Fueling cybercrime
Every time you swipe a card at a gas station pump, you put your credit card account information at risk. The most common method of data theft is via card “skimmers” on the pump that grab information from the insecure magnetic stripe on your card. Even pumps that read data from the card’s chip are not necessarily safer, thanks to new “shimming” devices. Now hackers are targeting the gas station’s internal data network to get that information without installing any devices.
The last time I traveled in Florida, my credit card information was stolen at a gas station, and fortunately my credit card company alerted me before too many fraudulent charges had been made. On our current trip from North Carolina to the Florida Keys, I decided to completely avoid using credit cards at gas stations (and no, I did not resort to cash). Instead, I have been using gas station smartphone apps that have a mobile payment option. These apps use GPS to automatically locate your gas station, and then you just specify the pump number. That pump then gets activated remotely, and you are notified that it is ready to dispense gas. When you’re done filling up, the charge goes to a credit card that you’ve pre-authorized through the app's secure online portal.
iPhone users may also be able to specify Apple Pay as the method of payment in many of these apps. There are a couple of reasons why that’s particularly helpful: Apple Pay users have already linked at least one credit card account to Apple Pay, so they don’t have to re-enter all that credit card information (name, account number, expiration date, authorization code) into each gas station app. And when you use Apple Pay, your iPhone will prompt you for facial recognition (or a fingerprint) to validate your identity at the point of purchase. This makes Apple Pay one of the safest methods for any payment transaction, and that option is baked right into most of these gas station iPhone apps.
So far, I’ve used these apps to pay for gas at Exxon, Mobil, BP, and Shell stations, and the process has been smooth and fast. The only disappointment is the same limitation with credit cards: the pumps still stop when you’ve reached the credit limit for that gas station (usually $90-$100), which is not uncommon with the 80-gallon tank on my Tiffin Open Road. That means you have to replace the pump handle in its holder, wait for the original transaction to close out, then restart the whole process with a different credit card. Some people avoid this limitation by first going into the gas station and requesting a larger pre-authorization. That works, but it costs even more time than restarting a new transaction at the pump. Fortunately, using the app to reactivate the pump is a relatively fast process, especially since you don’t have to use a credit card again and respond to pump prompts like “Credit or Debit?” and “Enter Zip Code.”
There’s also an unexpected bonus to using these gas station apps: some of them give you a discount off the current price at the pump (like the Shell Fuel Rewards program, Exxon Mobil Rewards+ program, BPme Rewards program, etc.). For Pilot/Flying J fans who take advantage of the discount for Good Sam Club members, the app will automatically authorize that discount if you link it to your membership number as well as your credit card.
Are there any ways for this gas station payment strategy to fail? Of course! Cybersecurity is just an arms race with hackers, and countermeasures need constant development and tweaking. But right now, you would be one big step ahead if you are not exposing your credit card for these transactions. The other failure point may be obvious: you need a cell phone signal, since the apps require that to activate the correct pump and validate your payment method.
Still, just imagine this at the next gas station stop: No more fumbling with credit cards, no more fraud risk, just the mixed feelings as you watch money securely flow out of your account and into that enormous gas tank.