Trucking Fights Back Against Fuel Card Skimming

Skimming occurs when scammers install deceptive devices on truck stop fuel pumps that mimic legitimate card readers. (vitpho/Getty Images)

[Stay on top of transportation news: Get TTNews in your inbox.]

Fuel card skimming has become an increasing threat to the financial security of truck fleets, but industry leaders have been making progress addressing the issue over the past year.

Skimming occurs when scammers install deceptive devices on truck stop fuel pumps that mimic legitimate card readers. These devices capture payment card information from the truck drivers’ cards. Once obtained, the thieves use the stolen data to make unauthorized purchases until a fleet manager is alerted and deactivates the card.

“Card skimming is the predominant form of fuel fraud,” said Erika Voss, vice president of information security for DAT Freight & Analytics.

But defenses against skimming have become more sophisticated, as have the habits of the drivers and fleet operators who are learning how to stay a step ahead.

Image

Barkoff 

“The trucking industry has diligently intensified efforts to combat card skimming,” said Spencer Barkoff, president of Relay Payments. “A lot of fleets are adopting digital payment solutions, which is one big thing that people are investing in — transitioning from traditional fuel cards to cardless payment systems.”

As the cardless payment platforms grew in adoption, Barkoff noted, the company saw that incidents of card skimming have significantly decreased compared with a year ago.

“The main thing here is that digital payment solutions that are being adopted eliminate the need for the physical card, and remove the primary target for the skimming devices,” he said. “This has been instrumental in reducing the instances of fuel fraud.”

At the same time, telematics integrations have become more sophisticated, which helps to better identify geographic areas where skimming has become prevalent in recent years.

Voss echoed the call for cardless payment systems, but also cautioned drivers that it still is important to remain vigilant when out on the road.

Image

Voss 

“First, avoid sketchy locations,” Voss said. “Scammers work in the shadows — literally. Point-of-sale machines in busy, well-lit, reputable places are less likely to be tampered with than a reader at an unattended, middle-of-nowhere fuel stop.”

Voss added that it is important for drivers to inspect the card reader to see if it is in good shape.

“Cover the keypad when you punch in your security code,” she advised. “It takes no time, and yes, it makes a difference.”

According to William Fitzgerald, vice president of global anti-­financial crimes at WEX, skimming has been largely mitigated by advanced technology. But the scammers aren’t giving up easily. If they can no longer compromise cards due to the shift to cardless payments, they will shift tactics, aiming to take control of the actual accounts holding the funds. In some cases, the use of AI is making the battle more cumbersome.

Image

Fitzgerald 

“Malicious actors are getting into accounts,” Fitzgerald said. “They’re getting users to give them credentials — to give them their multifactor codes. That is by far the highest velocity fraud right now. And it’s the most difficult for corporate entities to protect against because it’s all the way out at the edge of the perimeter. It’s the last user that you have to protect.”

Why would anyone give a scammer their account credentials or their multifactor codes?

They wouldn’t knowingly. But this is where Fitzgerald says the scammers are using AI to convince people they have no choice.

The scams have come a long way from the days of a poorly written email from a Nigerian prince. With AI, an employee’s name, email address and even language can be used nefariously to trick others to provide information. It also can scan social media to phish for inexperienced individuals, for instance, targeting those who have recently announced new jobs, or other unsuspecting employees.

The only true defense against these sophisticated tactics is educating people.

“Never give out your password, never click on a link, never respond to a text message,” Fitzgerald said. “But the other side of that we don’t see galvanized well is empowering our people to say no.”

An employee who receives a directive from what appears to be someone in authority might be reluctant to do anything but comply immediately. Fitzgerald said companies must remove that fear. 

“Empowering folks to say, ‘Mr. CEO, I appreciate that, but I just need to call my boss,’ ” Fitzgerald urged.

WEX also works with clients to deploy fraud detection software that can sniff out a potential scam, both in written communication and in voice communication for operations such as call centers.

“Think about what’s coming in to your devices,” Fitzgerald said. “Where are they coming from? Are they spoofed or trying to look like something other than their browser data? Voice biometrics is a huge tool, because bad guys are using AI to fool call centers.”