2020 is officially here. October 1, 2020, marks the date on which petroleum retailers will be held responsible for credit card fraud that takes place at fuel dispensers that are not equipped to handle EMV transactions. There are only 186 working days until the EMV liability shift and technician availability will diminish quickly.
In 2019, both of the leading retail petroleum POS platform providers, Verifone and Gilbarco, will transition from directly providing a network security solution to a certified Managed Network Service Provider (MNSP) program. This has been prompted by the network brands who have made MNSP a requirement. To maintain secure remote access for helpdesk support and software updates, both Verifone Commander and Gilbarco Passport customers must transition to a certified MNSP. Using a certified MNSP is also a key requirement for supporting outdoor EMV transactions.
As you are now aware, Verifone and Gilbarco have implemented the new Managed Network Service Provider (MNSP) certification program to help sites enable EMV at the dispenser and to provide a more secure remote support and software distribution process. This move to an MNSP program has been prompted by a requirement from the network brands. To implement MNSP configuration, sites will be required to remove the end-of-lifed Verifone EZRs and Gilbarco RVO42 zone routers to this newer, more secure technology.
On October 1, 2020, counterfeit fraud liability will shift to you, the merchant, when an EMV (chip) card is used at a fuel dispenser that only has the ability to read the card’s magnetic stripe and not the chip.
Today, this fraud is being covered by the issuing bank. On October 1, 2020, and after, issuing banks will no longer cover fraud-related costs that occur at a non-EMV compliant fuel dispenser.
What is skimming and how is data being stolen?
As you are aware, skimming is a form of payment card fraud and theft when thieves obtain unauthorized data to sell the information on the dark web, use the account to make purchases online, and create cloned credit cards that they often use to engage in stealing fuel. Thieves break into fuel dispensers using universal keys and specialty tools that can be bought online or at your local hardware store.
There are two types of skimmers:
Skimming devices are used by criminals to obtain credit card numbers and cardholder information without the customer’s knowledge. While skimming can occur at any point of sale (POS), it is most common at Automated Fuel Dispensers (AFDs). With the EMV liability shift at the forecourt just 18 months away, the window of opportunity for thieves to get this data is closing.
What is skimming?