Preventative Maintenance

Fraud Protection - Preventing Skimming, Shimming and Wanding

Implementing Fraud Protection Programs  to Keep Your Organization Secure

Just as with your personal credit card, the practice of CFN card skimming, shimming, wanding and cloning is unfortunately growing more commonplace in the world today. That is why it is important to protect your assets with fraud protection in any way possible. Below we have outlined some information on these fraudulent practices and some helpful strategies for protecting the security of your CFN transactions.

Skimmers

Skimmers are small card readers installed within or attached to legitimate payment terminals. They allow thieves the opportunity to steal credit card data from every single swipe of a card. With this sensitive information a thief can clone cards, compromise bank accounts, make fraudulent purchases, steal money and in general, wreak havoc on your identity and financial security. Card skimmers are generally small in size and fit over an existing payment terminal’s card reader. Often times a hidden camera will be found within the vicinity of the skimmer, allowing thieves to view and record the PIN keypad to capture personal identification numbers. Such cameras are cleverly disguised, small enough to fit inside the card reader, just beside it, above it or hidden nearby in an inconspicuous location. In some cases, fake PIN pad covers are installed to bypass the need for a camera. This allows criminals to obtain PIN information directly from the pad.

Shimmers

The introduction of EMV chip cards slowed thieves down temporarily from their pursuit of stealing credit card information, but where there’s a will, there’s a way. That’s where shimmers entered the equation. Unlike skimmers, which are installed on top of payment terminals to exploit data via magnetic strips, shimmers are installed within payment devices and terminals. Unseen from the outside, shimmers are very small, thin devices that read data directly from your card’s EMV chip, making fraud protection that much more difficult.

Wanding

A rising risk in credit card fraud come from the presence of "wands," or radio-frequency identification (RFID) readers. These inexpensive reader devices have the ability to read credit card data by simply waving the reader over wallets, purses or pockets. The device can be easily concealed in a laptop or ipad case and has identical technology to that used in stores. When the device is held just four inches from a card it can easily pick up credit card numbers and expiration dates, which is enough to make online or over the phone purchases. With that information an electronic pickpocket can wipe out your accounts. RFID technology uses electromagnetic fields to automatically identify and track tags attached to objects, which contain electronically-stored information. This technology embedded in new credit and ATM cards allows consumers to make purchases quickly and easily by simply waving their card in front of the RFID reader. To protect your RFID cards from being compromised, consider purchasing an RFID blocking wallet or sleeve from companies such as Identity Stronghold. Cards can also be protected by wrapping them in tinfoil.

How To Ensure Fraud Protection

Understanding how to recognize the possibility of fraudulent activity at CFN payment terminals is important, but there are many other ways to protect your fleet from being compromised by creating specific security parameters. Internal theft performed within your fleet of drivers is unfortunately another common concern. If every one of your drivers were honest and compliant, you would have no problems. It only takes one person to make a poor judgement, basically using their CFN card as a personal credit card - using it to pump 10 gallons here and 10 gallons there.

Understand Your Fuel Needs

If in a single day a truck requires a maximum of 20 gallons, set a security parameter for no more than 30 gallons. This purchasing limit will ensure that card usage cannot be over-extended in a single day. Place restrictions on cards based on the specific needs of your customer and fleet. Giving your customers access to fleet user interface information allows them to understand their fuel needs by reviewing usage reports on a daily or weekly basis. This also allows them to receive and review e-receipts, remaining in the loop on what is being used and what is being spent.

Implement a Variety of Security Parameters

Having a combination of security parameters in place will create effective fraud protection preventative measures to minimize internal fraud and theft. If you have a mixed fleet, you don’t want to extend the same purchasing power to a sprinter van that you would to a heavy duty truck. Since a CFN is basically a credit card, it would be like giving $10,000 to a kid straight out of high school. Understanding your fleet’s purchasing and usage patterns will allow you to set accurate parameters. If a truck’s max usage is 20 gallons, extend the purchasing power to 20 gallons. Ask the following questions: Does it make sense for your drivers to have the ability to fill up more than once per day? If they fill up and then do a full day’s run, will they need to refill again in the same day? Know your patterns. Extend maximum purchasing power based on the specific volume that you needs. Other security parameters include:
  • Limiting the number of gallons permitted to be pumped per transaction
  • Limiting the number of transactions permitted per day
  • Restricting the hours of operation that your employees can fuel up per day, such as between 8am and 5pm. Any time beyond this range is considered a “deadzone” with usage being reported as a security alert
  • Place a geographic zoning parameter on cards, such as purchases only being permitted within the state of California or only from a specific zip code
  • Place a credit limit on the amount of gallons permitted per month. If by the 10th day of the month your driver has maxed out his credit, a security alert is then triggered

Best Practices

Avoid having your CFN or fleet card skimmed, shimmed or cloned by bringing a heightened level of awareness to any payment terminal you are utilizing. If you suspect that a payment terminal has been modified or tampered with, report it to the vendor immediately and alert your fleet manager. This will prevent external fraudulent activity as much as possible. Prevent wanding or electronic pickpocketing by placing RFID credit cards in protective sleeves, or by wrapping them in tinfoil. Internal fraud and theft can be prevented by creating a robust combination of security parameters such as placing a cap on spending and limiting the volume of fuel that can be pumped in a single day.

Contact an SCL Consultant Today

In a wide range of industrial sectors, we’re here to protect and optimize the machines that keep our country moving, and we pride ourselves on providing superior logistics and solutions, extensive product and industry knowledge and total performance satisfaction for our customers. No matter where the future of the automotive industry is headed, we will be there to deliver what you need to keep you in motion.  For information on how we can assist you in choosing the optimal products for your vehicle or equipment at a competitive price, contact an SCL consultant today.