By Matthew Attwell, Risk & Client Services Director at The ai Corporation (ai)
If you’re an owner or manager of a large number of vehicles, it’s likely that your company utilises Fuel Cards. At first glance Fuel Cards make life considerably easier. They provide detailed transaction reports, automated billing and a lot less paper than expenses forms. However, fuel cards are just as likely to be targeted by fraud as personal banking cards.
The introduction of Chip and Pin technology revolutionised the card world and meant that fraudsters found it harder to clone cards embedded with EMV. However, much of the Fuel Card industry are still behind in the adoption of this technology and are therefore still using Magnetic Strip technology. Magnetic strip cards are particularly desirable to fraudsters as they are easy to clone, difficult to block and easy to run up high costs with. Thankfully a new breed of fraud detection solutions is being developed to identify and prevent this kind of fraud from taking place using sophisticated fraud transaction monitoring systems.
There are a variety of different frauds that fuel cards are particularly susceptible too. In this article, I will look at what those techniques are, and the ways companies and fleet managers can protect themselves from becoming a victim of fraud.
Skimming refers to the theft of information from a card during a transaction. This is conducted when a card is swiped or inserted into a machine/terminal using an electronic skimming device that captures the data. Most skimming occurs using false plates, which can be attached to the front of ATMs or Fuel pumps, which look almost identical to the original. The devices then read and store the information from the magnetic strip when it is swiped/inserted. With the introduction and widespread adoption of EMV cards (cards enabled with Chip and PIN Technology) many fraudsters are also opting to use additional equipment in the form of pin hole cameras to collect PIN numbers.
The process of skimming for card data is becoming increasingly sophisticated than previously traditional credit or debit card fraud. This is because the use of Bluetooth and WIFI enabled transmitters is becoming increasingly popular. These transmitters fraudsters to have instant access to the information being stolen, rather than having to retrieve the device to collate the information. Fraudsters are then able to use this information to make counterfeit cards.
- Try to use the pump closest to the station and within clear view of the clerks inside. Whilst this won’t guarantee the pump won’t have been tampered with, it is less likely that the fraudster would be able to tamper with a pump in full view of the staff working inside.
- Always check the outside of the pump for visual signs of tampering, although techniques are becoming more sophisticated, drivers should always be on the lookout for suspicious devices or evidence of tampering. If they do find anything, report it to the station staff.
- Keep an eye for suspicious vehicles parked nearby to the station. Bluetooth and WIFI enabled card readers sometimes are unable to transmit data beyond a certain distance, meaning fraudsters could be nearby waiting for uploads.
- Limit the amount of money that can be spent per day on fuel.
Abuse of a Genuine fuel card is defined as instances in which the original card is used outside of its usual pattern. This is often committed by the genuine card holder and is sometimes referred to as Driver Fraud. An example of this could be a driver unlawfully using their card to purchase fuel for another driver; often in exchange for cash. This can also refer to the unauthorised usage of the fuel card for fuelling personal cars and buying unauthorised goods (shop goods like tobacco to resell).
Site Collusion refers to sites acting unlawfully in charging more for fuel that hasn’t been purchased, and ‘pocketing’ the difference. It can also refer to illegal activities such as Skimming. In this instance the site staff have access to the cards during the transaction stage and can copy the details when it is handed over to complete the transaction.
Ways to prevent Driver/Site Collusion.
- Educate drivers on Best Practice guidelines regarding fraud. Firstly, it is illegal to commit fraud and secondly it can be detrimental to the company. Both these reasons could lead to the individual losing their jobs.
- If possible link the fuel card to the registration of the vehicle. This means that transactions can only be made for the specified vehicle.
- Require drivers to enter their PIN before fuelling. This would require the driver to also enter the volume of fuel they require. While this could simply be done for another individual, it would call more attention on a statement for the extra litres.
- Ensure the Card never disappears out of the owners’ sight. Employees of fuel stations can easily copy cards when handed over out of sight of the owner.
In my next piece in tomorrow’s FleetPoint, I will look at Lost or Stolen Cards, Application Fraud, Counterfeit Card, Swapped Card and Card not received fraud, alongside ways fleet managers can help to detect and prevent fraud.