National Petroleum News (NPN) has been the independent voice of the petroleum industry since 1909 as the opposition to Rockefeller’s Standard Oil. So, motor fuels marketing and retail is not just a sideline for us, it’s our core competency.
Issue link: https://read.dmtmag.com/i/42588
RETAIL OPERATIONS BY DEBRARESCHKE Some of the big PCI compliancy deadlines have passed, so what's next? POS HARDWARE - BEYOND PCI serious data security gaps becoming more apparent in the retail industry throughout the 2000s, most notably, the hacking of TJ Maxx's customers' credit information, the Payment Card Industry Security Standards Council has been working to ensure the safe handling of sensitive information. T VeriFone's Topaz XL POS system supports payment network access, fueling dispenser control, car wash control, and other transactions. he past couple of decades could be described as the Wild West of point- of-sale (POS) systems in petroleum retailing, with over a dozen platforms being supported by the majors. With other new regulations, having a foundation for a security strategy and generally improving IT infrastructure. On the other hand, if there is a breach of secu- rity and payment data is compromised, it can have devastating effects to a brand and business, which can include lawsuits, insurance claims, cancelled accounts, payment card issuer fines, and govern- ment fines, according to the council. To take steps to compliancy, the council advises businesses to contact their payment brand or acquirer for specific requirements. However, there are twelve specific descriptions of meeting compli- ancy, such as installing and maintaining a firewall to protect cardholder data, encrypting transmission of cardholder data across open public networks, using and updating antivirus software. More specifically, how it impacts petroleum PCI COMPLIANCE AND THE PETROLEUM RETAILING INDUSTRY The PCI SSC outlines the various reasons why merchants should be compliant on their web- site. This includes promoting trustworthiness with customers as well as boosting their reputa- tion. The council also says that compliance has future benefits, such as being better prepared for 16 SEPTEMBER 2011 retailers can be broken down into three segments: PCI PA DSS: PCI Payment Application Data Security Standard refers to protecting the data of credit and debit in-store transactions. All stores should be compliant, as of July 1, 2010. PED: Stands for PIN Entry Device and refers to protecting the debit PIN. As of July 1, 2010, stores not in compliance, or retailers using PEDs not approved under PCI standards, can be found liable for not securing debit transactions in the store. EPP: Stands for Encryption PIN Pad and refers to protecting the debit PIN outside the store. As of July 1, 2010, all dispensers' that accept PIN debit requires replacement of the keypad to an EPP or a payment device that includes an EPP that is capable of Triple Data Encryption Standard (TDES). • • • COMPLIANCY ENVIRONMENT So, how is the petroleum retailing industry doing in terms of upgrading to be PCI compliant? James Hervey, on the VeriFone petroleum marketing NPN Magazine n www.npnweb.com