The risk
The COVID-19 pandemic has expedited the use of digital tools, especially contactless payment systems, in fuel retail operations across the world. These advances in digitalisation have led to increasingly frequent, costly and damaging cyber incidents for forecourt owners.
What are the impacts?
Significant business impacts can follow cyber security breaches, such as:
- reputational impact – resulting in loss of customers or revenue or both
- cost of containing and rectifying the incident
- loss of intellectual property or confidential information
- loss of business continuity and revenue
- potential penalties for GDPR contravention relating to the loss of personal data
This article aims to illustrate to fuel site operators the measures integrated into TSG’s electronic point-of-sale and payment systems to ensure data security and privacy
Tokheim Fuel POS
The Tokheim Fuel POS connects seamlessly with all other systems on the service station including dispensers, indoor and outdoor payment, fully integrated CCTV, tank-level gauges, price pole signs, the back office and the car wash. This level of integration makes life easier for site owners and their staff, by providing them with more time to better serve customers – but just how secure is it?
Fuel POS is the preferred EPOS system for both international oil companies and independents, as it not only complies with the strict data security regulations enforced by the Payment Card Industry Data Security Standard (PCI DSS), it exceeds them. Fuel POS was designed to prevent fraud through the increased control of credit card data, operating via a virtual private network (VPN), which encrypts the customer’s identity and payment data as transactions are made and limits the likelihood of such data getting compromised.
Fuel POS allows forecourt owners to set user permissions and restrict access rights to the system, where each individual user has their own unique identifier and complex password. This ensures that all activity can be traced to a known user and accountability can be maintained. Data security is a prerequisite for any cloud-enabled, connected solution and as a consequence, no card numbers or sensitive personal data are stored.
When Fuel POS is used in conjunction with Tokheim’s online authorisation and switching environment (OASE), data protection is taken to a whole new level.
Tokheim OASE
The Tokheim OASE facilitates payment at the Fuel POS and can accommodate all major credit, debit or fuel cards. This simple but highly secure payment system reduces the complexity of protocol implementation on the site by using a central switch point. One single security scheme based on a triple data encryption algorithm, derived unique key per transaction (3DES DUKPT) and one single protocol based on the international forecourt standards forum (IFSF) is all it takes to connect a Fuel POS site with the OASE, which is then able to convert all payments made from bank cards in accordance with their specific security guidelines.
OASE also offers the implementation of velocity controls, designed to flag potential fraud, based on the rate at which a buyer submits multiple transactions. Each business is able to set up its own scheme rules by using the stop/allow lists and corresponding settlement files. TSG supports the end-host service by offering a modern and easy-to-use, cloud-based module to manage transactions, stop lists and clear PIN attempts in real-time.
Like Fuel POS, OASE is regulated to PCI DSS standards and owing to its non-reliance on third-party software has become recognised as one of the most secure payment systems on the market today.
Together, the Fuel POS and OASE payment system make a formidable team in the fight against cybercrime. If support is required for either system, remote access can only be gained by one of six highly-skilled technicians, once permission has been granted by the site. The dedicated server is housed in a locked-down room, which is protected against physical attacks by restricted security card access.
Leave it to the experts
To avoid becoming another statistic in the growing number of cyber attacks on fuel retail sites, take a proactive approach and seek advice from the experts. TSG UK has over twenty years of experience in the industry and we can supply, install and support both Fuel POS and OASE, whilst offering guidance on existing site security.
There is so much that can be done to protect the integrity of customer data, preserve reputation, mitigate the risk of financial loss and safeguard the forecourt against cyber criminals – don’t get caught out, take action now!
