Hughes

The Outdoor EMV C-store Cybersecurity Gap

Share
EMV
false
gas_pump_credit_card_payment

In less than a couple of months, C-store operators who have not upgraded their fuel dispensers to accept EMV chip transactions will be held liable for fraudulent credit card transactions. In the convenience store industry, this Outdoor EMV liability shift rightly receives the lion’s share of market attention. However, Outdoor EMV upgrades alone are not enough to protect the store from cybersecurity threats.

The outdoor EMV upgrades only protect the operator from counterfeit credit card transactions that occur at the dispenser. While secure credit card transactions are essential, convenience store operators must also manage store and fuel inventories, schedule employees, run sales reports, and much more. These critical activities occur on the C-store operator’s back-office machine, which has become a primary target for cybercriminals. Consider a ransomware attack, where an operator loses access to their back-office systems until they pay a ransom of hundreds of thousands of dollars! How many days could you maintain your business without your back-office functions?  Upgrading a dispenser with a new swiper to support EMV chip transactions does nothing to protect the back-office from cyber-attacks.

When it comes to cybersecurity, all of the store’s essential systems need to be protected. To succeed in today’s market, you must protect your store against common cybersecurity threats and maintain the ability to support critical business functions. 

The leading Point of Sale providers for the C-store industry require operators to use a certified Managed Network Service Provider (MNSP) as part of their Outdoor EMV solution. MNSPs provide managed security services to help operators meet PCI compliance—a standard credit card processor requirement. Failure to meet PCI compliance results in penalty fees that are, in some cases, more expensive than the MNSP fees! Not only are operators failing to protect their businesses from significant cyber threats, but they are also wasting precious financial resources on meaningless fees. In many cases, operators are unaware of the situation because these fees show up as a single line item in a monthly bill that is dozens of pages long.

For operators, who do not have dedicated IT staff, MNSPs can improve their cybersecurity posture with a portfolio of cybersecurity services, including Security Information and Event Management (SIEM), Managed Detection and Response (MDR), and Endpoint Detection and Response (EDR).

While a significant portion of the C-store market is still waiting to upgrade their dispensers to support EMV chip transactions for various reasons, operators should engage with MNSPs now to protect their business from ongoing cybersecurity threats.