Gas station skimmers have been a heated topic across the fraud management ecosystem for years. Since the EMV chip card compliance deadline isn’t until October 2020 — roughly five years after the liability shift was implemented for merchants — this gap has left gas stations in the fraud spotlight.
Just last week, heading into the July 4th holiday, the U.S. Secret Service once again released warnings reminding consumers about the dangers of credit card fraud that can stem from gas station skimmers. In recent years, skimmers have been a rapidly-growing problem due to tech advancements that’s allowed them to be designed slimmer than a credit card — and cheaper to produce. With fraudsters’ ability to insert them seamlessly into machines with less obtrusive methods, this has led to an uptick in concerns from issuers in how to proactively confront this expensive problem.
That stolen payment data from credit/debit cards is used quickly, and often sold on the dark web. This accelerates the speed at which fraud spreads and only exacerbates payment breaches. Recently, the Secret Service discovered 59 skimmers at 85 locations in 21 states.
"[Fraudsters] are monetizing the stolen payment card data in multiple ways and the easiest way is they'll take the stolen payment card number and will re-encode a gift card or credit card and then they will use that to buy electronics, gift cards, stuff that they can fence on grey market, the black market or the open market," Matthew O'Neill Assistant to the Special Agent in Charge of the Criminal Investigative Division told ABC News.
ABC7 contacted Rippleshot Co-Founder Canh Tran to get his expertise on this subject. Tran shared some tips for consumers to be aware of. This included insight into how fraudsters often install the skimming devices. It's common for criminals to only install one skimmer per gas station, Tran said, and noted that they often find the pump the furthest from the station storefront. When paying at a station, he suggested always using the pump that's in direct eyesight of the clerk since a criminal is less likely to install a skimmer where they might be seen.
He also shared tips on what to look for physically on the pump. As a security measure to combat gas station skimmer fraud, security tape is placed were the tampering would typically occur after a pump terminal is inspected. If the security tape on a pump payment terminal is broken, alert the clerk and choose another pump. Or, pay inside with cash or a credit card.
"The new skimmers have bluetooth technology where you don't even need to go back and get the skimmer. [Fraudsters] can access the information wirelessly from a truck nearby and collect that information — and leave the bluetooth in the entire time," Tran told ABC.
According to the National Association for Convenience Stores, 37 million Americans fuel up on a daily basis, with 29 million of those using a credit or debit card. A single compromised pump can capture data from roughly 30-100 cards per day.
Gas station payment terminals are projected to be a problem in the near future as the EMV chip card compliance deadline doesn't go into effect for more than two years. As for other tips on paying at the pump?
- Look before you insert your card: If something looks off, alert the clerk and don't insert your payment card.
- Notice the tension when you swipe at the pump: If there seems to be a small glitch, there could be a skimmer inserted in the machine.
- Choose stations with well-lit pumps in a busy area: Criminals are less likely to target a busy station.
- Choose credit over debit: When your card is hacked, it's easier to get ahead of the damage. A stolen debit account has a longer lasting fraud impact.
- Use a mobile wallet at the pump: Cardholder data is better protected when using a third-party app that fully encrypts your credit card credentials.
- Rely on your card issuer's alerts: Many issuers offer alerts tailored to specific transactions. Have alerts set up to flag potential fraudulent transactions.
How Rippleshot Sonar Can Help
Current fraud detection systems look for changes in consumer behavior and transaction patterns. By changing the focus from the consumer to the exposed merchant, Rippleshot lets banks move from a reactive to a proactive approach.
Stopping the spread of compromised card fraud at gas stations can only be done through better, faster breach technology. This means finding a proactive solution that can target where and when the card was actually compromised. This can help issuers get ahead of the fraud storm before it gets worse.
Sonar analyzes millions of transactions daily to predict and stop fraud from the use of compromised cards by pinpointing when and where a breach occurred. Sonar measures the strength of merchant breaches to determine issuer’s most at-risk cards.
By leveraging machine learning/combined data from our network of banks, credit unions, and processors, Sonar helps issuers reduce fraud losses/unnecessary card re-issuance by detecting data breaches at their source. Sonar provides daily merchant exposure data, location and number of cards affected.
Sonar empowers banks and credit unions to take action on cards before the risk spreads. Our solution equips issuers with the tools to understand what’s happening across their own card portfolio — and how to detect risk. Sonar proactively analyzes millions of card transactions and reported fraud daily. We monitor transaction behavior to detect and measure the strength of merchant breaches to determine an issuer’s at-risk cards.
Sonar predicts and stops fraud from the use of compromised card by pinpointing when and where a breach occurred in order to proactively detect compromised merchants and identify an issuer’s at-risk cards. Sonar’s Fraud Forecast™score assesses each card’s total exposure from all breached merchants to determine the probability that it will become fraudulent in the next 90 days.