Fraud at the Pump. How EMV Can Eliminate “Pump and Dump” Schemes

Luke Grant's picture
Luke Grant : Product Manager, Payment

There are many ways that thieves can turn stolen credit cards and cardholder data into cash.  Mostly commonly they purchase items that can easily be easily exchanged for cash or used as cash once the stolen account is flagged.  Recently a new scheme came to light in Lilburn, GA that hits home for petroleum retailers.

This “pump and dump” scheme involves the use of stolen credit cards to purchase large quantities of fuel which is then sold to truckers and other gas stations that are in on the plot.  The thieves make multiple fraudulent transactions in one stop and fill up large tanks that have been hidden inside trucks or vans.  Hundreds of gallons of fuel can be stolen at a time as you can see in this CNN Investigative Report.

There are several ways that deployment of EMV technology can help eliminate this type of fraud or drastically reduce its impact on petroleum retailers.

1-    Preventing stolen card data: On the front end of the scheme, thieves are using stolen data from magnetic stripe cards to easily make fake credit cards using an inexpensive machine readily available on the black market.  Since EMV cards cannot be easily duplicated, sites deploying EMV technology reduce exposure to stolen card data in the market.  Aite Group projections indicate that 70% of U.S. credit cards and 41% of debit cards will be EMV-enabled by the end of 2015.  Without usable data for making clone cards, the basis of this type of plot falls apart.

2-    Reducing exposure to stolen data on your site: Even if card data is stolen from a site not equipped with EMV technology, sites that have deployed EMV have two major sources of protection:

a-    Inherent chip security: EMV technology imbeds a source code in the magnetic stripe alerting the payment terminal that it should be used as an EMV card.  If an EMV-capable card is attempted to be used as a magnetic stripe card at an EMV-capable terminal, the terminal will prompt it to be entered as an EMV card, adding friction to the thief’s process and likely sending him to another less secure site.

b-    Fraud liability protection: If a fraudulent card is successfully used at a site with EMV-capable terminals, the liability for the fraud will not fall to the site owner or operator.  Rather, it will transfer to the issuer who failed to issue EMV-capable cards to their card holders.

These “pump and dump” schemes are prime examples of how fraudsters are scrambling to cash in before EMV deployments are complete in the United States. As EMV-enabled equipment continues to roll out at gas stations across the country, thieves will target stations that are less prepared.

Additional Information:

For additional resources on the EMV migration to the US and its impact on our industry, please see:

  1. Gilbarco’s EMV informational web-page
  2. Product Opportunities to create an ROI from the EMV Migration
  3. EMV Migration Forum – Knowledge Center

Comments

You've captured this percyftle. Thanks for taking the time!

Company: 
You've captured this percyftle. Thanks for taking the time!

Add new comment