Strategies to pump up security at the pumps
Theft modes at the pump continue to evolve over the years, meaning fuel retailers need to evolve their security to protect their fuel — and their customers.
Although there are still pump scams in Canada, chip and pin is the standard here, while the U.S. is still migrating from mag swipe technology.
While Canada's chip and pin adoption has helped curtail some types of scams in recent years, there are always market challenges with security, including sites becoming larger and the increasing needs around data security.
MODES OF THEFT
The fuels industry has seen a rise in the number of skimmers found at sites. Each of these devices can impact 100 to 500 consumers and have a financial impact on the consumer ranging from $1,100 to $5,000.
There are two popular types of skimmers: internal that are either inline with cables or board-mounted with Bluetooth; and external that are placed on the card-reader nose.
There's also "shimmers," which are inserted into the card reader at fuel pumps. Shimmers capture the magnetic strip data, and potentially chip information as well. It’s important to note that fraudulent cards are generated with magnetic strip data, but the chip information isn’t able to be replicated.
"Pulser fraud" is also on the rise. This is when a false pulse signal is created, distorting the signal to electronics. This can be done with counterfeit hardware that’s installed in place of the real device; lift-off, wherein the thief lifts the device off the meter; or a broken connection caused by a pulser shaft being cut and not registering fuel volume.
MODES OF SECURITY
Card data theft results in a nuisance to the consumer and ultimately raises the cost of credit. Furthermore, fuel theft reduces the already slim margins that retailers collect on the sale of fuel.
Shutting down fuel thieves requires creating barriers to breaches, investing in and implementing new technology, and notifying and reacting effectively to breaches. Consumers are more and more aware of the security measures being taken at fueling sites.
One way to protect customers is with security tape. It’s a simple deterrent to thieves, easily inspected by site personnel, and visible to customers so they know they are being protected. The downside is that security tape can be manipulated easily.
EMV chip card readers and near-field communications also protect customer data.
In terms of retailers protecting their fuel, here are four best practices:
- Encryption — Prevents unauthorized cyber access to sensitive data.
- Asset ID — Unique ID only recognized by the dispenser.
- Lift-Off Detection — Multipoint detection system against unauthorized entry.
- Reinforced Enclosure — Hardened metallic enclosure prevents access to critical performance hardware.
Preventing fuel theft means having control of your network 24/7 as well. Retailers can control their network remotely through door sensors that are fully integrated. With such a system, retailers can enable/disable remotely for service, clear an alarm, and even schedule a disable for service.
There's no reason to believe theft modes at the pump won't continue to evolve. With that in mind, future possibilities for enhanced security, include:
- Electronic locks on the dispenser
- Cloud authentication
- Track access by zone on the dispense
- Consumer would have access to Bluetooth skimmer apps
- Transfer to the dispenser for real-time monitoring
- Notification when a skimmer is present at your fueling positions
Security at the dispenser is needed today, not tomorrow. It's vital for retailers to determine the right security method for their business — one that enables them to be alerted and react accordingly to a breach, but also one that prevents thieves from breaking in from the start.
A version of this article was published at Convenience Store News.