The mechanics of dynamic fuel price changes

Dynamically updating the fuel price at a store requires having the correct technology in place and allowing access to the store’s network, keeping security in mind at all stages of this process.

At the center of any price update is the Point of Sale, aka POS, (Gilbarco Passport, Verifone Commander, NCR Radiant, Wayne Dresser Namos, etc…) which needs to be connected to the station’s pumps and price signs. While most stations have a connection between the POS and the pump, not all stations have a similar connection between the POS and the price signs. Most price sign vendors sell equipment to connect the POS to the price sign, typically in the form of a low power radio. Alternatively, in the construction of a new station, a cable can be run from the station to the sign.

Once connections to the sign and pumps have been established the POS will handle the changes to the price at the station. At this juncture, it’s worth explaining the sequence and timing of a price change cascading though a store. The sequence and timing of a price change is affected by a couple things: the direction of the price change and the number of people currently pumping gas. The convention among the various agencies that regulate the display of fuel prices is simple, the price on the pumps and the sign must be the same. The price on the pump cannot exceed that of the sign (otherwise it’s considered bait and switch).

To ensure the relevant regulations are being met the POS must abide by the following sequences:

  • If the price is going up, the POS will change the price on the sign first and only change the price on the pumps once the sign confirms it has enacted the price change.
  • If the price is going down, the POS will change the price on all the pumps and only update the price on the sign(s) once the price on all the pumps has gone down.

Timing of a price change is another matter altogether. The timing of a price change can vary wildly based on the amount of traffic at a given station since the individual pumps will not update the price while someone is pumping gas.  At a busy station, it can take upwards of 20 minutes for a price change to cascade through all the individual pumps. Since most of the sign companies use low powered radios it’s not uncommon for the sign update to take 30 – 45 seconds on its own.

With all that in place and the POS having the ability to update the price on both the sign(s) and the pump(s), now we can move on to how the price change gets to the POS from the internet. All the different brands of POS systems have built in systems set up to receive requests digitally for actions such as: reporting requests, updates to fuel prices, etc… Most of the POS vendors support some flavor of NACS XML, the convenience stores industry protocol for passing data about the store. With each different POS, you need to have a physical connection, via a RJ45 cable, to the POS’s internal network, typically via a router that is bundled with the POS. Once that connection has been established; the task at hand becomes being able to get a command down from the internet to the POS.

Like AAT Live the various dynamic price control vendors achieve the connection in slightly different ways, however we all need to have a computer connected to the store (either physically or via a VPN) of some sort. From there, a command to change prices is sent to the computer installed in the station, that computer uses its connection to the POS to send a price change command to the POS, which then handles the price updates as explained above.

AAT Live focuses on simple, secure remote fuel price management, so our customers can focus on the important stuff.

For the everyday consumer being on the internet is relatively simple, anyone can start a blog on Medium or Blogger, signing up for Facebook or Twitter takes seconds.  There are a lot of upsides to the internet: speed, efficiency and connections to name a few. While it’s true being online is easy for the casual user, for businesses the internet is more complicated. At AAT Live, it is our goal to capture that ease of use while meeting the business requirements of our customers.

At the center of any business’s internet plan is security and ensuring the business nor its customers are not exposed to unnecessary risk. The risks vary wildly from being embarrassed by goofy photos to industrial espionage, the later leading to financial losses and damage to reputation. At AAT Live, we sell a product that leverages the internet to provide service. As such, protecting our reputation and that of our customers is quite literally what keeps us up at night.

It’s because we stay up at night worrying that our customers don’t have to. From our perspective, it is our responsibility, and duty, to ensure our customers can use our product without increasing their risk.  The AAT Live team keeps security at the forefront of our minds.   Taking a step back, AAT Live is a product built to allow our customers to perform a price push to their stations over the internet using: a web page, phone app(s) and other 3rd party tools. Given that the internet is paramount to our product’s success we made commitments early to building secure hardware and software that takes into consideration industry best practices.

To update the fuel price in a store we are installing a device, call the AAT Live Hub, in a store. While the AAT Live Hub does not in any way process, transfer or store any consumer payment data, aka Primary Account Number or PAN, nor have any direct access to systems that do, we are still plugged into the store network that does, i.e. the credit data environment (aka CDE). As such, keeping installation simple and maintaining a secure product is paramount.

The AAT Live Hub connects to the various points of sale: Gilbarco Passport, Verifone Sapphire, Verifone Commander, NCR Radiant, Wayne Namos, Wayne Fusion and then of course to the internet, typically via our customer’s firewall.  The AAT Live Hub is a small computer that runs unattended in our customer’s store, constantly maintaining its various connections. Once installed the AAT Live Hub’s primary purpose in life is to patiently await orders from our customers to make a change to the price of fuel at the station.

From our perspective, our device is another part of the internet of things (aka IOT), i.e. we’re on the internet but are not a general-purpose device like a phone or personal computer. This is an important distinction because our customers are not watching the AAT Live Hub, running routine software updates and monitoring for things like viruses. We take responsibility for the software maintenance of our devices, ensuring that our customers are not adding yet another device they need to monitor for security patches. We will make sure the operating system and all applications are kept up to date with the latest patches and releases.

At AAT Live, we have taken great pains to methodically reduce the attack surface of the AAT Live Hub. Some of the measures we take to protect our customers are proprietary, though here are some we frequently get asked about:

  • We do not use simple or default passwords.
  • Obvious too, is encrypting all traffic into and out of the AAT Live Hub, using TLS version 1.2+.
  • We went further and stopped all inbound initiated connections to the AAT Live Hub, meaning that no unauthorized users can remotely access the AAT Live Hub from the internet or even inside a station’s network.

These are only a few of the proactive measures that we have taken to ensure our customers are not exposed to greater risk.

At AAT Live, we believe in taking the worry out of the product so our customers can focus on what’s important, such as simple end to end pricing. We understand that fuel price management is crucial to optimizing our customer’s margins. Drop us an e-mail to learn more about AAT Live, or simply give us a call at (614) 349-1685. We’re happy to set up a demo, install a sample in your lab or just have a quick discussion about how we can work together.