Conexxus, in conjunction with the law firm Han Santos, offers the following synopsis and FAQs to address the serious security attack involving the SolarWinds Orion/IAM® platform (Orion®). First reported by cyber firm FireEye in December 2020, remediation for this
security cyberattack is likely to take years.
Deploying and managing a resilient cybersecurity infrastructure is the first line of defense against criminal elements who may be looking to compromise an electronic payments system that has not yet moved to a point to point encryption (P2PE) infrastructure. If you are a merchant concerned about the security of your payment information, kept up at night by what the cyber criminals are planning next, feel P2PE is someone else’s responsibility, or is just a project for next year this document will provide some insight into steps toward P2PE and explain why P2PE is an ongoing effort. This document will discuss the devices, technology, and areas of focus that a convenience or retail fueling merchant should understand to provide that line of defense until a full P2PE implementation is available and fully implemented.
The pace of modern mankind has been set by defined industrial revolutions – starting with steam in the mid-1700’s, then electricity, then electronic information and now we are currently in the Fourth Industrial Revolution (4IR) where digitization of the physical world will affect every facet of our lives. The borders of industrial revolutions are murky, comprised of breakthrough technologies with varying adoption, but it is clear each revolution has taken about half the time to run full cycle as its predecessor; from 120 years for steam, to 40 years for electronic information. Read this article, the first in a series about 4IR, by Conexxus Executive Director Gray Taylor.
Automating data exchange for common business processes creates business efficiency by eliminating time spent on paperwork and fixing errors from manually entered data. This in turn allows more time for store personnel to spend on store operation and management, as well as interaction with customers. Automation can be achieved through either NAXML or EDI specifications. This quick reference guide educates readers regarding the benefits of adoption of either NAXML or EDI at various points in the supply chain and shares success stories from Kwik Chek, PAJCO (Rhodes 101), and E-Z Stop Food Marts, Inc.
This white paper describes some of the unique challenges and requirements for payment card processing in a retail petroleum/convenience environment.
Savings, innovation and choice – standardization of service station protocols must accelerate. A white paper by the International Forecourts Standards Forum, Conexxus and Invenco Group has highlighted the urgent need for the adoption of standardized payment protocols in the petroleum forecourt retail sector. At present, the complexity of integrating new equipment, transaction systems or security protocols into existing operations is adding tens of millions of dollars to the industry’s bottom line. This is because each component has its own, often unique, ‘interface’ with the other. Rather than address the issue head-on, retailers are typically resorting to bespoke solutions, which drive up costs not only in their implementation but also in retaining the talent capable of maintaining it. In short, retailers typically select equipment and systems based on its compatibility with the existing infrastructure, rather than by its features, performance or purchase price. This limits both choice and the speed at which innovations can be adopted. These costs manifest themselves in a variety of ways, including development of the protocols, certifying the various integrations, and the ‘opportunity costs’ of having to make trade-offs between various component suppliers. While opportunity costs do not always drive visible bottom line results to a business, they do manifest as costs across the business. Delayed rollouts, frustrated customers, procurement challenges and missed functionality all result in various costs to the business. These are the elements that are difficult to measure, but certainly result in tangible impacts to the retailer organization.
X9, the US accredited standards body for the Financial Services Industry, recently adopted a standard that defines the minimum security requirements for designing and implementing a tokenization system for post-authorization payment data. X9.119 – Part 2, entitled “Retail Financial Services - Protection of Sensitive Payment Card Data: Tokenization,” was also approved by ANSI and becomes the US national standard to protect data that may disclose the identity of the cardholder (e.g., Primary Account Number, Cardholder Name, Expiration Date, Service Code), and Issuer Discretionary Data or Track data, which typically refers to the data stored on the magnetic stripe of a payment card, as well as “Equivalent Track Data” when that data is stored in IC Cards and other electronic media (e.g., a mobile wallet).