The Payment Card Industry Security Standards Council (“PCI”) is at least one of the entities tasked with development, dissemination, and implementation of security standards for the protection of customers' financial and account information. PCI established the Payment Application Data Security Standard (“PA-DSS”) in an effort to regulate payment applications and systems that handle sensitive cardholder data, such as a customer's financial account number (including the Primary Account Number (“PAN”)), personal identification number (“PIN”), or Card Security Code or Verification Value (“CVV2”).
In order for a payment system to be deemed PA-DSS compliant, it must adhere to the requirements contained in the PA-DSS. For instance, the standard requires that any cardholder data or account information be protected. Accordingly, any device that manages or handles the information must ensure that the cardholder data is secure. Devices that comply with all of the PA-DSS requirements are considered PA-DSS compliant or “secure,” and those that do not are referred to as “unsecure.” It is typical to have both devices that are secure and devices that are unsecure within a single payment system. Unsecure devices are generally less expensive initially, as well as less expensive to maintain. In order for an entire system having both secure and unsecure devices to meet the PA-DSS, any sensitive cardholder data or account information cannot be handled by or transmitted to any unsecure device. Additionally, if sensitive cardholder data is transmitted via a network accessible to the public or susceptible to compromise, the data must be encrypted.
Payment systems have been incorporated into fueling sites in order to allow a customer to pay for the fuel dispensed using a credit or debit card. Such systems comprise various input devices, such as card readers and PIN pads, that are configured to accept account information from a customer. For instance, the customer may provide an account number by swiping a card bearing a magnetic strip through a card reader. The customer may then enter the PIN associated with the card using a PIN pad. The system communicates this information to the host system responsible for the customer's account for verification. The system encrypts the information according to the host system's encryption scheme prior to transmission.
Certain information or data may also be transmitted to the payment system's point-of-sale device (“POS”) during or after the transaction. For example, following completion of the transaction, information needed to print a customer receipt that does not contain sensitive cardholder data is transmitted to the POS. For example, the receipt may contain the last four digits of the account number with the preceding digits shown by asterisks. POS's are typically unsecure and therefore do not handle cardholder data or account information in order for the payment system to comply with the PA-DSS. In this example, the system does not encrypt the data transmitted to the POS that is needed to print the receipt because the transmitted data does not contain any sensitive cardholder data.
An example of such a payment system adapted for use in a fueling environment is described in U.S. Pat. No. 5,448,638 (“the '638 patent”), which is hereby incorporated in its entirety by reference for all purposes. The system described in the '683 patent utilizes a security module to communicate securely with the input devices at the fuel dispensers and a host system.
In certain situations, the retailer associated with the payment system requires portions of the cardholder data for reconciliation purposes. For instance, the retailer may need to credit a customer's account or manually complete a transaction that was previously declined in error, both of which require use of sensitive cardholder data.
Various techniques have been attempted in order to retrieve the desired information from the secure portion (i.e., the “secure environment”) of the payment system. For example, a printer may be installed within the secure environment in order to print reports containing the account information. This option, however, increases both the initial costs and maintenance costs associated with the system.
Another option is to attach a printer to the POS or to use the printer already attached to the POS for printing receipts. This option adds a layer of complexity since the POS would need to be relocated within the secure environment. The POS may be manufactured by a party other than the manufacturer of the secure devices, thereby making it difficult to reconfigure the POS as a secure device. Moreover, the system may not include a POS if it operates in an unattended scenario.
Alternatively, the account information may be transferred to and stored on removable storage (such as a compact disc or flash drive). Removable storage devices are unsecure by default, however, providing no security to the sensitive data they contain. Thus, extra processes and procedures are required to dictate the retention, use, and destruction of the information if stored on a removable storage device.