MAPCO Incident Highlights the Risks Faced by All Convenience Stores

August 13, 2013, Chris Lietz, Vice President, Marketing & Channels

On May 6, 2013, convenience store operator MAPCO Express, Inc. did a responsible thing – they issued a press release that shared important information about a data security incident that was discovered at their stores. Such notices ---along with a whole lot of behind-the-scenes investigative work – are standard operating procedure when incidents are discovered.

Unfortunately, it appears that MAPCO’s announcement triggered a second wave of attacks – this time, from parties that are filing lawsuits related to the incident.  At Coalfire, we are disturbed by this development, and we hope that the claimants don’t prevail.  There are already processes in place to take care of cardholders; fraudulent charges will be reversed, new cards will be issued and consumers will be compensated for the inconvenience.  Isn’t that costly enough for MAPCO?

In this post, NACS, the Association of Convenience & Fuel Retailing, comes to MAPCO’s defense and goes a step further – they are asserting that credit cards are inherently risky and that fault lies in the credit card system itself. 

That discussion will continue on Capitol Hill and throughout the payments industry for years to come. In the meantime, convenience store operators (and all merchants, for that matter) should do everything possible to get compliant with the PCI DSS.  If you are looking for a place to start, we have a suggestion:  our “Roadmap for C-store PCI Compliance”.  In this document we summarize the top four challenges faced by convenience store operators and also the first five things each of them should do on the road to compliance.

Chris Lietz


Chris Lietz — Vice President, Marketing & Channels

Recent Posts

Post Topics