Within any organization, there exists a business need to access data for analysis, record-keeping, and interoperability. As the complexity of dealing with securing access to sensitive business systems increases, so does the scrutiny on organizations, both based on internal security policies and by external regulatory bodies.
The goal of this document is to take the key concepts of moving non-sensitive business data in and out of sensitive areas, and provide high-level guidance that addresses many of the elements needed to protect these environments from added risk.
This white paper is intended to provide clarity and guidance on determining the responsibilities for a merchant’s compliance with Payment Card Industry Data Security Standard (“PCI DSS”). This compliance guidance outlines common merchant roles within the convenience and fuel retail industry, and addresses how an entity’s PCI DSS compliance responsibilities may be affected by services provided by other entities, including major oil companies and third-party service providers (TPSP).
The goal of the NACS/Conexxus WeCare© Data Security Program is to define a risk reduction program for small operators that is easy to implement and achieves a base level of data security without incurring significant costs. Here you can find resources and information to help you.This document describes the WeCare© Program, discusses common data security threats, outlines a 9-point plan to improve data security, and provides the reader with additional resources for risk reduction.
This Conexxus white paper is written to help educate and inform the retail petroleum industry store operator/small merchant about cybersecurity issues and to help raise awareness about the importance of these issues. It discusses the impact of cyber attacks and the responsibilities of the store operator for the security and compliance of store computing systems, networks, and data with applicable industry standards.
The protection of payment card data is of critical importance to . If payment card data were disclosed to unauthorized individuals, could face fines due to compliance violations as well as suffer a serious loss of reputation. In recognition of this risk, this policy defines requirements for the protection of payment card data. All employees and contractors are responsible for abiding by this policy. [PCI DSS Requirement 12.4] Failure to comply with this policy is subject to Company disciplinary action.
This guide was developed by the Conexxus Data Security Committee. It is intended to provide informed suggestions to the convenience retailer on how to enhance the payment card security of unattended payment
terminals at fuel dispensers. Fuel dispensers can be an attractive target to thieves who are becoming more sophisticated and aggressive when it comes to stealing credit and debit card information.
Mobile application designed to work in conjunction with WeCare decals to help with detection of potential unauthorized access.
Conexxus and the National ATM Council have jointly developed a guide focused on preventing and detecting ATM skimming in a convenience store environment. Skimming is the theft of credit/debit card information by a device placed in, on, or around an ATM. These devices allow criminals to secretly record credit/debit card information (from the magnetic stripe) - for later use in fraudulently producing counterfeit cards. ATM skimming also includes capturing customer PINs associated with the cards using a hidden micro camera that records the PIN digits. Keypad overlays and “shoulder surfing” are other methods. Download the document to read more on why skimming is a threat, what you can do to maintain a safe environment, protective steps you should take, ways to educate your customer, and what to do if you find a skimming device.
Infographic showing where skimming occurs.
Additional data security white papers are available for Conexxus members under the member resources page.