Credit card payment systems are under careful scrutiny for compliance with security measures that include protection of a consumer's credit card data. A series of requirements have been provided by the major credit card issuers (Visa, MasterCard and American Express) to retailers who want to accept cards for payment. Said retailers have in turn contacted their systems providers to request compliance in all retail systems with the guidelines known as Payment Applications Best Practices for Payment Card Industry or PABP for PCI. Components of the PABP requirements relate to the storage of credit card information and/or the security of computer networks that would grant access to said stored information, but the PABP does not address the security of credit card information as it is being transmitted between computers or devices on private (i.e., not public traffic) networks.
Stored credit card information is a likely target for those who would commit fraud, so eliminating places where information is stored and stopping access to those places are both means of fraud deterrence and prevention. However, fraudsters will likely turn to the practice of seeking credit card information as it is being transmitted from devices to computers or between computers as a means of accessing credit card information.
For communication between computers and nearby devices such as credit card readers attached to point-of-sale devices, the transmission of information can be physically secured by placing all cables and connections inside enclosures that are under supervision and cannot be tampered. A vulnerable situation arises at pay-at-pump devices, however. The existing deployed devices in many fuel pumps are not generally modern computers capable of encrypting protocols, and the connections between these devices and the nearest computers are made via long cables reaching from the consumer fueling point to the in-store point-of-sale system, for example. From the time that a card is read by a pay-at-pump device until it reaches an in-store device for processing, the card number is often transmitted in clear-text over slow and unsecured data links. While modern fuel pumps that may enable more secure transmission of this data are available, their deployment is both costly and time consuming.
A party that is intent on capturing consumer information coming from a fuel pump device currently has several options due to the numerous unsecured connections that exist at gas stations or other retail locations. For example, a fraudster could tamper with the fuel pump, gain entry into the fuel pump housing, and insert a simple recording device. The fraudster could also access the communications line at any point between the fuel pump and the in-store device, such as by gaining access to often unsupervised back-room areas where pay-at-pump wiring conduits enter the retail store.
Therefore, there is a need in the art for systems, methods, and computer program products to secure communications between fuel pump devices themselves and between fuel pump devices and remote devices such as point of sale terminals and site controllers. There is similarly a need for devices which transparently secure communication between such devices, such that existing fuel pump devices can be retrofitted instead of replaced.