[ISN] Clock ticking for gas stations to pump up data security

From: InfoSec News <alerts_at_private>
Date: Thu, 8 Jan 2009 03:41:43 -0600 (CST)
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9125261

By Jaikumar Vijayan
January 7, 2009 
Computerworld

Lower gas prices aren't the only thing that's new at the pumps these 
days. Data encryption tools are also becoming part of the picture.

Starting Jan. 1, Visa Inc. is requiring all new fuel-dispensing machines 
being installed at gas stations around the U.S. to support the Triple 
Data Encryption Standard, a mandate that is designed to make it harder 
for identity thieves to steal debit card data from gas pumps by 
shielding the personal identification numbers (PIN) of customers.

So-called card-skimming devices placed on gas pumps have been used to 
compromise payment card data in the past — for example, in 2005 at 
stations operated by Wal-mart Stores Inc.'s Sam's Club division.

Visa's new requirement calls on gas retailers to ensure that all new 
pumps capable of processing debit card purchases are equipped with an 
encrypting PIN pad, or EPP, that supports Triple DES. Although Visa is 
the only credit card company mandating the use of the encryption 
technology now, the requirement is expected to become part of a broader 
specification for unattended point-of-sale systems that is being 
developed by the PCI Security Standards Council, which is responsible 
for the Payment Card Industry Data Security Standard and other data 
protection measures.

Gas station owners have until July 1, 2010, to ensure that all of their 
existing pumps are upgraded to support Triple DES. Robert Renke, 
executive vice president of the Petroleum Equipment Institute in Tulsa, 
Okla., estimated that about 1.4 million gas pumps would need to be 
retrofitted with new software — for an average of more than 2,500 per 
day in order for retailers to meet Visa's deadline.

[...]


_______________________________________________      
Please help InfoSecNews.org with a donation!
http://www.infosecnews.org/donate.html
Received on Thu Jan 08 2009 - 01:41:43 PST

This archive was generated by hypermail 2.2.0 : Thu Jan 08 2009 - 01:57:21 PST