Welcome to Gilbarco’s Payment Security Blogsite
The purpose of this site is to provide information surrounding mandates around PCI compliance. So please, take a look around, give us input, and we’ll make sure we address your questions.
MORE FROM THIS EXPERT
- Preparing your company and customers for PCI Compliance
- Interlink Merchants Must Use TDES at the POS by July 2010
- PCI & Payment Security webinar wrap-up
- VISA - Congressional Hearing Presentation
COMMENT POLICY
-
Before you comment, please read our comment policy.
Subscribe to this author
What is the basic information around getting PCI compliant at the pump?
Site was launched this week at NACS Tech, where petroleum retailers attended three education tracks on PCI. The content that was reviewed covered PCI 101 (basics), Acheiving PCI Compliance? (process to comply), Above and beyond compliance (retailers perspective on meeting compliance).
Experts from this site participated and lead all three of these sessions, and can answer your questions about PCI. Post a question and get a respoonse from one of our industry experts on PCI compliance.
The basics for PCI mandates focus on debit transactions only. The new requirements state that a ceritified PCI Encrypting PIN Pad (EPP) should be installed on any new dispenser deployments after Jan 1, 2009, and all existing pumps need an EPP retrofit by July 1, 2010.
According to Visa and PCI, there is no mandate for full CRIND replacement or security. It is a PIN Pad replacement only…
Retailers are evaluating the enhanced security products that protect the card data as well with this change. Be sure to find a card reader product that protects using encryption and physical security.
Does PCI compliance at the CRIND apply to debit transactions ONLY or both debit and credit transactions?
Butch: PCI compliance at the CRIND only applies to debit. The PCI requirement is to replace your current membrane PIN Pad with a certified PCI EPP (encrypting pin pad). This PIN Pad must be protected physically from breach and capable of communication in TDES encryption.
There are future mandates called PCI UPT (unattended payment terminal), which should be approved this year. This regulation only applies to new dispensers, and requires no retrofits into existing dispensers. If this regulation is approved as written today, it will require PIN Pads, Secure Card Readers, and Secure screen prompting in new dispensers. This is not approved, and only applies to new dispenser purchases.
I stumbled upon a site that was told by one of our competitors that they are required to get EPP done to their existing dispensers; but because the site has Gilbarco B78 and B7C dispensers, they were told the EPP would not work with this type of dispenser, so the site would have to purchase brand new dispensers in the next year with the UPT. This is very costly for the site. Is it true that the EPP won’t work with the B78 and B7C dispensers?
Gilbarco is offering an EPP solution for 1991 Advantage dispensers and eariler. This includes kits for Eclipse, Advantage, Encore 300, Encore 500, Encore 500s.
Dispensers that were made prior to this year, we recommend the FlexPay CRIND product or a new PCI compliant dispenser purchase. These products can be found on the Gilbarco corporate website at http://www.gilbarco.com, or you can contact your local Gilbarco representative or distributor.
If you are not taking debit at the pump do the card readers need to be update to meet pci compliance.
Does wright express and the cards that require a pin mean the card readers needs to be updated.