Thursday, January 8, 2009

Triple DES for GAS

In an effort to fight an onslaught of card  skimming at gas stations,  Visa has mandated that all new gas dispensing machines must support Triple DES effective January 1st.  For existing machines, Triple DES must be implemented into pay at the pump stations by July,  2010.

Last night, when I was on ComputerWorld's site reading about CheckFree's 5 million (or more) customers put on alert, I also noticed this article announcing Visa mandating Triple DES support on all new fuel dispensing machines.  For your convenience,

I've included a couple links, in order to familiarize anyone who's interested in learning more about
Triple Data Encryption Standard

Here's a couple paragraphs from a story by ComputerWorld's Jaikumar Vijayan...


Clock Ticking For Gas Stations to Pump Up Security
Starting Jan. 1, Visa Inc. is requiring all new fuel-dispensing machines being installed at gas stations around the U.S. to support the Triple Data Encryption Standard, a mandate that is designed to make it harder for identity thieves to steal debit card data from gas pumps by shielding the personal identification numbers (PIN) of customers.

So-called card-skimming devices placed on gas pumps have been used to compromise payment card data in the past — for example, in 2005 at stations operated by Wal-mart Stores Inc.'s Sam's Club division.  Editor's Note:  And hundreds of gas dispensers across the country since then...this blog has covered many of those stories...click here for the complete list.

Visa's new requirement calls on gas retailers to ensure that all new pumps capable of processing debit card purchases are equipped with an encrypting PIN pad, or EPP, that supports Triple DES.

Although Visa is the only credit card company mandating the use of the encryption technology now, the requirement is expected to become part of a broader specification for unattended point-of-sale systems that is being developed by the PCI Security Standards Council, which is responsible for the Payment Card Industry Data Security Standard and other data protection measures.

Gas station owners have until July 1, 2010, to ensure that all of their existing pumps are upgraded to support Triple DES.


Reblog this post [with Zemanta]

Disqus for ePayment News