PCATS Annual Conference Reports Updates for 2011

NEW ORLEANS -- The first day of PCATS 2011 Annual Conference kicked off with a look back at the accomplishments of 2010, and the changes made when the association merged back with the National Association of Convenience and Petroleum Retailing (NACS).

"We were profitable in 2010," said Gray Taylor, PCATS executive director during the General Assembly meeting this morning. "We ended the year with $80,000 profit, a 135-percent variance to the budget, and our operating expenses were 20 percent under budget."

Now that PCATS integrated with NACS as a separate operating entity, the Technical Committee at NACS has been discontinued. The PCATS Board of Directors is now the Board of Advisors, and the new Board of Directors includes, Gray Taylor, PCATS executive director; Mike Davis, NACS staff representative; John Eichberger of NACS; Ed Collupy of The Pantry Inc.; Gabe Olives of Turkey Hill Minut Markets; Avsha Klachuk, Alon Brands; and Drew Mize, The Pinnacle Corp.

2010 Working Group Accomplishments

Last year, PCATS formed its Data Security Committee, which worked to create best practices dealing with skimming, as well as creating effective employee training, Taylor said. The committee also worked to gain approval for the industry to fill out a SEQ C form rather than a SEQ D, which equates to a savings of $1,000 per company.

PCATS also joined the Financial Services Information Sharing and Analysis Center (FS-ISAC), which is a "private group that works together on data security," Taylor explained, noting all major banks and data security vendors are members. "NACS/PCATS is the first retail organization allowed to sit at the table."

Concerning retail transactions, PCATS submitted a case to the Accredited Standards Committee X9 and if adopted will allow retailers to encrypt all cards on their network, including fleet and private cards, offering a "huge savings," said Taylor.

Several committees also released updates to standards. The Point-of-Sale/Back Office Committee released version 4.0 of its standard; Device Integration released 2.0 of the Open Site Architecture, Version 1.0 for price sign and electric safe; Version 1.0 of tank gauge and alarm was released; and BP rolled out the Electronic Payment Server specification.

Before introducing Diana Greenshaw from Visa’s Global Risk Team to speak, Taylor explained fraud remains a major issue for all retailers, as well as the banking industry. "From the banks perspective, fraud is the most important issue they face, followed by regulatory pressure," Taylor said.

Fraud losses for signature debit increased 43 percent last year and 24 percent for PIN POS debit, Gray reported, noting small retailers are the least prepared and most at risk. According to a data security study by First Data and NRF across all small retailers (less than $100,000 per year in sales), 64 percent do not believe they are at risk, and 60 percent did not know they have any liability when there is a breach involving their company.

"Fraud is on the increase and the trend is alarming," said Taylor.

Visa’s Greenshaw also spoke during the General Assembly and explained data compromises continue to occur because data criminals continue to evolve their methods. For example, merchants reduced the stored data and criminals began stealing data in-transit, she said.

"We need to have multiple layers of protection," Greenshaw explained, which includes protecting data in the systems today; preventing fraud from occurring through monitoring; and responding quickly to events that occur.

She noted Visa is moving to what it calls "Dynamic Data," where during the authentication process data elements would change throughout. "If dynamic data is captured it can’t be used," she noted. "We need to figure out how to get to an environment where cardholder data is no longer useful for criminals."