PCI 3.1 - Curbing Fraud and Data Loss with Asset Management


Gas stations are a goldmine for individuals wishing to make fraudulent purchases or to capture data from the magnetic stripe on your customers’ credit cards. In 2015, a statewide sweep of 7,571 gas stations in the Sunshine State revealed 103 skimmer devices, according to Florida's Department of Agriculture. As recently as September 3rd, the front page of the Wall Street Journal proclaimed “Credit-Card Fraudsters Pump Gas Stations for Profit; Payment-card companies and gas-station operators combat a wave of theft.” 

Why are gas stations such an attractive target? One word: Opportunity. 

Hackers and thieves thrive on opportunity and gas stations present an abundance of it. Considering that the average gas station has eight pumps, typically unattended, these represent several options as possible avenues for attack. Customers tend to want to make a quick transaction, so may not notice a skimming device or hidden camera. Gas station attendants are frequently preoccupied with customers and not paying attention to fraudulent cards being used to fill up “bladder tanks.” What’s more, all the gas stations under your brand may not be under your full jurisdiction, often operated by licensed independent retailers, so proper policies protecting against risk may not be upheld according to your standards. 

A strong security program is essential, because it gives your stores a fighting chance against fraudsters and data thieves. And at the heart of any effective security program is a detailed and comprehensive Asset Management program. Knowing who, what and where your assets are enables you to support the definition, design and deployment of your security controls (not to mention, it’s required for compliance with the Payment Card Industry Data Security Standard). 

Download the PDF of this presentation:

Data Security, PCI Compliance