Security & Fraud

Public Charge Stations Are Vulnerable To Fraudulent Charges

Electric car drivers need to be on the lookout for fraudulent charges on their credit cards due to a lack of security measures at some public charging stations.

According to TechCrunch, security researchers at German company Fraunhofer discovered that some charge stations that require a dedicated card “have not implemented basic security mechanisms,” such as encryption.

“The infrastructure for charging electric vehicles is growing tremendously. By 2025, German automakers want at least 15 percent of their sales to be electric vehicles. Security vulnerabilities, however, plague the charging process,” the company wrote on its website.

Researcher Mathias Dalheimer first contacted the unnamed companies in question. But when they refused to rectify the issue, he decided to present his findings at the Chaos Computer Club conference.

These particular charging stations provide customers with a card embedded with a User ID, which enables the charging station to identify the user. Charging costs are then deducted from the bank account linked to the card.

“It is pretty easy to clone a charging card,” said Dalheimer. “Many manufacturers of charging stations have failed to implement basic safety mechanisms and, because these manufacturers sell their charging stations in a number of countries, Germany is not the only one affected by this.”

As Dalheimer pointed out, many of these charging stations have “insufficient safeguards for communication between charging stations and the billing backend.” Some send card numbers to operators without any encryption, so hackers with even the most basic equipment can intercept and steal customers’ card numbers.

“This makes it possible for criminals to forge charging cards or, what is arguably easier in practice, simply simulate charging transactions,” he said.

Not only could it be weeks before anyone would notice the fraudulent charges, but Dalheimer noted it could also be difficult for a consumer to dispute a fraudulent charge, especially a roaming charge where a different operator charges the customer after the original charge.

——————————

PYMNTS LIVE ROUNDTABLE: TUESDAY, JULY 14, 2020 AT 12:00 PM (ET)

Digital transformation has been forcefully accelerated, but how does that agility translate into the fight against COVID-era attacks and sophisticated identity threats? As millions embrace online everything, preserving digital trust now falls mostly on banks and FIs. Now, advances in identity data and using different weights on the payment mix afford new opportunities to arm organizations and their customers against cyberthreats. From the latest in machine learning for fraud and risk, to corporate treasury teams working in new ways with new datasets, learn from experts how digital identity, together with advances like real-time payments, combine to engender trust and enrich relationships.

TRENDING RIGHT NOW