Clock ticking for gas stations to pump up data security
Visa requiring encryption of debit card PINs on new pumps now, existing ones by July 2010
Computerworld - Lower gas prices aren't the only thing that's new at the pumps these days. Data encryption tools are also becoming part of the picture.
Starting Jan. 1, Visa Inc. is requiring all new fuel-dispensing machines being installed at gas stations around the U.S. to support the Triple Data Encryption Standard, a mandate that is designed to make it harder for identity thieves to steal debit card data from gas pumps by shielding the personal identification numbers (PIN) of customers.
So-called card-skimming devices placed on gas pumps have been used to compromise payment card data in the past. For example, in 2005, data at gas stations operated by Wal-Mart Stores Inc.'s Sam's Club division was compromised.
Visa's new requirement calls on gas retailers to ensure that all new pumps capable of processing debit card purchases are equipped with an encrypting PIN pad, or EPP, that supports Triple DES. Although Visa is the only credit card company mandating the use of the encryption technology now, the requirement is expected to become part of a broader specification for unattended point-of-sale (POS) systems that is being developed by the PCI Security Standards Council, which is responsible for the Payment Card Industry Data Security Standard and other data-protection measures.
Gas station owners have until July 1, 2010, to ensure that all of their existing pumps are upgraded to support Triple DES. Robert Renke, executive vice president of the Petroleum Equipment Institute in Tulsa, Okla., estimated that about 1.4 million gas pumps would need to be retrofitted with new software — for an average of more than 2,500 per day in order for retailers to meet Visa's deadline.
The chances of that happening are remote, according to some analysts. The upgrade requirement is "a major deal for gas stations with old equipment," said Gartner Inc.'s Avivah Litan. And with the economy in tatters and drivers cutting back on gas consumption after prices hit record levels last summer, "this could not come at a worse time for gas station operators," Litan said. "I'm sure many will be late when it comes to compliance."
She added that if an existing gas pump can't support a software upgrade to make it compliant with Triple DES, a replacement pump may have to be installed. And on top of the encryption requirements, gas stations will need to ensure that the POS systems on their pumps comply by July 2010 with a separate payment application security standard that was crafted by Visa and then adopted by the PCI council. Full replacements can cost between $8,000 and $29,000 per pump, Litan said.
- The Truth About Cloud Security "Security" is the number one issue holding business leaders back from the cloud. But does the reality match the perception?
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!