Security And Standards

PCATS Annual Conference revealed progress on standards in the c-store industry, visa's take on the future of data security and a new board of directors

Since the announcement that The Petroleum and Convenience Alliance for Technology Standards (PCATS) would integrate with the National Association of Convenience and Petroleum Retailing (NACS) as a separate entity late last year, changes including a new board of directors and the end of the NACS Technical Committee have been put into place and the organization is making money.

"We were profitable in 2010," said Gray Taylor, PCATS executive director during the General Assembly meeting. "We ended the year with a $80,000 profit, a 135-percent variance to the budget, and our operating expenses were 20 percent under budget."

The Technical Committee at NACS has been discontinued, and what was known as the PCATS Board of Directors is now the Board of Advisors.

"With the integration with NACS, PCATS is now the technical resource of the industry," said Gray Taylor, PCATS Executive Director.

2010 WORKING GROUP ACCOMPLISHMENTS

Last year, PCATS formed its Data Security Committee, which worked to create best practices dealing with skimming, as well as creating effective employee training, Taylor said. The committee also worked to gain approval for the industry to fill out a SEQ C form rather than a SEQ D, which equates to a savings of $1,000 per company.

PCATS also joined the Financial Services Information Sharing and Analysis Center (FS-ISAC), which is a "private group that works together on data security," Taylor explained, noting all major banks and data security vendors are members. "NACS/ PCATS is the first retail organization allowed to sit at the table."

Concerning retail transactions, PCATS submitted a case to the Accredited Standards Committee X9 and if adopted will allow retailers to encrypt all cards their network, including fleet and private cards, offering a "huge savings," said Taylor.

Several committees also released updates to standards. The Point-of-Sale/ Back Office Committee released version 4.0 of its standard; Device Integration released 2.0 of the Open Site Architecture, Version 1.0 for price sign and electric safe; Version 1.0 of tank gauge and alarm was released; and BP rolled out the Electronic Payment Server specification.

Before introducing Diana Greenshaw from Visa's Global Risk Team, Taylor explained fraud remains a major issue for all retailers, as well as the banking industry. "From the banks perspective, fraud is the most important issue they face, followed by regulatory pressure," Taylor said.

Fraud losses for signature debit increased 43 percent last year and 24 percent for PIN POS debit, Gray reported, noting small retailers are the least prepared and most at risk. According to a data security study by First Data and NRF across all small retailers (less than $100,000 per year in sales), 64 percent do not believe they are at risk, and 60 percent did not know they have any liability when there is a breach involving their company.

Greenshaw also spoke during the General Assembly and explained data compromises continue to occur because data criminals continue to evolve their methods. For example, merchants reduced the stored data and criminals began stealing data in-transit, she said.

"We need to have multiple layers of protection," Greenshaw explained, which includes protecting data in the systems today; preventing fraud from occurring through monitoring; and responding quickly to events that occur.