Look no further than recent headlines to learn about payment security breaches and PIN pad tampering incidents involving merchants of all sizes. Sophisticated criminal organizations are targeting retailers and obtaining compromised account data with more regularity. Whether it’s fair or not, the fault of these attacks is increasingly being placed squarely on the shoulders of merchants.
While installing PCI approved payment devices at the pump will help thwart this theft of card data, good security practices dictate that multiple layers of defense should be used to protect this valuable information.
Before you upgrade your payment system at the pump, and even after securing the pumps with PCI approved payment products, fuel retailers must implement some fuel pump security best practices to reduce the chance of compromised card data.
Security experts at Verifone said some best practices include:
• Educating store employees and managers about the techniques criminals use to breach fuel dispensers. Data thieves have sophisticated equipment that can be installed in minutes. Store employees should know the type of equipment data thieves install, where they typically install it and what information they can gain once it is installed.
• Instructing employees to be vigilant in identifying suspicious activity around pumps.
• Checking the accreditations of any service technicians and requiring them to show a photo ID, and sign a service log. Be sure to periodically audit the service log.
• Using and retaining accurate shift schedules, so a staff audit trail is available. This will also act as a deterrent to staff to commit fraud as they are accountable for their actions.
In terms of what to physically look for, Verifone advised that retailers maintain an unobstructed view of the forecourt at every cashier station at all times.