Focus 2016: Measured in Seconds

Recently, Intel Security hosted its annual flagship security conference “Focus” in Las Vegas.  The tone of the conference was set by Sr. Vice President of Intel Security and keynote speaker Chris Young.  With Intel Security set to spin off its security unit, attention was sharply focused on the soon to be CEO of the second coming of McAfee.  It was a packed house with many in the crowd surely anticipating Young’s keynote address and interview of special guest: actor and tech savvy investor Ashton Kutcher.

Over the course of Young’s nearly two-hour keynote address, time was not measured in minutes but seconds.  The second coming of McAfee and the unveiling of the new McAfee logo may have taken center stage, but it was Young’s focus on his contributions to a recently published book entitled “The Second Economy: The Race for Trust, Treasure and Time in the Cybersecurity War” that set the theme for the 4-day conference.

“The second economy is more trust-related and as we move from a physical to a virtual economy, the trust factor and our ability to deliver a real cyber security capability will be more important because we are moving into a world where computing is a pervasive element of how we live our lives,” Young said.

One of the biggest challenges in the second economy was elaborated on by Ashton Kutcher during his interview with Young in the later part of the keynote address.  According to Kutcher, the second economy “is a new country, a new world and we don’t know what the rules are yet. We are never going to be able to lock all the [virtual] doors, so we need to know the extent to which we can trust our neighbors.”

Emerging threats in the second economy are more sophisticated and constantly evolving.  Just a few years back, an organization’s focus was thwarting Advanced Persistent Threats which typically target a company’s data store of Payment and Personally Identifiable Information (PII).  The threat landscape has evolved and the actors are no longer just individuals and groups, but nation-states intent on covertly shaping sociopolitical landscapes and governance of other nations by participating in nefarious cyber activity.

Kutcher went on to point out the need for a “global doctrine for cybersecurity, something that sets out a basic handshake agreement and the sanctions for breaching the agreed rules. We need to write this doctrine so it represents the rules we want. If not, it will be written by idiots.”  He went on to suggest “You don’t want it to be written by people who don’t even understand how the internet works,” to the amusement of much of the audience.

For more on the Second Economy and the book click on the following link:  http://www.mcafee.com/us/second-economy/index.html


EMV: Stalled at the Pump

The convenience and fuel retailing industry is buzzing about the announcements from VISA, Mastercard, and American Express that they will delay most of the liability shift for automated fuel dispenser (AFD EMV chip card transactions by 3 years. Convenience store operators and gasoline retailers were preparing to meet the October 1, 2017 deadline, and were surprised by the announcement of the new October 1, 2020 date.

The retail industry faced the first EMV liability shift over one year ago for non-ATM and non-AFD transactions and many merchants still have not been able to deploy EMV to all of their stores. In particular, the convenience/petro and restaurant industries are lagging behind many other retailers due to their special processing requirements and technology suppliers. With that reality and listening to stakeholders about what it will take to implement EMV on the forecourt, the card brands have recognized the challenges with EMV AFD solution readiness.

Why Extend the Date?

Amongst these challenges and concerns about the 2017 date have been:

  • The readiness of Point of Sale (POS) and Payment software – most POS providers are still developing EMV versions
  • EMV AFD hardware – solution providers have suggested a multi-step implementation process; installing hardware ahead of software that will enable the acceptance of chip cards
  • Testing and certification efforts – the additional certifications required and the experiences learned from the EMV inside efforts have highlighted the need to focus additional investment on testing to ensure quality deliverables and a consistent consumer experience.
  • Finite pool of installers – qualified and certified technicians are needed to do the actual at-the-pump installations and some estimates point to 4.5 million man-hours to install retrofits and pumps.

The extension acknowledges these challenges while at the same time encourages retailers to move forward with the implementation of chip technologies to combat counterfeit fraud.  VISA has said it will keep an eye on AFD fraud trends, which currently are on the low end of the risk scale, but were not as clear to what will occur with merchants who experience higher fraud during the 3 year period.

Benefits to Stakeholders

 

For all the stakeholders involved, moving the date out to 2020 has benefits. The convenience/petro community can now prioritize and focus on EMV implementation inside the store – the shift in indoor liability is costing merchants real dollars in chargebacks that they previously were not seeing. Completing indoor EMV, including all of the testing and deployment processes, will also give retailers time to figure out how the more complex EMV ecosystem will impact support processes. The extension will also allow a more comprehensive investment strategy, including how to integrate outdoor EMV efforts with other payment, loyalty, and mobile initiatives.

With the new liability shift date, retailers should not put off starting EMV AFD planning. Beginning projects earlier will allow solutions to be fully tested ahead of the timeline, which should allow retailers to deploy at a more reasonable pace/funding schedule. Also, dispensers and terminals will need to be replaced over the next three years, and retailers should have a technology strategy that avoids the need to upgrade the dispenser twice.  If most retailers delay their outdoor implementation, the mad rush and massive resource conflicts just move further down the timeline.

Implementing chip card acceptance sooner rather than later will reduce counterfeit fraud at the pump even before the liability shift.  Based on experience from where EMV has been implemented around the world, predictions have been made that the US will see similar card fraud decreases. Delaying the start of EMV outdoor projects will open the door for criminals who will view unattended non-EMV AFDs as an easy target.

Don’t forget the fueling customer in all of this! If consumer behavior patterns in the US follow those in other markets that have already migrated to EMV, consumers will become more comfortable with chip cards as the wide-spread use of chip cards increases at other retail locations.  A security conscious segment of customers will emerge expecting a less risky way to pay. Most major card issuing banks have already issued chip cards and major grocers and retailers accept chip cards. Thus customers have already been trained and will increasingly expect chip card acceptance.

Opportunities Await

This decision by the card brands, providing an added 3-year window of time, raises both opportunities and new questions that convenience/petro retailers should consider as they refine plans for AFD EMV implementations including:

  • What will the POS providers approach be with software releases? Will they now look to include and deliver more feature/functions that have been deferred and their customers have been looking for?
  • What additional changes will occur during the next 3 years with dispenser technology (including the entire dispenser unit) and on the compliance/regulatory front that might require updates down the road – solution and service provider roadmaps need to be transparent and solid.
  • Fuel pumps will continue to age and will be further depreciated as 2020 approaches. The timing of full AFD replacements will be on retailer’s minds as they will be making decisions to upgrade or replace.
  • Will there be added financial incentives to begin purchases and implementation now versus later and what will happen to costs of equipment/software/services over the next few years?
  • What is the position of the major fuel brands regarding outdoor EMV over the next three years? If you upgrade dispensers early, will their systems be ready?
  • How will this decision impact other related security initiatives; e.g. Point to Point Encryption (P2PE)? Does this create an opportunity for P2PE to be implemented at the same time as AFD EMV?

This announcement gives retailers much needed breathing space, but they need to keep moving forward.  Retailers now have time to make better investment timing decisions, and develop a more comprehensive strategy for their outdoor dispenser upgrades. Just like an automobile stalled on the side of the road, pushing back the liability shift related to EMV implementation at the fueling dispenser is just a temporary state. There’s still an opportunity and several motivations to get a jump start and keep moving ahead.


Thankful For…

The following is re-posted from Convenience Store Decisions and features commentary from W. Capra executive consultant, Ed Collupy.

Thankful For….

Technology in the CStore/Petro industry…

Handheld devices, connected wirelessly for computer assisted ordering

Applicant tracking systems for the many new people looking to join the industry workforce

Networking solutions to keep data moving to and from stores systems

Kitchen Monitor Systems for the growing made-to-order foodservice category

Scanning data that helps identify what’s selling and with what other items

Gasoline and other fuel types’ delivery, management and compliance systems

Inventory Management controls through Point of Sale and Back-Office system integration

Video monitoring to keep customers and employees safe

Incentives delivered to customers through Loyalty and other promotional programs

New digital technologies that keep improving the customer experience

Giving back to the community with Point of Sale roundup and other fundraising campaigns

 

Reach out to Ed Collupy for more information.