mind knowing that their managed video services meet these stringent guidelines and that they can pass that confidence on to their customers."

Envysion performed a Level 1 DSS audit which contained more than 260 specific requirements. According to Hagens, the following are examples of the requirements Envysion has met with its MVaaS system:


- Ensure that the hardware elements of the service are secure and protected from hackers and other intrusion attempts.
- Implement strong access control measures which limit access to computing resources on a "need to know" only basis.
- Regularly monitor and test systems and processes to ensure the service and DVRs are secure.
- Follow strict procedures for building, testing and deploying systems with appropriate firewalls.
- Follow a strong information security policy, including training employees in security awareness and testing incident response plans.

Compliance with the full PCI-DSS standard, which is becoming an absolute requirement for video providers, provides customers with confidence and further differentiates Envysion Video from its competitors.