PCI Compliance is a helps to fight fraud at the pump by requiring the fuel station owners maintain payment security throughout the transaction. Credit card fraud is big business, and gas stations and truck stops are common targets.
Of course, credit card companies and law enforcement fight back against the criminals. But the criminals have to be right only once in a while. Credit card security has to be right all the time. That’s where the Payment Card Industry Digital Security Standards or PCI DSS come into play.
The PCI standards are used by the five major global credit card brands – American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc.
Who is required to have PCI Compliance?
Any organization that stores, processes or transmits cardholder data is required to maintain payment security. For most small businesses, PCI compliance requires working with vendors for payment terminals and processing that provide PCI compliant services. Merchants that are not PCI compliant will be liable for any fraud losses, not the card brands.
Most merchants can certify compliance using a Self-Assessment Questionnaire (SAQ) and provide an Attestation of Compliance (AOC) annually. Your credit card processor will provide guidelines for your organization to follow.
PCI compliance for Truck Stops
You can reduce exposure to losses from fraud with these steps to ensure PCI compliance:
- Use a PCI compliant service provider or approved software to process payments.
- Don’t store the CID/CVV2 security code.
- Don’t store magnetic track data.
- If you store full credit and debit card numbers, make sure the data is encrypted. Keep paper documents with full credit card numbers secure.
- Ensure that only authorized employees have access to credit card numbers.
- Enforce policies that prohibit sharing individual log-in information.
- Reset all default passwords and require strong passwords for all system access.
- Disable access for terminated employees.
- On a regular basis examine POS devices for any sign of tampering.
- Install and activate firewalls and anti-virus/anti-malware software on all computers.
- Create and enforce a security policy to meet the standards of the PCI DSS.
EMV Fuel Pump Upgrades
Skimmers are the criminals’ tool of choice. They affix fake card readers to fuel pumps and merchant terminals to steal the cardholder’s personal data when the card is swiped. The data is used to make fraudulent purchases or create fake accounts, often in card-not-present purchases via online retailing.
The most visible element of PCI compliance efforts is the EMV chip on credit and debit cards. The EMV chip system is designed to stop criminals from using skimmers to steal users’ card data stored on the magnetic stripe.
The EMV chip makes it impossible to steal information from the card when it is dipped. Visa reports that more than 1.7 million merchants representing more than a third of storefronts accept chip cards. So far, 388 million Visa chip cards have been issued in the U.S. As a result, counterfeit fraud at chip-enabled merchants has fallen 43%.
Fuel station operators are facing a deadline in October 2020 to install EMV compliant payment terminals to accept Visa/MasterCard at the pump. Truck stop operators have been required to be PCI compliant and install EMV compliant terminals in the store. Now the same effort will be required to bring fuel pump terminals into compliance with the regulation.
If you’d like to ensure your truck stop payment systems are PCI compliant, we have a team of experts ready to assist you. Contact FFS today find out more.