Published:
October 18, 2024
Reading time:
5 minute read
Written by:
Doriel Abrahams
Oil and gas stations are among those businesses that everyone thinks they know. They are iconic, in a way — think of all the movies in which a gas station features. Today, however, these businesses are changing fast in ways that seem so natural that most consumers barely notice the evolution under their noses.
Reward points and paying via apps, loyalty programs, and deals, storing money in apps, expanding the services attached to the station, and more are all changing customer expectations of what a gas station means and opening up new opportunities for businesses to find new sources of revenue both now and in the future. Like all changes, though, they also represent leverage for fraudsters.
How Fraudsters Attack Oil and Gas Businesses
According to KPMG, “Oil and gas companies should evolve from the product-centric business models of the past to the customer-centric business models of the future,” and many are already doing just that.
In some ways, the shift represents a move towards more digital goods and services, which changes the weight of the business in terms of how it relates to fraud, making it far more attractive to criminals. Many of the features customers appreciate the most are fraudster favorites as well, such as:
- Paying via app makes the customer experience at the pump much smoother, but it also means that a fraudster who takes over a customer’s account has access to their stored payment method.
- Accounts are easy to create, which is great for legitimate customers, but it also means fraudsters can spin up a new account with no trouble and set it up with a stolen payment method.
- Many apps let users store money or points (or both) in their accounts. These are especially attractive to fraudsters; those accounts are 6-7x more likely to be the focus of fraudster attention. From the criminal perspective, this is free money, just sitting there.
- Loyalty programs connected to other brands or businesses appeal to customers because of their flexibility. Still, fraudsters love that same diversity of use and are 2.5x more likely to target those programs.
- Gas station convenience stores sell a range of products, most inexpensive, but they also frequently stock portable, relatively pricey items such as electronic gadgets, cigarettes, and alcohol. These goods are hot picks for criminals using stolen payment methods or hacked accounts because they’re valuable and easy to resell.
- When a payment method is added to an account, oil and gas companies often validate it by making a very small transaction as a test. Fraudsters leverage this as a form of card testing, which can be pricey for a business in the long run.
Return of the Fuel Fraudster
As well as the diversity of ways a fraudster can attack an oil and gas station, part of the challenge these businesses face comes from the fact that fraudsters who succeed come back.
Forter’s data suggests that almost 90% of the fraudsters attacking this industry are repeat fraudsters. These criminals have attempted (and sometimes succeeded) before and are back again to try their luck once more.
This means that a business stands to lose a lot of money if it fails to identify fraudsters confidently the first time they come and doesn’t have robust measures in place to ensure they can pierce obfuscation and disguises to identify when the same fraudster is returning.
Fraud Detection Under Pressure
Gas stations and convenience stores must make fraud decisions quickly and accurately because of the constant pressure businesses face in the lack of flexibility (in terms of customer experience).
A customer waiting at the pump doesn’t want to wait for anything. They’ve filled up, and they’re ready to go.
If they’re delayed by the app that’s supposed to make things easier and smoother for them, that app is much less likely to turn them into a loyal customer — it might even have the opposite effect. Since this business model is based on repeat customers, that’s a real problem.
That added pressure is even true when an account is set up. Often, customers don’t create an account until they’re right there and ready to use it. They’ll see an ad at the gas station and think, “Sure, I would like that discount; I’ll give it a go.” Those are, by definition, customers you want to delight right away. No extensive hoops and checks to validate their identity.
Some customers don’t have a choice about their method of payment. A truck driver using a corporate card, even if it’s loaded into an account, has to use that specific card. If they use their own money, reimbursement can be complex. Adding friction into the process for these customers can be very painful.
Not every business has to grapple with these challenges. Often, there’s a gap between a customer setting up an account and using it or between setting it up and storing a payment method or funds. Sometimes, customers are happy to take the time to prove their identity. Usually, there’s a period of grace after the purchase, during which a merchant can take time to verify legitimacy.
None of this is present to make life easier for oil and gas businesses. In that sense, they’re more like QSRs or digital goods, with all the fraud challenges they face.
Invest in Identity to Smooth the Road
The good news is that, from my perspective, this is a challenge that brings its own solution. Expanding into the digital realm and streamlining customer experience with apps, loyalty programs, and so on means your business is collecting new data about your customers that you never had access to before.
If they’re using an app, you know a lot about their device, what it looks like, and how they behave digitally. All of that knowledge is enormously valuable in helping:
- Distinguish individual returning customers
- Build profiles of customer personas
- Flag suspicious actors
The more you integrate this kind of knowledge into your business, the more targeted you can be about how you interact with your customers in other ways to make their experience easy every time and offer discounts or relevant deals.
This way, you can ensure that your investment in fraud protection isn’t just about preventing loss for your business. It’s also a key component of your strategy to be truly customer-centric and ready to be an active and competitive part of the future of commerce.
Doriel Abrahams is the Principal Technologist at Forter, where he monitors emerging trends in the fight against fraudsters, including new fraud rings, attacker MOs, rising technologies, etc. His mission is to provide digital commerce leaders with the latest risk intel so they can adapt and get ahead of what’s to come.