Staying Ahead of Fraud in the Cardlock World
For years, cardlock sites ran under the radar of fuel thieves until tighter security and more proactive controls and technology in the retail market shifted their focus to easier marks. Over the last few years we have seen a drastic increase in fraud at cardlock sites, especially at lower traffic sites.
I know of one company that is plagued with theft at several sites and had to resort to dedicating one employee just to combat the threat. Whereas there was a time when a stolen card would be used to fill up multiple vehicles or large fuel tank, now the thieves will arrive at a site with a stack of counterfeit cards and work through the deck identifying which cards can be used. And whereas retail stations typically have inspection procedures throughout the day to identify any dispenser tampering, many unmanned cardlock sites will only have daily inspection visits to look for any skimmers.
While credit cards have addressed the problem with EMV, the industry has been slow to adopt given the significant cost to upgrade dispensers. Within the cardlock market, that expense would be even more significant, but cardlock providers have been slow to adopt a standard - aside from levying fees to make up for losses - so there isn't clear path ahead.
While there isn't an industry-wide plan, that isn't to say that companies aren't working through the best way to address the problem. In my role when I was with Flyers and then the Oly network, there was a lot of speculation regarding the adoption of EMV at cardlock sites, but we were already considering the use of mobile technologies to combat fraud. Since much of the fraud today leverages the physical card and the ability to duplicate the card by skimming, the elimination of the card would in fact eliminate much of the problem. And since adaptation of the default solution - EMV - is so costly, many are looking to skip this and go right to a cardless one.
Companies have already embraced mobile technologies, such as The Site Controller (TSC) with its Cardless Swipe product. There is quite a bit of mobile technology already developed for the retail fuel market, but has been slow to roll over into the commercial market - mainly due to gaps in understanding of that market by the tech companies. While TSC is dependent on its own site conroller software, it works with existing fleet cards. I've had a number of discussions in the past few months with one national fleet card provider that is exploring a mobile app as its next logical step in the payment evolution.
While it's gratifying to see the industry is working so diligently in identifying and developing technology to reduce fraud, there are lower tech options to identify and prevent theft right now. First and foremost is locking down limits on all the cards. Reviewing standard controls on new cards and reviewing limits on all accounts can go a long way in making sure a stolen/counterfeit card is limited to 50 gallons rather than 500. In addition, transaction review and exception reporting can trigger alarms when a fuel card is used excessively or outside normal ranges, frequencies, and hours.
A good exception system combined with a proactive theft investigation process will go a long way towards limiting theft in the short term until the industry on the whole has an established fraud prevention strategy.