Quick Stats

Quick Stats

    You are here

    How to Prevent Data Breaches

    Efforts by c-store retailers must be made on multiple fronts.

    By Brian Berk, Convenience Store News

    LAS VEGAS — Data breaches are serious business, with companies spending $6.5 million on average in the aftermath of such incidents, Kara Gunderson, POS manager for CITGO Petroleum Corp., said during the “Mitigating Card System Breaches” educational session Sunday at the 2015 NACS Show. In addition, a convenience store retailer’s reputation could be seriously damaged, something much tougher to put a price tag on.

    Preventing data breaches requires efforts on multiple fronts, but a good place to start is preventing automated fuel dispenser skimming, the most frequent form of data theft.

    “Skimming devices are more sophisticated, tougher to detect and better at stealing data,” cautioned Gunderson.

    To mitigate breaches at the fuel dispenser, she provided four pieces of advice:

    • Install tamper-proof stickers;
    • Replace standard locks on fuel dispensers;
    • Inspect fuel dispensers regularly; and
    • Add EMV (Europay, MasterCard and Visa) card readers at the dispenser.

    Protecting customer data is the ultimate goal, noted Phil Schwartz, I/S Manager, Credit Card Systems for Valero Energy Corp., the second panelist speaking during the educational session.  

    C-store retailers should make sure employees cannot freely surf all Internet sites. “White listing” (blocking) sites that can cause harm, installing a firewall, using two-factor authentication, and updating anti-virus software on a daily basis were some of the recommendations offered by the panelists. 

    Passwords must be strong and changed often as well. “Unlike diamonds, passwords are not forever,” said Schwartz, Convenience Store News’ 2015 Technology Executive of the Year. “They should be changed every 90 days.”

    He also stressed that once c-store retailers have implemented these anti-breach measures, they should conduct penetration testing to make sure the efforts are effective.

    Schwartz concluded by stressing that c-store retailers who simply have required payment card industry (PCI) compliance are not safe from breaches.

    “Compliance is required. Security should be your goal,” he said.

    By Brian Berk, Convenience Store News
    • About Brian Berk Brian Berk is managing editor of Stagnito Business Information's Convenience Store News and Convenience Store News for the Single Store Owner, where he specializes in covering motor fuels, technology and financial news. He has served the magazine industry for 14 years and has also worked in the radio and newspaper fields. Berk holds a bachelor's degree in communications from the State University of New York at Cortland and a master's degree in journalism from Quinnipiac University in Hamden, Conn.

    Related Content

    Related Content