As we know, fraud has many faces. Cards can be cloned, skimmed, stolen, lent or used privately. Hell, we’ve even visited a highway service station close to the Belgian channel ports where jerrycans and hoses are unashamedly displayed in the truck accessories area. We’ve heard leading logistics companies explain to us that fraud is simply “a fact of life”: they provide for it in their books, and describe it as an “unwritten employee benefit”. Wow.
At the same time, when fraudulent transactions are identified, the long-winded arguments start about liability. Is the issuer liable? Is the customer liable? Is the merchant liable? Wherever liability is finally deemed to lie, a better idea – surely – would be to deploy more sophisticated technology to reduce, if not eradicate, the incidence and cost of fraudulent behaviour.
There is a hidden cost, too. Fuel card issuers have fraud teams. Those fraud teams, typically, spend their time dealing with incidents, managing cases, arguing over liability and investigating process compliance. Far less energy is spent deploying next generation technology to make life more difficult for the fraudster.
There remains, still, a huge gap between standard and best practice. A huge gap.
Fraudulent transactions are not always illegal
We could argue all day about what constitutes “fraud”. For sure, there are clearly identifiable illegal activities (see our previous paragraph for some examples). But there is also a whole universe of refuelling activity which, while not illegal, is in fact more costly to the commercial transport operator.
Commercial drivers like convenience. If they have a fuel card (or a bunch of fuel cards) in their cabin which enable them to refuel at a comfortable motorway location, park up, buy a coffee and a hot dog (and who knows what else), then – often – that’s what they’ll do. Regardless of the fact that 10km away there is an unmanned truck refuelling site where their employer has negotiated heavy discounts off an already much lower pump or list price. Imagine the difference in price between an undiscounted motorway service station and a heavily discounted unmanned site. And then further imagine that our estimates put the percentage of volume “leaking” onto undiscounted high-price locations at between 25% and 33% of all volumes drawn. That’s a massive bonus to the retailers, for sure (they should look away here), but an equally massive cost to the commercial transport industry.
Technically, of course, it isn’t fraud. But it’s sure as hell out of policy. It’s sure as hell “unauthorised”. And it’s sure as hell expensive.
Fuel card issuers are not responding fast or effectively enough
So, actually, we are dealing with two distinct but linked phenomena. Illegal transactions, and unauthorised transactions. Together, they represent both a huge cost to the commercial transport industry, and a huge opportunity to save money.
So what progress has been made in deploying the right technologies to limit exposure, restrict liability and reduce cost? Hmmmmm.
Let’s face it, current technological priorities in the fuel card issuing world revolve, still, around getting networks 100% online-authorised. That may seem a worthy goal (and isn’t even achieved yet), but it is far from what is needed. Add to that the fact that, across Europe, thousands of toll points are (effectively) offline, or at best authorised online against an offline blacklist, and there remains a level of exposure which approaches the unmanageable.
The fuel card issuing industry needs to take some huge leaps forward with fraud prevention and extricate itself from the constrained thinking of the past. Not least because the world is about to change.
Future fraud will become more sophisticated
If issuers have struggled to manage and reduce fraud liability in the world of rectangular pieces of plastic, then just imagine the coming world of tokenisation, virtual and mobile payments.
As commercial fuel payments go mobile (and they will), it’s reasonable to assume that a whole new breed of fraudster will enter the arena. Cyberspace is a dangerous place, so fuel card issuers examining the opportunities represented by mobile payments need to ask themselves some tough questions.
Are they well-enough armed to fend off the more sophisticated threats of hacking and cyber-fraud? Do they have the technological insight and capability, in-house, to manage the risks of fraud in a virtual/mobile environment? Do their current fraud prevention and management systems /processes stand up to critical scrutiny in the new world? Frankly, we doubt it. Which means some deeper thinking needs to happen, and quickly.
Fit-for-purpose solutions already exist
Given that we work in a financial services environment, it shouldn’t come as a surprise that solutions have already been developed and implemented in the Retail banking sector.
If you fly to Kuala Lumpur tomorrow and stick your debit card in an ATM, there is every chance it will be declined (regardless of your balance). If you go online at 2am and try to buy eight digital cameras, there is – again – every chance the transaction will be declined (regardless of your balance).
Retail banking deploys fraud prevention technologies based on machine learning. That “neural” technology leans about the typical transaction patterns of any card user, and continually updates and refreshes its understanding of those normal patterns. As such, starting with a fixed set of rules, it refreshes and re-refreshes those rules based on its evolving understanding of normal buying behaviour.
It’s capable, then, of either alerting or blocking any transaction which falls outside the customer’s rules, the issuer’s rules or its own learnt patterns of normal transaction behaviour. Powerful stuff but, more importantly, completely transferable to the fuel card environment.
It’s high time the fuel world caught up. The solutions are out there.
If you want to discuss the fraud prevention topics discussed above with our team of industry specialists, then please either visit our website at www.crt-europe.com or contact us via email at firstname.lastname@example.org