addressing schemes, zone routers, managed switches,
;rewall routing schema, router policy management,
AOC’s (attestations of compliance), PCI;DSS compliance, TLS encryption, etc.
• Physical. Device placement in stores, secure cage
development areas for sensitive information, device
shipment tracking, secure cryptographic device for
P2PE enablement, etc.
• Policies and procedures. Quali;ed Integrators and
Reseller (QIR)-certi;ed installers, Quali;ed Security
Assessor (QSA)-certi;ed auditors, access control lists,
user administration policies.
Dover Fueling Solutions integrates security in all of its
products including dispensers, POS systems, cloud-based
data analytics, media delivery services, forecourt controllers
(i.e., “internet of things” gateways), automated tank gauges,
sensors, outdoor payment systems, PIN pads, wired and wireless networks, wetstock management and ;eet management.
“Security at a gas station” translates to a complex web.
Educate yourself, and choose your partners wisely.
Rajeev Kumar is director of system solutions at Wayne
Fueling Systems. Reach him at firstname.lastname@example.org.
THE NEXT FRONTIER OF SECURIT Y
IN RETAIL PETROLEUM
By Thomas Park
What happens at the collision of the traditional
fueling and C-store operation and the freight train of the
internet of things and cloud computing?
• Devices. Compliance with the latest hardware security standards, such as PCI PTS, P2PE-enabled PIN pads, EMV L1/L2
certi;cations, PCI PA-DSS.
• Software applications. Segregation of payment and nonpayment data inside all software, white listing, virus protection,
passwords, operating system security patches, backup systems.
• Computer hardware. Dispenser door security mechanisms,
hardware intrusion detection, hardware redundancy.
• Network. Managed ;rewall services, internet protocol
Figure 2: New Countermeasures, Best Practices
Mutual Authentication Both sides trust who they are talking to.
PKI Certificate Swaps Both sides exchange protected information that is used to build a secure pipe.
TLS 1. 2 Build a secure pipe through which information can be securely passed.
and Software Update
Renew certificates frequently in case somone figures out the
protected information. Enable S W update to maintain latest versions.