Type 16

Common Petroleum & Fuels Environment

Risk Profile: Higher
Overview
Risks
Threats
Protections

This typical petroleum retail point of sale has connections to the fuel dispensers residing in the forecourt, allowing consumers to pay for directly at the pump / fueling station. This is similar to an unattended terminal. However, pay at the pump also offers fleet card holders the ability to pay with their fleet card and other information such as a Driver or Vehicle ID number.

Outside at the fuel island: The consumer presents their card to the fuel dispenser card reader (wave, tap, or insert). The card reader sends the payment information to the fuel/site controller, which then sends the payment information to the EPS, which then sends the payment information to the payment processor / acquirer.

Inside the convenience store: The consumer presents their card to the PIN Pad/Payment terminal card reader (wave, tap, or insert). The PIN pad sends the payment information either to the POS system or directly to the Electronic Payment Server (EPS), which then sends the payment information to the payment processor / acquirer.

16a-p-1080

Where is your card data at risk?

16b-p-1080

How do criminals get your card data?

16c-p-1080

How do you start to protect card data today?

Click on the icons below for the Guide to Safe Payments and information about these security basics.  For simple definitions of payment and security terms, see our Glossary.

ico-strong-passwords2x-p-130x130q80

Change default passwords, use strong passwords, Multi-factor Authentication (MFA)

ico-ask-vendor2x-p-130x130q80

Ask your PCI Qualified Integrator & Reseller (QIR) or your hardware/software vendor for help

ico-secure-payment2x-p-130x130q80

Use secure payment systems

ico-protect-card-data2x-p-130x130q80

Protect card data and only keep what you need

ico-protect-in-house-access2x-p-130x130q80

Protect in-house access to your card data

ico-protect-internet2x-p-130x130q80

Protect all systems from the Internet

ico-inspect2x-p-130x130q80

Regularly inspect your payment terminals for modification, changes, or other visual clues that suggest tampering or alteration

ico-limit-remote2x-p-130x130q80

Limit remote access for your vendor partners – don’t give hackers easy access

ico-antivirus2x-p-130x130q80

Use anti-virus or “application allow” software

ico-install-patches2x-p-130x130q80

Install patches from your payment terminal vendor

ico-scanning2x-p-130x130q80

Get regular vulnerability scanning

ico-make-card-data-useless2x-p-130x130q80

Make your card data useless to criminals

ico-protect-internet2x-p-130x130q80

Use a robust, business grade firewall appliance with unified threat management

ico-protect-internet2x-p-130x130q80

Protect network and USB ports

YES, I’m ready to download the Evaluation Form to my computer now to understand how I can better protect my business
NO, I’m not positive this is my payment system. Show me the overview again.