For the everyday consumer being on the internet is relatively simple, anyone can start a blog on Medium or Blogger, signing up for Facebook or Twitter takes seconds. There are a lot of upsides to the internet: speed, efficiency and connections to name a few. While it’s true being online is easy for the casual user, for businesses the internet is more complicated. At AAT Live, it is our goal to capture that ease of use while meeting the business requirements of our customers.
At the center of any business’s internet plan is security and ensuring the business nor its customers are not exposed to unnecessary risk. The risks vary wildly from being embarrassed by goofy photos to industrial espionage, the later leading to financial losses and damage to reputation. At AAT Live, we sell a product that leverages the internet to provide service. As such, protecting our reputation and that of our customers is quite literally what keeps us up at night.
It’s because we stay up at night worrying that our customers don’t have to. From our perspective, it is our responsibility, and duty, to ensure our customers can use our product without increasing their risk. The AAT Live team keeps security at the forefront of our minds. Taking a step back, AAT Live is a product built to allow our customers to perform a price push to their stations over the internet using: a web page, phone app(s) and other 3rd party tools. Given that the internet is paramount to our product’s success we made commitments early to building secure hardware and software that takes into consideration industry best practices.
To update the fuel price in a store we are installing a device, call the AAT Live Hub, in a store. While the AAT Live Hub does not in any way process, transfer or store any consumer payment data, aka Primary Account Number or PAN, nor have any direct access to systems that do, we are still plugged into the store network that does, i.e. the credit data environment (aka CDE). As such, keeping installation simple and maintaining a secure product is paramount.
The AAT Live Hub connects to the various points of sale: Gilbarco Passport, Verifone Sapphire, Verifone Commander, NCR Radiant, Wayne Namos, Wayne Fusion and then of course to the internet, typically via our customer’s firewall. The AAT Live Hub is a small computer that runs unattended in our customer’s store, constantly maintaining its various connections. Once installed the AAT Live Hub’s primary purpose in life is to patiently await orders from our customers to make a change to the price of fuel at the station.
From our perspective, our device is another part of the internet of things (aka IOT), i.e. we’re on the internet but are not a general-purpose device like a phone or personal computer. This is an important distinction because our customers are not watching the AAT Live Hub, running routine software updates and monitoring for things like viruses. We take responsibility for the software maintenance of our devices, ensuring that our customers are not adding yet another device they need to monitor for security patches. We will make sure the operating system and all applications are kept up to date with the latest patches and releases.
At AAT Live, we have taken great pains to methodically reduce the attack surface of the AAT Live Hub. Some of the measures we take to protect our customers are proprietary, though here are some we frequently get asked about:
- We do not use simple or default passwords.
- Obvious too, is encrypting all traffic into and out of the AAT Live Hub, using TLS version 1.2+.
- We went further and stopped all inbound initiated connections to the AAT Live Hub, meaning that no unauthorized users can remotely access the AAT Live Hub from the internet or even inside a station’s network.
These are only a few of the proactive measures that we have taken to ensure our customers are not exposed to greater risk.
At AAT Live, we believe in taking the worry out of the product so our customers can focus on what’s important, such as simple end to end pricing. We understand that fuel price management is crucial to optimizing our customer’s margins. Drop us an e-mail to learn more about AAT Live, or simply give us a call at (614) 349-1685. We’re happy to set up a demo, install a sample in your lab or just have a quick discussion about how we can work together.