Card skimming and fraudulent transactions are on the rise and we want you to be aware of what you and your drivers should look for.
Additionally, we have some suggestions with regards to card controls that you the customer can place on all your cards to better manage usage and prevent fraud.
What to Look For
Your eyes, fingers, and now even your smartphone may be able to help you spot card skimmers at gas pumps and ATMs, but nothing is fool proof. Some of the newer skimmers are almost impossible to see, even if you know what you’re looking for.
1. Use your eyes: Look before you insert your card.
Before you slide your card in a fuel pump take a good look at the keyboard and card reader. Has the dispenser been tampered with or has the security seal been broken? To place a skimmer inside a fuel pump, fraudsters must open the fuel dispenser door to insert the skimmer. Station employees may place serial-numbered security tape across the dispenser door, so check to see if the tape has been broken. If there’s no tape, check to see if the dispenser door looks as though it has been forced open. Also, look inside the throat of the card reader to see if you can spot anything hidden there. A skimmer inside a gas pump can steal the information off the magnetic stripe of your credit card or debit card. Look closely before inserting your card into the card machine or dispenser. If the slot seems to be tampered with, is loose, or there is something foreign in it – even if it allows for your card to go in – the reader could have been compromised. Much like how online security measures (that you can view here) can help keep that card safe, offline ones like these keep your bank secure. If you spot these signs on a card reader, do not use it. Immediately contact the site operator or owner to relay your findings. Cardlock locations should have owner contact information posted, while retail sites have on-site employees
2. Use your fingers: If something doesn’t feel right, move on.
Wiggle the card reader to see if it’s loose. The crooks might place a card reader on top of the existing one. You should also be wary if it’s hard to insert your credit card or debit card. Some gas station credit card skimming victims have, in hindsight, remembered that the card reader had “a weird feeling” the slot had been tampered with.
3. Use your phone: Apps now can alert you to possible skimmers.
A free Skimmer Scanner Android app called Skimmer Scanner released in September 2017 scans for available Bluetooth connections looking for a device with title HC-05. How does it work? If found, the app will attempt to connect using the default password of 1234. Once connected, the letter ‘P’ will be sent. If a response of ‘M’ then there is a very high likelihood there is a skimmer in the Bluetooth range of your phone (5 to 15 feet). If your smartphone detects a skimmer, use a different pump or go to a different gas station. How does Bluetooth relate to skimmers? In the past, bad guys had to return to the fuel pump or ATM to retrieve skimmers. That’s not always the case now. Thieves have begun to use Bluetooth technology to glean your credit card or debit card information. The crime is called “bluesnarfing” or “blue skimming”, and the crooks can sit 100 yards away in their vehicle while credit and debit card information is transmitted to their laptop. We have not tested this method to see if it really works.
4. Use your common sense: Use fuel pumps in safe places.
If available, pay inside with cash or a credit card, rather than at the pump. There is less chance a fraudster placed a card skimmer on the payment terminal in front of the clerk inside the gas station or convenience store. In fact, the sheriff’s office in Austin, Texas has urged area residents to pay for gas inside because card skimmers were so common at area fuel pumps.
Choose pumps closest to a physical building or security camera. Also, for obvious personal safety reasons, do not use fuel pumps hidden around the corner of the building. Avoid gas pumps that are out of sight of the clerk.
When using the fuel site, after entering your card, and before entering your code, cover the keypad as you enter your PID#/PIN# so that no one at the site or reviewing your entry from a distance can see your entry. If you see something suspicious at a fuel site – or something that just doesn’t look quite right – it probably isn’t. Immediately contact the site operator to report your experience
Use CFN’s fraud alerts (See Below) and check your card statements.
What You Can Do
Individual card controls such as locking down usage to states, number of transactions in a day, type of fuel & hours and days of the week for fueling will be one of your best defenses you can do. We were made aware of one card used 38 times in a 2-hour period at one site because there were no transaction limits on the card.
1. Proper controls must exist on any card linked to a Fraud Dispute to be eligible for reimbursement through the CFN Fraud Protection Program.
Many of the cases we are seeing are from cloned cards by using a skimming device as talked about above. The original cardholder still has the plastic but there’s an exact match somewhere else. Your CFN cards come pre-coded as follows:
Transactions per day – 3 Gallons per fill – 30 gallons Gallons per day – 300 gallon
These would be modified depending on the customer and type of vehicles’ needs but we’re recommending these as the defaults. If you don’t have something in these three fields you won’t be covered under the fraud program.
2. An ounce of prevention is worth a pound of cure.
Have eReceipts set up to alert you to potential fraud and theft on all your cards. You will receive an email when the card is activated and another when the transaction is complete. You can set up as many as 5 email addresses.
We have had customers holding the card in their hand here in Modesto while a transaction was completed in Texas.
3. At-A-Glance Tracking.
24/7 online access is just a fingertip away where you are able to download reports in excel or pdf format; change DIN (driver ID); validate & invalidate cards; verify odometer readings in order to reconcile fuel usage and track mileage. We strongly recommend you add this to your account since we do not have a 24/7 staff to validate or invalidate cards. Alternatively, you could use the fleet tracking service from Lytx which will allow you to GPS track your fleet so that you always know the mileage and fuel usage.
4. Establish a Driver Fuel Card Policy.
Have a driver fuel card policy that formally holds your drivers accountable for every purchase and that every driver understands the responsibility of using a fuel card. This will set the standard that it’s a very serious violation if a fuel card is used inappropriately. You can find this form under My Account on our website.
4. Never write the Pin number on the card or cardholder.
Treat this card as you would your ATM debit card. If this card is lost or stolen you have given the finder of this card free access and you will be liable for all transactions. And it has happened many times over the years and we still continue to see cards come into our office with the pin written on it.
CFN has established a Fraud Protection Program that covers unauthorized transactions should they occur with certain limitations, but in order for that protection to be validated, the compromised card must have controls established on them and the customer must report a disputed transaction(s) immediately.
Lastly, please remember as outlined on our Credit Application, the FleetWide card, or any CFN issued cards are considered access cards used to initiate a CFN transaction to obtain fuel or other services offered through locations within the CFN network. FleetWide or any CFN issued access cards are not credit cards. It is understood that the federal $50.00 liability limit (subject to change) for credit cards will not apply to any CFN access cards issued and used on the account. You agree by signing this application that any/all purchases will be the responsibility of the Account/Purchaser. Please note that all purchases on this account whether at cardlock locations, when used at a retail accepting fuel site or at a partner accepting merchants are the responsibility of the of the Account/Purchaser.
If you would like to make any changes to your card controls, add eReceipts, or 24/7 tracking please email email@example.com or fax 209-522-2406. Please include your name, account name and number, and a contact phone number with the options you would like to have added to your account.
As always feel free to contact your sales representative or our fleet fueling desk at 209-522-7291 ext. 209. Although, we will only be able to make changes to your account with your written notice.