Criminals are increasingly targeting fuel pumps as the weak link in the payment card security chain.
Numerous methods have been used by criminals to obtain card numbers, track data and debit PIN’s. While
installing PCI approved payment devices at the pump will help thwart this theft of card data, good security
practices dictate that multiple layers of defense should be used to protect this valuable information.
Before you upgrade your payment system at the pump, and even after securing the pumps with PCI
approved payment products, fuel retailers should immediately implement these Fuel Pump Security Best
Practices to reduce the chance of a compromise of card data, protect your consumers and protect your
brand.
This page details the Best Practices for Fuel Dispenser Payment Security from a sound security
perspective to minimize fraud through education, routine inspection, vendor management, and prompt
action. Each of the Best Practices are organized into the following categories:
- Administrative Activities – This category covers items that include employee education on data
security theft, and common prevention activities.
- Physical Activities – This category includes items involving physical inspection of payment system
components.
- Technical Activities – This category reviews vendor management including authorization,
identification and logging service technician activities.
The intended audience for this Best Practices page is petroleum retailers and marketers who have
implemented Pay at the Pump technology. The “Prevention is better than cure” approach is taken to
prevent, detect and then correct fraud with most emphasis being placed on prevention.
Administrative Activities
- Educate your store employees and managers about the techniques criminals use to breach
fuel dispensers.
Data thieves have sophisticated equipment that can be installed in minutes. Store employees
should be educated as to the type of equipment data thieves install, where they typically install it,
and what information they can gain once it is installed.
- Update new employee training curriculum to include the techniques criminals use to breach
fuel dispensers.
New employees should be trained to be on the lookout for suspicious activity around the forecourt,
and who to call should such activity be cause for concern.
- Instruct all employees to be vigilant in identifying suspicious activity around pumps.
Employees should be always aware of suspicious activity around fuel dispensers. Fuel dispenser
breaches can occur in a matter of minutes and typically involved unauthorized access to the inside
of the fuel dispenser to install skimming devices, installation of pin hole cameras in, on or around
the dispenser canopy, or prying up the membrane keypad to insert a paper-thin transmitter that
captures the PIN and sequence as they are being entered.
- Check the accreditations / references of any service technicians. Require they show a photo
ID and sign a service log
Social engineering is sometimes employed to commit fraud; a fraudster acts as a service technician
or consultant to allow them to gain unauthorized access. All service technicians should be required
to show a photo ID and sign a service log. The details of the visit should be communicated in
advance to the manager or cashier by management.
- Periodically audit the service log
Establish and maintain a service log that records the who/what/where/when/why of a technician
visit should be periodically audited by management to ensure that all servicing was approved.
- Use and retain accurate shift schedules so that a staff audit trail is available
Schedules of “what staff worked when” should be maintained to help with any investigations or
enquiries that may arise at a future date. This will also act as a deterrent to staff to commit fraud as
they are accountable for their actions.
Physical Activities
- Maintain an unobstructed view of the forecourt at every cashier station
Do not block your clerk’s view of fuel dispensers with window posters or large stacks of
merchandise. Clerks and store managers need to be able to have a clear view of all customer
activity in and around each of your fuel dispensers at all times.
- Become familiar with Pay at the Pump equipmentso that any foreign devices such as pinhole
cameras or extra cables or devices are recognized.
Perform daily inspections for
evidence of tampering or device substitution
- Look for skimmers placed over the card reader
Skimming devices are installed directly onto the ribbon cables that connect the card reader,
keypad and display. These devices can be small (about 1 inch) and usually contain
external wires or antennas.
- Look for skimmers placed under the membrane keypad
Thin keypad transmitters are typically inserted directly under the membrane keypad. Look
for signs of physical altering of the keypad where corners are frayed or bent from being
pried up.
- Look for small Pinhole cameras that are focused on the keypad
Pinhole cameras are very small and are designed to fit into a ½ inch hole or smaller. They
are installed in either the pump itself, the pump top or the overhead canopy, at an angle
that captures digits as the customer enters their PIN for debit transactions.
- Open the fuel dispenser; look for evidence of tampering
Check the interior cavity of the pump where the card payment hardware is installed for
evidence of any devices that are not part of the original payment componentry. Have
photographs available for employees that indicate the correct components.
- Call law enforcement if evidence of tampering or device substitution is found.
Law enforcement needs to be involved if there is any suspicion of data theft crime. They
will engage experts who need to respond quickly in order to apprehend the criminals.
- Replace the standard manufacturer’s pump access key locks with a unique key lock for each
retailer.
Strictly control access to keys
Data thieves have easy access to commonly used brass keys that secure the fuel dispenser
electronics area. Replacing the original manufacturer’s locks with customer specific locks helps to
ensure that common manufacturer keys won’t provide easy access to your fuel dispensers.
Maintain strict control of access the keys; require a service log entry each time a technician
performs service.
- Install security cameras that cover the entire forecourt
Security cameras that cover the entire forecourt provide information to law enforcement in the event
of a security breach or fuel dispenser tampering. In addition, they act as a deterrent to data thieves
in the first place. Closed Circuit Television cameras should be used and footage retained to aid in
subsequent investigations. This should not be accessible to staff.
- Install mirrors to improve the visibility of distant fuel dispensers
If there are fuel dispensers located in areas that are difficult for cashiers to monitor, the installation
of mirrors to provide a direct line of sight will aid cashiers and managers efforts to maintain
vigilance in pump monitoring.
Technical Activities
- Restrict service technician access to fuel dispensers without management approval
- Do not allow anyone to service a fuel dispenser unless a service call has been placed and preauthorized by management.
- Make sure employees are familiar with the service technicians who are assigned to support your site and that they report any unfamiliar technician activity.
- Require unfamiliar technicians to provide proof of employment and a photo ID prior to permitting them to perform work.
Reference Documents
- POS/POI Terminal Security Best practices to application developers, system integrators, and end
users, MasterCard, February 2006, Draft V02
- Visa Fraud Prevention for merchants (http://merchants.visa.com/prevention/main.jsp)
- Payment Card Industry (PCI) Data Security Standard (https://www.pcisecuritystandards.org)
- PIN Pad Management Best Practices V1.2, VeriFone Inc, November 2006
- PIN Security and Automated Fuel Dispensers, Visa Webinar, December 11, 2007
|
