Irisys Thermal Queue and People Counting Devices Confirmed PCI Compliant

London, UK (PRWEB UK) 27 February 2012

Irisys, the global leader in infrared solutions, has announced that its thermal queue management and people counting devices have been tested as fully PCI compliant.


The news follows an independent review by security consultancy, SureCloud.


This puts them at a significant advantage over video-based monitoring systems at or near card terminals in retailers and banks, which have the ability to display keypad images.


As many as one in four adults in the UK have been affected by card fraud. The Payment Card Industry (PCI) Data Security Standard was created to increase controls and build compliance around all aspects of cardholder data. It applies to all organisations that handle cardholder information for the major plastic card providers.


One area of concern is the proliferation of video cameras in retail and banking environments that are used, not only for security, but to monitor queue lengths and count the number of shoppers. Those used in queue monitoring are of particular concern as they are often positioned near retail tills where PIN numbers are input.


SureCloud found that compliance was not an issue with thermal-only systems, such as those from Irisys. However, There are issues with recording visible light video frames where either the keypad or the arm/hand movements of individuals using the keypad could be seen.


With high resolution video, noted SureCloud, it is possible to see PIN entry in reasonable detail.


But even at low resolution, it may be possible to reconstruct the PIN from hand/arm movements if the Chip and PIN device is visible in frame.


To comply with PCI standards, SureCloud urged that organisations using video cameras install an algorithm to blank out the area around the Chip and PIN terminal.


However, Dr Ian Wilcock, Irisys Chief Operating Officer, doubted whether this would provide much consumer protection.


Its certainly possible to produce a blanking or blurring algorithm for key areas in a video scene, he said. But policing the many thousands of existing video systems would be almost impossible.


A policy to ensure that the installers actually implemented the blanking would be needed; that the blanking couldnt be removed at a later date to reveal the PIN numbers; and that the blanking positions were reviewed regularly.


It would be particularly difficult to police the use of mobile keypads, he added.


One Irisys camera, the IRC3030 DualView, has an embedded web browser to allow live video and thermal views to be observed simultaneously. Dr Wilcock emphasised that, to remain PCI-compliant, this device like any other video camera should not be installed near tilling areas where PIN terminals are used.


Note to editors


As long ago as 1996, Andrew Stone, a UK computer security consultant, was convicted of stealing more than

About The Author

Ibrar Ayyub

I am an experienced technical writer holding a Master's degree in computer science from BZU Multan, Pakistan University. With a background spanning various industries, particularly in home automation and engineering, I have honed my skills in crafting clear and concise content. Proficient in leveraging infographics and diagrams, I strive to simplify complex concepts for readers. My strength lies in thorough research and presenting information in a structured and logical format.

Follow Us:

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top