Sunday, February 14, 2021

Touchless Access Technology

Touchless Access Technology 

THE business landscape changing so dramatically over the past few months — possibly irrevocably — the task for many in security, including for consultants, integrators, dealers and manufacturers. As businesses and organizations begin to reopen, many are rethinking the way they budget for security, including access control, video surveillance and intrusion Alarm.

It’s amazing that a microscopic virus from China could virtually bring the world to a standstill. The 2020 global pandemic has reshaped the way people work, learn and play on every conceivable level. In addition to the devastating impact on global health and safety, COVID-19 has infected the health of the global economy.

The growing call to return to work will surely accelerate many of the social distancing, sterilization and occupancy issues that we are currently facing. Hopefully, modern medicine will rise to the challenge sooner than later with a COVID-19 vaccine, but this may take some time even with accelerated testing and approvals.

Commonly touched items that can cause the spread of coronavirus (and other infectious disease) can include things like elevator buttons, ATM and checkout keypads, door knobs and handles, keyboards and mice, and door/entry access control panels — just to name a few. When you think about all of the “touchable” items that you interact with each day it becomes a daunting task to stay away from them and feel safe, clean and virus-free. Well, it's no surprise that right now, businesses are feeling the need to provide solutions and upgrade their safety and security as the workforce begins to come back to the office or plan for that to happen soon.

By employing touchless credentials such as face recognition, proximity devices, or mobile credentialing, existing and new access control systems can easily be enhanced to provide a fast and efficient means of allowing authorized individuals hands-free entry and egress to a facility helping prevent the spread of contagions that can impact the health of both individuals and businesses. Taking the role of access control further, platforms with open architecture can integrate new thermal detection solutions to instantly identify the surface temperature of individuals.

Types of touchless technology

Businesses going touchless isn’t new—despite how relevant it is lately. In fact, touchless technology, from gesture sensors to voice recognition, has been widely used since the late 1980’s when automatic faucets and soap dispensers became popular in public restrooms. Today, you likely experience touchless technology multiple times a day such as walking through an automatic door, or asking Siri to set your alarm while your phone is sitting across the room from you.

Sign-in process

Touchless technology isn’t only about hygiene and safety. It’s also a way to show that your business is forward-thinking and modern. After all, who likes being slowed down by an old-school pen and paper sign-in sheet or a clipboard with long legal documents to read through?

The answer: no one. That’s why we have thought through how to make the sign-in experience seamless and touch-free. With a touchless visitor sign-in, guests can pre-register on their phone or computer before their arrival; scan a QR code at check-in; and be off to see their host in no time.

For modern offices, creating a touchless experience shows that you’ve thought of every last detail of your visitor experience and have made steps to take the burden off of guests when they come onsite. By doing that, you save your visitors time once they arrive so they’re not bothered with sign-in and can more quickly get to who they’re there to see.

Plus, while having one visitor come on site might seem simple, there’s often a lot of info you’ll need to collect from them. Instead of asking for this information during sign-in, you can collect essential information about your guest and take care of any additional actions before the visit, rather than frantically trying to solve issues while your guests wait in your lobby.

Going touchless is another way to help your visitors, and your entire office, stay healthy. By going touchless, you’re able to minimize the spread of germs and make sure you’re taking care of everyone in your space. 

Gesture recognition

Gesture recognition is the most common form of no-touch technology. Users can do simple gestures to control or interact with devices without touching them. Waving your hand to trigger an automatic door, for example, removes the need to touch handles or a physical button. Users are positively identified with a simple wave of either their right or left hand, in any direction. The touchless technology copes with wet and dry fingers, eliminates ghost images left on the scanner and mitigates hygiene concerns. The high speed, contactless acquisition capability allows users to remain in motion while being identified. Faster access control and time & attendance transactions reduce overall costs and increase employee productivity.

The system uses the passenger's unique Aadhaar identification number to biometrically authenticate passengers in real time, from arrival at the airport through boarding. Each checkpoint features high-speed and touchless biometric technology to facilitate the passenger processing. In less than a second, this device captures four fingerprints and matches them against the Aadhaar database.  An automated process generates considerable time savings for an airport like Bengaluru, which experienced a 22% increase in passengers in 2016, rising to 22 million. Passengers will be able to pass these checkpoints much quicker, and no longer have to constantly show their ID documents & boarding pass/e-ticket.

Bengaluru is the first airport to use a biometric identification process based on Aadhaar ID numbers, offering a thoroughly modern passenger experience that will contribute to the digital transformation of India. Indian passengers with a driver license (which also contains their fingerprints), and passengers with a biometric passport from other countries can also take advantage of this e-boarding system. When checking in, they are assisted by a police officer, who scans their passport and boarding card, and saves their fingerprints to ensure traceability.

Examples of this include smart lights that turn on when you walk into a room or automatic doors that you see at grocery stores, hotels, and commercial buildings.

Voice recognition

Voice recognition systems let users interact with technology simply by speaking to it. This has become popular especially in our homes. We can make hands-free requests, set reminders, and perform other simple tasks by talking to Apple’s Siri, Amazon’s Alexa, or the Google Assistant. You’ll be able to use an app to switch on light, or if that sounds a little awkward, even your voice – most systems will integrate with a virtual assistant such as Google or Amazon. One thing to check is that your lighting is compatible with the virtual assistant you use, as not all bulbs work with all systems.

Dozens of companies now offer smart door locks that are controlled via an app. With many of them, you can even control access with your voice using virtual assistants such as the Amazon Alexa®.

It’s also possible, with many models, to send electronic keys to friends and guests when they visit. These keys can be timed to stop working once they leave, giving you peace of mind.

With most virtual assistants, you’ll even be able to remotely operate your lights and set timers so it appears you are home even if you’re away. You can also set routines, so that the house lights up whenever you return home, and switches everything off as you retire to bed for the night.

Most smart TVs integrate with a virtual assistant, so you can turn on your TV or change channels using your voice – a particularly useful feature when you inevitably lose the remote down the back of the sofa, so it’s useful long after COVID-19 is a distant memory.

Facial recognition

Even before the COVID-19 pandemic, the touchless nature of facial recognition as an access credential was gaining traction with physical and cyber security professionals. By using an individual’s face as an access control credential, facial recognition eliminates the need and expense of physical cards and proximity devices, or the need to physically enter PIN codes. In addition, facial recognition readers meet the new emerging need to limit physical exposure to germs and viruses by offering a highly accurate touchless access control credentialing solution. 

As a workforce management tool, facial recognition helps preserve the health of employees checking into work, while providing management with an infallible means of documenting employee time and attendance while providing a detailed history of overall workforce activity and individual personnel tracking. Both of which have been longstanding challenges due to easily compromised time tracking systems and practices. Now, nothing is left to question based on hard data. 

With the growing popularity of facial recognition technology, there are many choices already available with more undoubtedly on the way. Selecting the right solution for your specific access control and/or workforce management application is dependent on a very wide range of variables. But there are a few core characteristics that you should look for when evaluating facial recognition readers.

Most facial recognition terminals employ some form of IR (Infrared) technology to help ensure high visibility by the unit’s image sensor. This often limits where the unit can be installed such as outdoors or near windows due to strong ambient light. More advanced facial recognition readers employ as many as 80 wide-angle near infrared LEDs and 60 narrow-angle near infrared LEDs, allowing the unit to recognize faces even in full daylight and brightly lit environments (not direct sun). This enables installation at indoor locations near windows, lobbies and building entries.  

Another facial recognition reader advancement to look for involves three-dimensional pixel intensity analysis. Ambient lighting contains ultraviolet rays which can negate near infrared LED lighting, and can also cast shadows making it difficult for a facial recognition reader to pinpoint the facial recognition points required for identification and authentication. Three-dimensional pixel intensity distribution analysis minimizes the effects of ambient light when acquiring facial images by minimizing lighting contrasts. As a result, it is easier for the algorithm to recognize the shape of the face enabling it to extract more facial features and create higher quality face templates, which are critical for accurate facial recognition. 

The angle and position of a facial recognition reader directly impact the performance of the unit. Facial recognition readers with different viewing angles for built-in visual and infrared cameras allows users to stand at positions that are most suitable for facial recognition with little or no effort of contortions. This results in a faster, more comfortable, and convenient user experience. 

It is most important that the facial recognition readers you evaluate are capable of analyzing faces in real time to maintain fluid entry/egress even during high volumes of employee traffic. Hardware-dependent live face detection systems employing technologies such as facial thermogram recognition and facial vein recognition require expensive hardware components, provide less accurate matches and slower authentication performance, which is counterintuitive for mainstream access control and workforce management applications. 

Thermal Camera integration is expected to enhance security and safety at sites by combining face recognition and skin temperature measurement with facial recognition hardware unit. It increased the accuracy and consistency of the temperature measurement by using the face recognition algorithm to pinpoint the upper area of the face. It displays skin temperature and thermal image of a subject’s face on its intuitive GUI, giving audio and visual alerts when higher than threshold temperature is detected.

Personal devices

For technology to be completely touch-free it must operate without the need for physical contact, like in the examples above. However, the introduction of smartphones and other personal devices have made nearly touch-free technology possible as well. Anything that operates at the command of your own personal device allows you to avoid touching public surfaces. The emergence of smartphones using iOS and Android is rapidly changing the landscape of the IT industry around the world. Several industries, such as digital cameras, car navigation, MP3, and PNP, have been replaced by equivalent or even better performance using smartphones. Smartphones provide increasing portability by integrating the functions of various devices into a single unit which allows them to connect to platforms with network-based services and offer new services and conveniences that have never been experienced before.

The combination of smartphones and access cards is creating a new value that goes beyond the simple convenience of integration enhancing the ability to prevent unauthorized authentication and entrance. People sometimes lend their access cards to others, but it is far less likely they might lend their smartphone with all their financial information and personal information – to another person. This overcomes an important fundamental weakness of RF cards.

Another valuable aspect of mobile credential is that it makes it possible to issue or reclaim cards without face-to-face interaction. Under existing access security systems, cards must be issued in person. Since card issuance implies access rights, the recipient’s identification must be confirmed first before enabling the card and once the card has been issued, it cannot be retracted without another separate face-to-face interaction. In contrast, mobile access cards are designed to transfer authority safely to the user's smartphone based on TLS. In this way, credentials can be safely managed with authenticated users without face-to-face interaction.

Mobile cards can be used not only at the sites with a large number of visitors or when managing access for an unspecified number of visitors, but also at the places like shared offices, kitchens and gyms, currently used as smart access control systems in shared economy markets.

While NFC could be an important technology for mobile credential that is available today on virtually all smartphones, differences in implementation and data handling processes from various vendors prevents universal deployment of a single solution to all devices currently on the market.

Accordingly, Bluetooth Low Energy (BLE) has been considered as an alternative to NFC. Bluetooth is a technology that has been applied to smartphones for a long time, and its usage and interface are unified, so there are no compatibility problems however, speed becomes the main problem. The authentication speed of BLE mobile access card products provided by major companies is slower than that of existing cards.

AirFob Patch addresses the need for technological improvements in the access control market in a direct, cost effective, and reliable way – by offering the ability to add high-performance BLE to existing card readers – enabling them to read BLE smartphone data by applying a small adhesive patch approximately the size of a coin.

This innovative breakthrough applies energy harvesting technology, generating energy from the RF field emitted by the existing RF reader – then converting the data received via BLE back into RF – and delivering it to the reader.

“For Indian workers to return safely back into office buildings, there must be a comprehensive system in place that integrates technology and new safety protocols both for the building and for tenant spaces alike. It can't be every building owner, tenant and occupant for themselves. We are all in the business of public health now to protect each other’s lives and help India get back to work”. - Arindam Bhadra

Iris

Every human iris has its own unique traits. An iris scanner identifies pits, furrows and striations in the iris and converts these into an iris code. Comparing this code to a database subsequently determines whether to allow access. Iris recognition terminals provide 100% touchless user authentication for a variety of applications, spanning access control, time & attendance, visitor management, etc.

Touchless Switches

Touchless wall switch makes opening a door simple and germ free. Blue LED back-lighting highlights the switch at all times, other than during activation. This provides a visual reference of the switch’s location in low light conditions. Its low-profile design makes it blend into your wall.

Touchless Visitor Management 

The visitor management system is the first point of contact for every visitor. To help maintain the spread of COVID-19, several organizations are implementing health screening procedures for visitors and employees entering their building.

Touchless technology doesn’t only provide protection and safety to the workplaces. It also provides the seamless modern experience to the workplace. The paper-based manual system is not safe enough and also slowed down the productivity of the business. That’s why we have thought through how to make the visitor check-in experience seamless and touch-free.

A.   With a Touchless visitor management system, visitors can pre-register on their smartphone before their arrival; visitor screening; check-in with a QR code; can meet their host in no time; and record the last details of the visitor experience.

B.   Going Touchless is a way to help your visitors, and your workplace, stay healthy. By going Touchless, you’re able to reduce the spread of viruses.

C.   The Touchless visitor management system saves your visitors time once they arrive so they’re not bothered to check-in and can more quickly get to who they’re there to see.

D.   When Visitors arrive, you can collect essential information about your guest and take care of any additional actions before the visit.

E.   Touchless Visitor management System isn’t only about hygiene and safety. It’s also a way to show that your business is forward-thinking and modern.

Kiosk

Companies have to now restart the Touchless visitor management system after lockdown is over. To help maintain the spread of COVID-19, several organizations are implementing health screening procedures for visitors and employees entering their building. Touchless self-check kiosk automatically measures body temperature in seconds. It is an invaluable solution for quick detection of illnesses and reduce the spread of bacteria & viruses, it vets staff members and the public before entry to premises such as Schools, Malls, Restaurants, factories, Railway stations, Airports, and Corporate offices.

The kiosk features a touch-less UV-C Box to disinfect the bag, cell phone, and keys in less than 10 seconds. UV-C Box kills 99% Viruses and Bacteria within 10 seconds on exposed surface.

Preparing before anyone even arrives onsite

There’s a lot you can do before your employees and guests arrive to make the experience frictionless. Start by pre-registering anyone coming into your office. This way you can gather important information to make sure they’re safe to enter and give them what they need to feel comfortable in your workplace.

Start with pre-screening them and approving their entry to make sure only the right people come on-site each day. This gives your team important control levers, like inviting healthy employees into the office in shifts.

Create a touchless sign-in experience.

A.   Post clear signage at the front desk so people know what to do when they arrive

B.   Allow people to check-in using their personal device rather than an iPad Kiosk

C.   Put a bottle of hand sanitizer next to your kiosk if you do need to use it

D.   Update your settings so guests don’t have to tap to take their photo when they arrive

E.   Create a welcome guide and customize it by employee or visitor type to make sure everyone has the information they need

F.    Make your badge printer easily accessible to guests 

G.   Update your hospitality practices. Instead of having a receptionist hand a guest a drink, make personal beverages available to grab without hand-to-hand contact

H.   Set up your final screen to give instructions to guests about what to do next, like where to go or where to wait for their host

I.    Opt for a sign-in system that notifies your employees automatically when their visitors arrive


Monday, February 1, 2021

DDC in BMS System

 DDC or Direct Digital Controller in BMS System

What is DDC ?

To understand the DDC, we need to know a little bit of history about what was the things before the DDC invention and why it was invented? So that we can have a broader view of the primary purpose of DDCs.

The Programmable Logic Controller or PLC used to control and monitor the Process mainly in the industry like automobile and other manufacturing factories.

Richard Morley invented PLC in 1968 to fulfil the primary needs of control and protect the production capacity of machines and manufacturing lines in the industry, and this PLC used initially was in the area of transfer lines in automotive plants.

Due to these PLC or Programmable logic controllers were designed and invented mainly for controlling and monitoring or automating the productions in the industry.

But when it comes to buildings, this PLC cannot fulfil the exact needs in terms of tenants comfort, environmentally green or can say effective management system for buildings. And still, we can use PLC for Building automation whereas it will be an excessive investment and different performance.

So here DDC or direct digital controller invented in order the process and automated the building equipment needs almost which PLC can do with minimal investment from installation to engineering.

What is the Main Difference between PLC and DDC?

What is DDC or Direct Digital Controller?

In a nutshell, DDC is a controller which use the analogue or digital signals from various devices of a field sensor and actuators and then process and control the system based on the programme written inside the controllers and has the capability to sends the information to another controller or DDC.

Basic Features of DDC

·       DDC or Direct digital controller usually has the followings features

·       The Analogue Inputs is to monitors the fields sensors values.

·       Digital Inputs to monitors the on/off status from switches/contactors.

·       The analogue output is to control the field actuators devices.
Digital Output is to control relay or provide low voltages.

·       DDC must have internal ROM/RAM to store control logic and sensor values.

·       It must have networking protocols inbuilt to transfer the data between the devices.

·       Modern DDC controller should have the capability to implement BACnet protocols for communication.

Note that there are various DDC controllers available in the market from the different manufacturer and those DDCs are available with a variety of function and features based on the specific needs like controller has all inputs/outputs like Analog inputs, Digital input, analogue output and digital output and some controller has only digital/analogue inputs.

Let us see below DDC Controller

·       Eleven 10-bit universal inputs whereas we connect either analogue input or digital input using a jumper select, eight binary outputs, and eight analogue outputs.

·       Terminal 23,24 used to connect other DDC controller to communicate between devices through BACnet over MSTP.

·       It has non-volatile memory used to store program and work independently.

·       It has the 24vdc used to give power for field devices.

Now Let us see how DDC used to control the BMS System,

Consider the followings scenario which we need to control and monitor through above DDC.

Let us say in Building, we need to control Pump control and control filling sequence through DDC whereas we have 2 Booster pumpS, one is for filling the water tank and other is to pump the water to buildings purpose to tenants like toilet etc.

This two-pump motor is controlled through the pump control panel by manually and it should work automatically based on the following sequence 

·       Pump-1 should run if the water level below the high level and stops once above the high level.

·       Pump-2 should run if the pressure on the supply line lesser than the defines let us say 2.5bar.

·       Pump-2 Should not run if water lesser than the lower level switch even pressure lesser than defined.

So based on the above sequence we will have following parameters to monitor and control

·       Booster pump-1 Run status from control panel-Binary Input

·       Booster pump-1 Run command from control panel-Binary output

·       Booster pump-2 Run status from control panel-Binary Input

·       Booster pump-2 Run command from control panel-Binary output

·       Water Low-Level status-Binary Input

·       Water High-Level status-Binary input

·       Liquid pressure on supply line-Analog Input

Let us connect the above points in DDC Controllers as follows

BP-1 Run sts- IN-1

BP-2 Run sts- IN-2

Low-Level Sts- IN-3

High-Level Sts-IN-4

Liquid Pressure-IN-5

BP-1 Run Command-BO-0

Bp-2 Run Command-BO-1

 

Logic will be as follows to execute the above sequence

 

If IN4==1        ##(means lesser than high-level status)

then

BP1=1             ##(On Pump)

else                 ##(means above than high-level status)    

BP1=0             ##(Off-Pump)

endif

 

If (IN5<2.5 and IN4==1)    ##( if pressure lesser than 2.5bar and water above the low-level sts)

then BP2=1     ##(on Pump)

else

BP2=0             ##(Off-Pump)

endif

 

Note that this program may change for each vendor controllers.

Not only this small sequence but also DDC can execute complex and critical sequence in BMS System for HVAC.


Saturday, January 16, 2021

PCI DSS in Security Surveillance

PCI DSS in Security Surveillance
Access control & Video Surveillance vendors who sell to retail merchants have undoubtedly heard about PCI compliance, but may not understand exactly what it is and how it impacts the security industry. Thus, it’s no surprise that the Payment Card Industry Data Security Standard (PCI DSS) outlines specific guidelines for securing cardholder data environments (CDE) from a physical standpoint. This means protecting devices and systems (desktops, laptops, point-of-sale terminals, servers, routers, phones and other equipment), as well as the facility itself (office buildings, retail stores, data centres, call and contact centres and other structures). PCI compliance appears to be an issue between the payment card companies such as VISA and the merchants who accept credit cards. However, as merchants are being required to comply, they are passing some of the impact down to the vendors whose systems sit on their network.

Some users, professional now start asking is OEM camera, NVR, Access Controller are Compliance by PCI-DSS, “We need your system to be PCI compliant before we can put it on the network”. Reason is that in Aug 13, 2018 US Govt Ban HikVision & Dahua (and their OEMs) product due to backdoor entry & lots of security risk. On Aug 13, 2019 US Govt signed as a Law.

According to the latest standards, PCI DSS applies to all entities involved in payment card industry—including merchants, processors, acquirers, issuers, and service providers. PCI DSS also applies to all other entities that store, process or transmit cardholder data (CHD) and/or sensitive authentication data (SAD). To safeguard credit card data from being stolen through network breaches and ineffective IT security practices. Originally most card providers such as Visa and MasterCard had established their own proprietary rules regarding the handling of credit card data by merchants. Concern and confusion by the merchants over varying and overlapping requirements by the rival card companies prompted the card issuers to create an independent organization and standard for protecting credit card data. This entity is known as the PCI Security Council and while there are actually several standards, the most applicable to our industry is the PCI-DSS. To comply with the standard, you must use security cameras AND/OR access control in any sensitive areas. Sensitive areas are defined as below:

‘Sensitive areas’ refers to any data center, server room or any area that houses systems that store, process, or transmit cardholder data. This excludes public-facing areas where only point-of-sale terminals are present, such as the cashier areas in a retail store.
It is this need to secure the merchants entire network as well as the devices and software attached to the network that creates the demand for video surveillance vendors to meet PCI requirements, or more specifically, to provide solutions which are secure enough that they do not compromise the merchants network security plan. For a large retail store, this might be your server room, data closet, or anywhere else you have machines or servers that process cardholder data. The cameras must be at every entrance and exit so you can document who has entered and left this sensitive area.

This first is the inherent or built-in security that the solution has as it leaves the manufacturers back door. Many solutions being shipped today utilize highly vulnerable technologies such as web applications, non-secured operating systems and may even have a wide variety of exploitable technologies built into the product.

Manufacturers first need to understand the most current threats and then need to evaluate and adapt their architectural design to provide maximum inherent security.

One method to accomplish this is by having a valid and effective Software Development Lifecycle (SDLC) program in place which adheres to industry best practices, meets secure software development standards and has security activities and awareness built-in throughout the process.

The second way that network insecurity can be introduced into the merchants’ network is in how the product is deployed, configured and maintained. Many vendors feel that at this point it is out of their hands, but new pressures on the merchant from the PCI requirements are causing them to push back at the manufacturer.

Updated as part of PCI DSS version 3.0, Requirement 9 outlines steps that organizations should take to restrict physical access to cardholder data. Included under this requirement are guidelines that organizations must take to limit and monitor physical access to systems in the cardholder
data environment, such as points of sale (POS) systems. PCI DSS recommends deploying entry access control mechanisms or video security cameras to meet this requirement (or both). Additionally, they require companies to:
  • ü  Verify that either video cameras or access control mechanisms (or both) are in place to monitor the entry/exit points to sensitive areas
  • ü  Verify that video cameras (or access controls) are protected from tampering or disabling
  • ü  Review collected data and correlate with other entries
  • ü  Store video data (or access logs data) for at least three months

Beyond the requirements specific to physical security, PCI DSS outlines a range of measures that organizations must

The PCI Data Security Standard (DSS) specifically excludes the need to provide cameras over cash registers:

DSS 9.1.1: "Use video cameras and/or access control mechanisms to monitor individual access to sensitive areas. Review collected data and correlate with other entries. Store for at least three months, unless otherwise restricted by law. Note: - Sensitive areas refers to any data center, server room, or any area that houses systems that store, process, or transmit cardholder data. This excludes the areas where only point-of-sale terminals are present, such as the cashier areas in a retail store."

PCI DSS Compliance levels

PCI compliance is divided into four levels, based on the annual number of credit or debit card transactions a business process. The classification level determines what an enterprise needs to do to remain compliant.
·        Level 1: Applies to merchants processing more than six million real-world credit or debit card transactions annually. Conducted by an authorized PCI auditor, they must undergo an internal audit once a year. In addition, once a quarter they must submit to a PCI scan by an Approved Scanning Vendor (ASV).
·        Level 2: Applies to merchants processing between one and six million real-world credit or debit card transactions annually. They’re required to complete an assessment once a year using a Self-Assessment Questionnaire (SAQ). Additionally, a quarterly PCI scan may be required.
·        Level 3: Applies to merchants processing between 20,000 and one million e-commerce transactions annually. They must complete a yearly assessment using the relevant SAQ. A quarterly PCI scan may also be required.
·        Level 4: Applies to merchants processing fewer than 20,000 e-commerce transactions annually, or those that process up to one million real-world transactions. A yearly assessment using the relevant SAQ must be completed and a quarterly PCI scan may be required.


PCI DSS Compliance
Requirement 9: Restrict physical access to cardholder data
Any physical access to data or systems that house cardholder data provides the opportunity for persons to access and/or remove devices, data, systems or hardcopies, and should be appropriately restricted. “Onsite personnel” are full- and part-time employees, temporary employees, contractors, and consultants who are physically present on the entity’s premises. “Visitors” are vendors and guests that enter the facility for a short duration - usually up to one day. “Media” is all paper and electronic media containing cardholder data.
9.1 Use appropriate facility entry controls to limit and monitor physical access to systems in the cardholder data environment.
9.2 Develop procedures to easily distinguish between onsite personnel and visitors, such as assigning ID badges.
9.3 Control physical access for onsite personnel to the sensitive areas. Access must be authorized and based on individual job function; access must be revoked immediately upon termination, and all physical access mechanisms, such as keys, access cards, etc. returned or disabled.

Clearly, there's no explicit camera requirement here, but cameras are a good way to remaining in compliance with requirement 9.2. It's hard to know if you had a physical security breach if you don't have any video evidence.

PCI PED Compliance
3.4.5.2 Monitor, Camera, and Digital Recorder Requirements
a) Each monitor, camera, and digital recorder must function properly and produce clear images on the monitors without being out-of-focus, blurred, washed out, or excessively darkened. The equipment must record at a minimum of four frames per second.
b) CCTV cameras must record all activity, including recording events during dark periods through the use of infrared CCTV cameras or automatic activation of floodlights in case of any detected activity. This recording may be via motion activated. The recording must continue for at least a minute after the last pixel of activity subsides.
c) CCTV monitors and recorders must be located in an area that is restricted from unauthorized personnel.
d) CCTV cameras must be connected at all times to:
·        Monitors located in the control room
·        An alarm system that will generate an alarm if the CCTV is disrupted
·        An active image-recording device

Q30 March (update) 2015
Q. For purposes of this requirement, can motion activation recording be used, such that if there is not any activity and associated motion, there is not any need to record? If motion activation is allowed, how long past cessation of motion must be recorded?
A. This requirement is under revision. The new text will state: CCTV cameras must record all activity, including recording events during dark periods through the use of infrared CCTV cameras or automatic activation of floodlights in case of any detected activity. This recording may be motion activated. The recording must continue for at least ten seconds after the last motion has been detected. The recording must capture any motion at least 10 seconds before and after the detected motion.

Some of OEM done PCI DSS Compliance
For example: On March 19, 2015 - NUUO, a leading provider of surveillance video management solutions, today announced that its NUUO Crystal family (NUUO CrystalTM), as well as Mainconsole Family (NUUO Mainconsole Tri-Brid) solutions have received the Payment Card Industry (PCI) Data Security Standard (DSS) 3.0 certification.

Verkada (Cloud Camera Works) offers a technology solution that simplifies the process of meeting PCI physical security requirements. Unlike traditional CCTV systems, Verkada eliminates outdated equipment such as NVRs, DVRs and on-premise servers. The result: a system design that enables modern data security standards and innovative software capabilities by default.

3xLOGIC video surveillance vendor selected by our IS/IT department, also meet PSI DSS regulation.

Georgia CCTV understands that PCI-DSS compliance has become a requisite for restaurant operators. Safe guarding cardholder information and ensuring that PCI-DSS compliance standards are maintained is a material investment for companies in both time and resources. Georgia CCTV understands that for a retailer to achieve and maintain full PCI compliance, it is imperative that any services and devices that are part of or will become part of a merchant’s infrastructure also be PCI-DSS compliant.

ATLANTA, July 30, 2019 – Honeywell [NYSE: HON] announced the release of 30 Series IP Cameras, a new suite of video cameras that strengthens building safety and security through advanced analytics and secure channel encryption. They also adhere to the Payment Card Industry Data Security Standard (PCI-DSS) Together, these elements help meet the increasingly stringent requirements being set by IT Departments to shield businesses against unauthorized access and unsanctioned distribution.

Morpho is now IDEMIA, the global leader in Augmented Identity for an increasingly digital world, with the ambition to empower citizens and consumers alike to interact, pay, connect, travel and vote in ways that are now possible in a connected environment. IDEMIA – MORPHO is Payment Card Industry Data Security Standard (PCI DSS) certified company.

HID Global’s ActivID Authentication Appliance is used by enterprises and banks worldwide to secure access to networks, cloud applications and online services to prevent breaches and achieve compliance with the updated FFIEC guidance, PCI DSS and equivalent mandates, policies and guidelines.

Integrated Access Security is a commercial security systems company serving Redwood City. There Access control meet PCI regulation.

QNAP storage system have the following security certifications:
HIPAA Compliance
SSAE 18 Type II Certification
PCI-DSS Compliant

FIPS 140-2 Level 3 Validated Data Handling Practices

Ref:
https://www.rhombussystems.com/blog/security/what-type-of-video-security-system-do-you-need-to-be-pci-compliant/
https://www.pcisecuritystandards.org/document_library?category=educational_resources&subcategory=educational_resources_general
https://www.securitymetrics.com/blog/what-are-12-requirements-pci-dss-compliance
https://www.pcisecuritystandards.org/get_involved/participating_organizations