payment card with digital wires

Understanding the Role of Hardware Security Modules in Fleet Cards

Fleet cards are a special type of payment card. These cards are given by a company to their employees; for example, truck drivers delivering the company’s goods to where they will be sold. The cards are used to pay for vehicle expenses, such as fuel for pay-at-the-pump transactions and for repairs and maintenance that are incurred during the course of business.

Oil brands may also provide fleet cards such as Shell, Chevron, ExxonMobil, as well as by dedicated companies that issue these cards, such as Edenred, WEX Inc., etc. The oil companies often use the term “fuel cards” when referring to fleet cards.

Normally, there is no requirement for PCI-DSS compliance with this type of payment card. However, this poses a risk to business. Compliance helps keep the cards’ financial transactions secure, especially with the increase in counterfeit frauds. Here we will explain how fleet cards/fuel cards work and the role that hardware security modules can play in providing more secure features for these cards under PCI-DSS compliance.

Why Businesses Like Using Fleet Cards

The core feature of every fleet card is that it can be used to “pay at the pump.” There are several advantages to issuing fleet cards to drivers, including:

  • The driver does not need to carry cash for fuel that could be lost or stolen.
  • The fleet card does not provide the features of a typical credit card; therefore, if lost or stolen, it cannot be used for purchases made at a department store, for instance.
  • Because the card has focused functionality by being linked to fuel and vehicle expenses, it is easier to distribute cards to drivers who might not qualify for a company credit card.
  • Administration and business processes are less complicated as companies receive the invoice and statement for their fleet cards each month providing detailed usage descriptions.
  • Companies can monitor their vehicle expenses and maintain their budgets.
  • Charges are typically interest free, but the company is required to review its balance in full each month.

PCI-DSS is not required for fleet cards issued by a business or oil company because they are not members of a card payment network like Visa or Mastercard. Instead, non-credit/debit fuel cards work within a private loop where no PCI norms apply, and implementations and specifications can vary.

Lack of PCI-DSS Compliance is a Risk to Business, But HSMs Can Help

Requirement 4 of the PCI-DSS standard requires the safe transmission of cardholder data across open networks. Protocols for encryption and authentication must be sophisticated and configured to prevent unauthorized access by third parties and hackers, which is also a feature of using a hardware security module for overseeing the use of fleet cards. Keys for both encryption and authentication can be securely stored within an HSM.

Yet although not required by standards or regulations, integrating PCI-DSS compliance by introducing hardware security modules is beneficial to keeping transaction data safe when using fleet cards. But there is also another benefit to consider in that fleet cards can now provide more flexibility to its users. Cards can be securely used for business-related expenses that may be incurred other than at the fuel pump.

While fleet cards cannot be used everywhere at this time, there is still a risk for fraud. PCI-DSS compliance helps fight fraud at the pump by maintaining certain standards for payment security during fuel purchases.

For example, requirement three of PCI-DSS mandates that stored cardholder data must be protected at all times. Encryption is considered one of the best methods for doing that. But it also requires that organizations that deal with clients’ funds should also protect the encryption keys that are used to encrypt that data to prevent misuse and unauthorized disclosure. Keeping encryption keys protected is one of the main reasons for using a hardware security module.

Productos relacionados

Productos relacionados

To find more press releases related with below topics, click on one of the keywords:

¿En qué podemos ayudarle?

Hable con uno de nuestros especialistas y descubra cómo Utimaco puede ayudarle hoy mismo.
Ha seleccionado dos tipos diferentes de Download, por lo que necesita presentar formularios diferentes que puede seleccionar a través de las dos pestañas.

Su(s) solicitud(es) de Download:

    Al enviar el siguiente formulario, recibirá enlaces a las descargas seleccionadas.

    Su(s) solicitud(es) de Download:

      Para este tipo de documentos, es necesario verificar su dirección de correo electrónico. Recibirá los enlaces a las Download seleccionadas por correo electrónico después de enviar el siguiente formulario.

      Descargas de Utimaco

      Visite nuestra sección de descargas y seleccione recursos como folletos, fichas técnicas, libros blancos y mucho más. Puede ver y guardar casi todos ellos directamente (pulsando el botón de descarga).

      Para algunos documentos, es necesario verificar su dirección de correo electrónico. El botón contiene un icono de correo electrónico.

      Download via e-mail

      Al hacer clic en dicho botón se abre un formulario en línea que le rogamos rellene y envíe. Puede recopilar varias descargas de este tipo y recibir los enlaces por correo electrónico simplemente enviando un formulario para todas ellas. Su colección actual está vacía.