Resources And Guidance For EMV Implementation in a C-Store Environment: This Conexxus white paper provides links for educational information and frequently asked questions regarding EMV implementations in the U.S. It is intended to assist members of the petroleum and convenience industry to find information related to EMV. While many EMV resources exist, the resource links included in this document were found to be the most helpful and relevant to merchants in the petroleum and convenience industry. This document covers EMV Basics, Up Front Decisions (decisions that must be made in advance of EMV implementation such as debit routing, contactless, optimizing transactions, fallback, and manual entry), Cardholder Data Considerations, Testing and Certification, and Ongoing Care and Maintenance (e.g., chargebacks, kernel maintenance). Also included are other considerations that may be applicable to your particular business (ATMs, unattended payment terminals, tips, gratuities, card not present).
Benefits Of Adopting Electronic File Exchange-Conexxus Quick Reference Guide: Automating data exchange for common business processes creates business efficiency by eliminating time spent on paperwork and fixing errors from manually entered data. This in turn allows more time for store personnel to spend on store operation and management, as well as interaction with customers. Automation can be achieved through either NAXML or EDI specifications. This quick reference guide educates readers regarding the benefits of adoption of either NAXML or EDI at various points in the supply chain and shares success stories from Kwik Chek, PAJCO (Rhodes 101), and E-Z Stop Food Marts, Inc.
Standardizing Protocols to Lower Industry Costs and Drive Innovation: Savings, innovation and choice – standardization of service station protocols must accelerate. A white paper by the International Forecourts Standards Forum, Conexxus and Invenco Group has highlighted the urgent need for the adoption of standardized payment protocols in the petroleum forecourt retail sector. At present, the complexity of integrating new equipment, transaction systems or security protocols into existing operations is adding tens of millions of dollars to the industry’s bottom line. This is because each component has its own, often unique, ‘interface’ with the other. Rather than address the issue head-on, retailers are typically resorting to bespoke solutions, which drive up costs not only in their implementation but also in retaining the talent capable of maintaining it. In short, retailers typically select equipment and systems based on its compatibility with the existing infrastructure, rather than by its features, performance or purchase price. This limits both choice and the speed at which innovations can be adopted. These costs manifest themselves in a variety of ways, including development of the protocols, certifying the various integrations, and the ‘opportunity costs’ of having to make trade-offs between various component suppliers. While opportunity costs do not always drive visible bottom line results to a business, they do manifest as costs across the business. Delayed rollouts, frustrated customers, procurement challenges and missed functionality all result in various costs to the business. These are the elements that are difficult to measure, but certainly result in tangible impacts to the retailer organization.
Conexxus Summary of ANS X9.119-Part 2 Use of Tokens to Protect Sensitive Card Data: X9, the US accredited standards body for the Financial Services Industry, recently adopted a standard that defines the minimum security requirements for designing and implementing a tokenization system for post-authorization payment data. X9.119 – Part 2, entitled “Retail Financial Services - Protection of Sensitive Payment Card Data: Tokenization,” was also approved by ANSI and becomes the US national standard to protect data that may disclose the identity of the cardholder (e.g., Primary Account Number, Cardholder Name, Expiration Date, Service Code), and Issuer Discretionary Data or Track data, which typically refers to the data stored on the magnetic stripe of a payment card, as well as “Equivalent Track Data” when that data is stored in IC Cards and other electronic media (e.g., a mobile wallet).
Skimming Infographic: Infographic showing where skimming occurs
Webinar - Defending the Island - A guide to reducing the risk of skimming: Thieves are increasingly exploiting unprotected dispenser terminals to “skim” card data from customer payment cards used to purchase fuel. Retailers who have been victims of this crime face financial and brand damage, as their customers and their issuers seek to recover damages caused by these breaches. State regulators are also increasing inspections of dispenser terminals, while state legislators consider new laws aimed at requiring dispenser terminals to be secure. NACS has created a webpage to educate and help retailers better protect themselves from skimmers. In addition, on December 17, 2015, NACS and Conexxus hosted a webinar highlighting the processes and tools available to protect dispenser terminals from intrusion and skimmers. The webinar was conducted by representatives from Gilbarco Veeder-Root, Wayne Fueling Systems and the NACS We Care program.
Conexxus, IFSF and nexo partnership on ISO 20022: An agreement between Conexxus, the International Forecourt Standards Forum (IFSF) and nexo has been ratified to provide the expertise to enhance the ISO 20022 standards to meet the needs of the petroleum retail and convenience store industries. The recently signed agreement will also ensure that ongoing expert support will be on hand should the need arise for revisions in the future. The agreement brings together the three leading organisations in their respective fields: Conexxus, IFSF, and nexo.
Conexxus/IFSF Tokenization Position Statement: Conexxus and IFSF, who between them provide Retail technology standards used by most major global oil companies, have collectively developed recommendations regarding tokenization. In this document, these recommendations are outlined.
Payment Processing for Retail Petroleum/Convenience: This white paper describes some of the unique challenges and requirements for payment card processing in a retail petroleum/convenience environment.
Merchant Tokenization Statement: Merchant Community Coalesces Behind Open Process for Security Standards to Better Protect U.S. Consumers and Businesses from Cybercriminal Activity
PCI SSC Statement on Malware Related to Recent Breach Incidents: This document spells out the recommendations made by the PCI Council to organizations in response to a statement made by the United States Secret Service and Department of Homeland Security on 22 August 2014. This statement was a warning issued that a Point of Sale (POS) malware dubbed “Backoff” may have infected systems in over 1,000 organizations and represents a very real threat to the security of cardholder data in all organizations.
PCI DSS Ver. 3.0 Noteworthy Changes for Petro Retailer: Produced by the Conexxus Data Security Committee, this document provides an overview of the Noteworthy Changes as it relates to a petroleum retailer.
Secure Remote Payment Council (SRPc) Tokenization Position Statement: 10/22/2014, This document provides the Secure Remote Payment Council’s (SRPc) Tokenization Position Statement released in July 2014. The recent Apple Pay announcement challenges the SRPc’s mandate for open standards for tokenization and a level playing field for all stakeholders to compete. The three points tokenization standards must embody, as stated by the SRPc are disclosed.
Letter to Credit Union Associations: October 30 2014, Within this document is disclosed a letter to the Credit Union National Association on October 30, 2014 regarding points maintained by the Credit Union National Association (CUNA), the National Association of Federal Credit Unions (NAFCU) and other state credit union associations concerning the state of cyber security in the country. Brought up in the letter are misconceptions on cyber-attacks relating to cyber security.
The GasPot Experiment - A TrendLabs Research Paper: This report takes a closer look at how and why supervisory control and data acquisition (SCADA) and ICS systems can be attractive and possibly profitable venues for attackers. The paper also discusses the implications that highlight the lack of security awareness surrounding Internet-connected devices, especially when it comes to systems and devices like gas-tank monitoring systems that could result in real world ramifications.