Debit Purchases at Pump Only Allowed with a PIN

I would venture a guess as to the reason why that is true is because they are "unmanned" and PIN debit provides more security. (and lower Interchange Fees)

If in fact that is the reason, then what legitimate argument can there be for not using PIN Debit "exclusively" for online shopping? You know, the same way you are allowed to withdraw "cash" in real time at an ATM machine. By swiping your card and entering your PIN. The same way you do it at the gas pump and the same way you would do it at any other "unmanned" (merchant not present) location, be it kiosks, car washes, etc. It makes sense to me. You?

Excerpts from the August issue of CSP Magaziine:

Debit purchases at the pump are allowed only with a PIN

PIN debit transactions increased 12.5% from 2006 to 2007, according to the 2008 Study of Consumer Payment Preferences conducted by Hitachi Consulting, the Dallas-based consulting arm of the Japanese firm Hitachi Ltd.

They surpassed the number of U.S. credit card transactions in 2006. Of consumers who prefer PIN debit, 51% listed security as the reason for their preference, Hitachi Consulting reported.

And if a significant number of gas stations forgo the upgrade, customers who have only debit cards, or prefer them over credit cards, would find themselves increasingly forced to go inside the store to pay.

"It would of course be tremendously inconvenient for many consumers who routinely pay for gas with debit [cards]," Judy Dugan, research director and energy expert at Consumer Watchdog, told the paper. "It's an issue that ought to be solvable because you don't want consumers having to put more debt onto credit cards."

She said she thinks either the credit-card companies or the major oil brands should help small-station owners pay for the upgrade or work out a schedule to pay over time. "It's unfair for the people at the bottom of the chain the way it's structured now, which is the consumer and the small-station owner," Dugan said.

Costs to upgrade will depend on how old the equipment is, Ann Hines, executive vice president of the Arkansas Oil Marketers Association, told the Democrat Gazette. She said she does not fault the card companies for their objective—trying to stop fraud—but said most Arkansas gas station operators are alarmed at the cost. "I think the credit-card companies who are making so much money should be able to help retailers with this process," she said.

According to a survey by the National Association of Convenience Stores (NACS), credit-card costs to the industry totaled $7.6 billion in 2007, the latest year for which figures are available.

"One of our biggest expenses is taking credit cards to start with," Gibson said, citing numerous fees. "The credit-card companies make more money on gasoline than most of my operators."

Gibson and his operators plan to do surveys to see if customers at his locations prefer to use PIN debit. Siddique said his margins are already suffering because of fees levied on customers' PIN debit transactions.

The new security rules originate from an effort to coordinate security standards across the payment card industry, making it easier for retailers to avoid breaches, said the report.

The Payment Card Industry Data Security Council was formed in 2006 by American Express, Discover, Visa, MasterCard and JCB (a Japanese credit-card brand) to develop practices for securing cardholder information, said Troy Leach, technical director at the council. The council issued its latest version of its standard in October 2008; however, the council only makes recommendations. Each credit-card brand can choose which standards to enforce, can set its own deadlines for enforcement and can create other security standards above the council's requirements.

The resulting web of standards is confusing for many retailers. "It is extremely frustrating," Jeff Lenard, vice president of communications for NACS, told the paper. "The rules are complex, and the clock is ticking."

Leach said the system helps retailers because they know that if they buy software from approved developers and buy equipment from approved manufacturers, they will be compliant. Still, the cost of new software and equipment must be shouldered by retailers, who risk huge fines and having their ability to accept plastic taken away if their security is breached.

Gray Taylor, payment consultant for NACS, said the council's standards do not allow small businesses the flexibility to pursue more creative and potentially more effective methods of protecting their consumers. He said the council's standards emphasize security—not letting a hacker access information—more than encryption—rendering data useless so it will not matter if a thief hacks in.

"We can comply with everything [card companies] tell us to do, and it's going to raise the prices [consumers] pay at retail, and they're not going to be more secure," he told the paper.

Watch for coverage on how retailers are weighing debit at the pump against PCI costs in the August issue of CSP magazine.

Related articles

• Debit Surpasses Credit for the1st Time in Visa History (Volume & Transactions) (pindebit.blogspot.com)


• ISR News: PCI DSS verses Cybercrime (information-security-resources.com)


• HomeATM at FinovateStartup09 Tomorrow (pindebit.blogspot.com)


• Merchants On "Warpath" Against Interchange (pindebit.blogspot.com)


• PCI Compliance FAQ (pindebit.blogspot.com)