Proud to be Powered by Vontier. Sharing a united vision that is driven by innovation. Find Out More

  1. Home
  2. Blog
  3. Cybersecurity in Fuelling Stations and Convenience Stores: Critical Insights for a Connected Future

Cybersecurity in Fuelling Stations and Convenience Stores: Critical Insights for a Connected Future

forecourt
11 Dec

Cybersecurity in Fuelling Stations and Convenience Stores: Critical Insights for a Connected Future

By Gilbarco Veeder-Root

As fuelling stations and convenience stores move towards ever more sophisticated, technology-driven environments, cybersecurity is a critical business imperative at the forefront of that evolution. The integration of connected devices, IoT, and smart payment systems has transformed these sites but also introduced new vulnerabilities. 

Drawing from a recent talk by cybersecurity experts Mark Schwarz and Michel Hinfelaar at October’s European Retail Technology Conference in London, here are three of the biggest takeaways from their plenary talk focusing on how convenience retailers can protect their operations, customers and reputation. 

The Growing Complexity of Connected Forecourts and the IoT Challenge 

Modern stations are no longer just fuel pumps and in-store payment; they are complex ecosystems with operational technology (OT) like Automated Tank Gauges (ATG), smart dispensers and EV chargers, and IoT devices collecting telemetry data, connected through IP networks. Michel emphasized the natural separation that once existed between OT and IT (information technology) systems is rapidly eroding as everything becomes interconnected via APIs and internet protocols. 

Key risks in this area include: 

  • Legacy systems connected without proper IT oversight, leading to inadvertent exposure of sensitive infrastructure. 
  • Integration of third-party applications that may not follow secure network practices, potentially opening backdoors into payment networks. 
  • The difficulty of securing real-time operational systems that must remain efficient and available while being protected from cyber threats. 

This complexity demands a holistic approach to cybersecurity that includes network segmentation, rigorous vendor management, and continuous risk assessment to keep pace with evolving technologies.  

Best Practices in Cybersecurity: Passwords, Patch Management, Monitoring and Encryption 

Mark highlighted several foundational cybersecurity best practices that are often overlooked but remain critical: 

  • Password Husbandry: Default passwords on ATG and smart pump systems remain a common vulnerability. Changing default credentials regularly and using strong, sophisticated passwords combined with multi-factor authentication is essential. 
  • Patch Management: Applying security patches promptly can prevent exploitation of known vulnerabilities. Many breaches occur due to delays or failure to deploy patches. 
  • Continuous Monitoring: Deploying monitoring technologies that provide real-time visibility into network anomalies enables early detection of threats before attackers can cause damage or enter systems and remain dormant for months before acting. 

  • Encryption: Especially with the looming rise of quantum computing, encryption must evolve to remain robust. Additionally, maintaining secure offline backups is vital for recovery in case of ransomware or other cyber incidents.  

Collaboration, Training, and Preparedness: The Human Factor, training and Incident Response 

Cybersecurity is not solely a technical issue—it requires cross-functional collaboration and ongoing training. Michel and Mark stressed the importance of involving all stakeholders, including vendors, IT teams, site staff, leadership, and even external experts. 

  • Vendor Management: Contracts should clearly define cybersecurity responsibilities, SLAs for patching and incident response, and require vendors to demonstrate their security capabilities. 
  • Employee Awareness: Staff working at stations, including part-time and temporary workers, must be trained to recognize physical tampering and cyber risks, such as skimming devices on pumps or chargers or suspicious network activity. 
  • Incident Drills and Playbooks: Organizations should conduct regular cybersecurity drills to ensure quick and effective responses to incidents. Having intuitive, well-practiced procedures minimizes damage and operational disruption. 
  • Cross-Department Collaboration: For emerging technologies like hydrogen fuelling, involving refinery security and compliance experts early in the design and deployment phase helps address unique risks. 

The cyber risks facing fuelling stations and convenience stores are growing in scale and complexity as these sites become increasingly connected and digital. However, by implementing strong password policies, patch management, continuous monitoring, rigorous vendor oversight, and comprehensive staff training, operators can significantly reduce their exposure. 

Ultimately, cybersecurity must be embedded into the culture and design of forecourt operations—not just an IT checkbox. Collaboration across technical, operational, and leadership teams is essential to safeguard critical infrastructure, protect customers, and support the energy transition towards new fuels and services.