Security problems of physical fuel cards and how PACE solves them using digitalization

Card fraud is a form of economic fraud in which card data is forged or stolen and used by second or third parties to obtain goods or services. This causes financial damage to the cardholder.

Typical attacks on fuel card data include the following:

  • Phishing: This refers, for example, to an attempt to impersonate a trusted communication partner via a fake website, email or short message in order to obtain certain data of a user and to gain financial advantages, for example by using the fuel card data for one’s own use. If the card user has access to the card data, this is difficult to prevent.
  • Skimming: In this case, data is illegally siphoned off from cards: Magnetic strips on the cards are read and recorded with the aid of devices attached to the card reader. With the help of installed cameras, PIN entries can be recorded on video. This data is copied onto counterfeit cards, which can then be used.
  • Theft: The theft of fuel cards is a classic type of fraud. If the fraudster has previously observed the PIN being entered or the PIN for sharing a card among multiple drivers has been placed on the card, it is easy for fraudsters to use a stolen card.
  • Black market: Fuel cards can be stolen, found, forged based on phishing or skimming, or deliberately sold criminally by drivers to third parties.
  • Fuel fraud: Drivers can use their fuel card to fill an unauthorized vehicle or canister and pay for that (fuel) fill with the fuel card.
PACE closes security gaps of fuel cards through digitalization.

How PACE closes these security gaps with digital fuel cards:

  • Protection against phishing: The user of a digital fuel card does not need to have access to the PAN or PIN. For example, this can be stored digitally for specific drivers beforehand by the fleet manager who has access to it. This allows drivers to use a fuel card without having to know the card data. Since users don’t even know the card data, phishing attempts would fall flat. Two-factor authentication when logging on to each (new) end device ensures that only the right user can log on and use the cards assigned to them.
  • Protection against skimming: The digitized card means that fraudsters no longer can read magnetic strips on the card reader and observe PIN entries via camera in order to create card copies later.
  • Protection against theft: Instead of a physical fuel card, a digital fuel card is used that cannot be stolen like a conventional one.
  • No more selling on the black market: Again, the simple answer is that unlike their physical counterpart, digital fuel cards are almost impossible to steal, find, forge, or sell to criminals, and so they no longer end up on the black market. In addition, the two-stage authentication ensures that no unauthorized person can impersonate a driver and log on.
  • Protection against fuel fraud: By digitizing the fuel card, the filling of unauthorized vehicles or canisters no longer goes unnoticed, as vehicle information and metadata are stored with each transaction. In this way, the fleet manager can see directly in his system whether the refueled volume corresponds to the expected quantity. If this is not the case, the fleet manager can react immediately by viewing the data in his system.
Conclusion:

Digital fuel cards prevent numerous cases of fraud and allow drivers only the access they actually need. This reduces effort and costs in the fight against fraud and increases the profitability of the fuel card business. Digital fuel cards are issued in seconds, assigned to the right drivers, and can be deleted just as quickly. They cannot or do not need to be printed and mailed like physical fuel cards and allow card issuers to keep track of issued fuel cards and their usage.