CREJ

Page 30 — Property Management Quarterly — April 2018 www.crej.com 2017 Colorado Staffing Association Awards Tara Matta, Vice-President | Real Estate Personnel Congratulations Tara for winning the “Staffing Employee of the Year” award for outstanding service! Featured above from left to right are Stephanie Ursini-Bennett, Tara Matta, and Dan Grantham with Real Estate Personnel. Temp/Temp to Hire | Direct Hire Executive Search | Payroll Services Real Estate Personnel, Inc. www.RealtyJobs.com | 303.832.2380 Denver s DTC s CO Springs s Loveland s Wichita s Dallas Universal Protection Service provides the best security solutions, personalized customer service and unmatched value available. We now also offer our clients Safety Act protection from the Department of Homeland Security. Universal offers an expansive range of security solutions, consultations and investigations for properties of every type, including: Airports Corporate Campuses Distribution/Manufacturing Facilities Government Facilities Healthcare Facilities Office Buildings Petrochemical Facilities Residential Communities Retail Centers Educational Facilities For more information call Lorie Libby at 303-901-9037 www.universalpro.com including credit card verifica- tion and personal identification numbers. However, your software provider may ultimately bear responsibility for cardholder data. If the software is in scope, the software vendor is respon- sible for becoming validated by the Payment Application Data Security Standard. The key to determining whether data is out of scope or in scope is determining who has the ability to decrypt the data. Encrypted data is only considered to be out-of-scope “if, and only if, it is validated (for example, by a QSA or ISA) that the entity in possession of the encrypted data does not have access to the clear text cardholder data or the encryption process, nor do they have the ability to decrypt the encrypted data,” according to the PCI Security Standards Council’s frequently asked questions page. If you, your software vendor or another third party have access to and can decipher the encrypted cardholder data, it is in-scope for Payment Applica- tion Data Security Standard. Encrypted cardholder data may be out-of-scope when encryption key management is performed pursuant to PCI DSS and by third parties who do not have access to or pos- session of the encrypted data. For example, if a card reader has an encryption key injected, and that card reader device encrypts the cardholder data inside the device before pass- ing to the encrypted block of data payment software, soft- ware that interacts with that encrypted reader may be out of scope of Payment Application Data Security Standard. Even if payment software is out of scope, the merchant still will be in scope for PCI DSS and should continue to confirm that any out-of-scope payment software is compliant. There still is widespread confusion about scope. Organi- zations tend to have different understandings of what quali- fies as in or out of scope and, as a result, what their responsibili- ties are. Organizations with any questions or concerns about scope should turn to a qualified security assessor to clarify it and the organization’s respon- sibilities. • Common issues. When it comes to PCI, parking presents unique challenges because credit card payments are accepted in a variety of ways. Parking facilities accept pay- ments at attended stations, unattended stations and online. One common vari- able is the software-accepting payment, which could be at a cashier, a walk-up pay station or online. When the payment applica- tion is in scope, the merchant should request a diagram of the flow of cardholder data. The technology environment should be segmented and restricted to authorized users (physical access, local area net- work and wide-area network) and protected by a firewall, and software security patches for this environment should be regularly updated. Antivirus and malware detection should be enabled on devices, and the payment application should provide logging of access to the environment and send automated alerts in the event of credit card processing issues or system errors.The owner or operator will need to determine if “store and forward” is offered by the software vendor and, if enabled, what maximum dollar amount will be permitted to be authorized when an internet connection is not available to process real-time credit cards. On the physical side, own- ers and operators should physically inspect cardhold- ers and PIN devices routinely to ensure that no skimming devices have been placed on the readers to steal the credit card data, including the full magnetic stripe data. Process and procedure should be reviewed regularly with person- nel. If a parking office accepts monthly parking renewals via fax, phone or email, additional physical and technology PCI- DSS compliance requirements apply for each scenario. • What about EMV? PCI’s goal is to protect cardholder data that is processed, stored or transmitted by merchants. The goal of EMV – or Europay, MasterCard andVisa – is to ensure security of chip-based payments, and it requires certi- fication between EMV-capable hardware and the processor. EMV provides an additional level of authentication at the point of sale that reduces the chance of fraud but, even so, owners and operators still are required to ensure PCI compli- ance of the cardholder data environment. Implementing EMV-certified hardware reduces the PCI scope by ensuring that neither the merchant nor the soft- ware vendor has access to the encrypted cardholder data. Ulti- mately, while it doesn’t reduce parking owners’ and operators’ PCI-related responsibilities, this technology provides the maxi- mum amount of protection for owners and operators, as well as their patrons who pay for parking with credit cards. • Don’t ignore security. Park- ing owners and operators can’t afford to ignore PCI compliance. Even if parking isn’t your pri- mary business and your park- ing facilities are intended to support your building or com- plex, if you are accepting credit card payment you must be PCI compliant. ▲ Smith Continued from Page 26 and skills in type, color, form, materials, mounting, lighting and more, a designer should be able to show you a variety of designs, options, samples, models and mockups, so you can get an accurate idea of the wayfinding system in its application. From sightlines and obstructions to language and culture to physical dis- abilities and visual impair- ments, designers consider a number of factors in creating signs that are easy for every- one to read and follow, even from far away and in motion. 4. Review and approve. In addition to your review and approval, wayfinding sig- nage has to be approved by a municipal review board. A good designer packages your designs, presents the design intent to a municipal review board and negotiates with them for final approval. Fol- lowing municipal codes and pushing design packages through approval are two of the most important steps in the design process. 5. Bid for pricing . To help you with budgeting, a designer works with a variety of contractors and sends out requests for proposal to col- lect initial pricing for design package fabrication and installation. Proposals should include samples, colors and materials, shop drawings, per- mits and scheduling. Allow up to three weeks for this step; otherwise, the bids you receive likely will have flaws that lead to bigger issues dur- ing the next step. 6. Fabricate and install. A good designer coordinates with fabricators and installers to ensure design intent is fol- lowed, down to the last sign type and location. Fabrication and installation takes eight to 12 weeks and can be complet- ed all at once or in phases. • Final thoughts. Your best investment is to work with a full-service experiential graphic designer who is experienced with brand- ing, marketing, signage and graphics. Not only do experi- ential graphic designers know sound design principles, building materials and manu- facturing techniques, but also they are well practiced in human behavior and percep- tion – the way people make decisions and move through a space. They can help you overcome time-consuming challenges such as budgeting and timelines and avoid cost- ly mistakes from inexperience and miscommunication. And, they should have a proven capability of moving a sign package through municipality reviews to get your designs approved. ▲ Gregg Continued from Page 16 ArtHouse Design A good designer should break down the project and imagine it from a new user perspective by considering how people move around in a space to anticipate user needs and identify obsta- cles.