Standard Bank and Fuel Cards, Fleet Cards and Safety from Fraud
What are the best measures from the side of the bank to combat fraud with a garage/ petrol card?
A robust and state of the art fleet management system is key to assisting customers to manage fleet expenses and combat fraud.
In 2010 Standard Bank Fleet Management pioneered and led an industry initiative to move all Fleet Card transactions from an “offline” environment to an “online” environment. As a result, more than 99% of current fleet card transactions acquired from bank supplied point-of-sale (POS) terminals take the transactions online for authorisation.
As a fleet card issuer, our transactions come directly into our system for authorisation and we do over 30 different validations before approving or declining a transaction.
If the transaction is declined by our system the merchant then has to phone in for the transaction to be authorised. The decline is then overridden and the transaction is authorised if it’s deemed to be valid.
1. How does the “Cloning” of garage cards take place?
In most instances, the cloning of fleet cards happens at filling stations or workshops where a syndicate and one or more of the attendants at a filling station are in collusion. The attendant has a small device called a skimming device (supplied by the syndicate) which is used to uplift the information from the card by swiping the card through this device.
In certain instances, these syndicates will also target employees of a certain company who may have access to the company’s fleet cards. The same method is used to obtain the information from the card by swiping it through the skimming device.
The information obtained from the card is then used to produce a cloned card which is then used to attempt fraud. It is therefore important for customers to ensure that they have proper controls in place in terms of who has access to these cards and also to reinforce with their drivers to not allow the cards to go out of their sight.
Recently we’ve also seen POS devices being stolen from merchants and then converted into skimming devices which makes it difficult for drivers/customers to know that the card is being cloned. Fleet cards do not have PINs however with cards that do require a PIN, these devices are then used to uplift the customer’s PIN as well. Obviously, the device will not be able to process the transaction however the attendant will then use an excuse that the device ran out of battery power or is malfunctioning. They will then collect a “legitimate” Bank terminal and process the transaction accordingly.
2. Would the bank have a system in place to detect suspicious activities on the garage card?
From a Standard Bank Fleet Card perspective, our transactions come directly into our system for authorisation and we do over 30 different validations before approving or declining a transaction.
In addition to this, we also have a dedicated risk team that monitors fleet card transactions on a daily basis to detect and investigate irregular and possible fraudulent transactions. The system allows us to compare customer usage and if out of line, the customer is contacted to inquire about the legitimacy of the transaction.
3. What would be deemed suspicious transactions?
The most common way to pick up suspicious fleet card transactions normally include:
• transactions that take place in a quick succession of each other,
• transactions where the odometer reading of the vehicle does not follow previous transactions in sequential order
High-value transactions or where a high-value transaction was attempted (and declined) and thereafter attempts are made to swipe the card for a lesser value
Customers also play a pivotal role in detecting suspicious transactions. Even though the system and our risk team will prevent the bulk of fraudulent transactions, there is still the possibility that fraudulent transactions may get through the system and hence the reason why it is critical for fleet card customers to scrutinise their fleet reports and notify us immediately if they suspect any irregularities.
4. Is there a limit to the monetary value or the number of daily transactions on a petrol card? Can the client request such a limit?
The number of transactions, as well as the maximum value of a specific transaction, forms part of the 30+ validations which the fleet card system performs before authorising transactions. Customers are also able to specify some of these parameters (for example, only allow two transactions a day).
5. Does the petrol card have an SMS functionality to alert a client once a transaction has taken place - Can the client request this to be included?
Yes. The purpose of this service is to alert customers immediately of any fleet card transaction that has taken place. SMSs will indicate if the transaction was approved or declined and will include details of the transaction. Customers have the option to either receive both approved and declined transactions or approved only or declined only.
We also have a website, App and mobile site where customers can view their approved as well as declined fleet card transactions in real-time. This enables customers to immediately see why a transaction has been declined, how many attempts were made etc.
6. Does the Petrol card require a pin code to be entered? Is it something a client can request?
Fleet cards do not require a PIN. Fleet cards are issued to a specific vehicle (i.e. the details of the vehicle are embossed on the card) and not to a driver/individual, and it can only be used to pay for vehicle expenses such as fuel, oil, services, repairs, tyres and toll fees for the vehicle embossed on the card. There are different types of cards that are used for various types of purchases. Part of the terms and conditions with regards to acceptance of fleet cards include an obligation on the merchant/forecourt attendant to validate whether the details embossed on the card match the details of the vehicle on the forecourt.
Each time the card is swiped at a point-of-sale terminal, the details of the transaction are recorded. This includes details such as the time and amount. The terminal will also prompt the merchant to enter the vehicle’s odometer reading. Transactions are approved or declined through our online authorisation feature. The transaction data is electronically uploaded to our fleet management system for processing and reporting to the client.
7. When would a client be deemed to have been negligent with his petrol card?
- When a card is left unattended in a vehicle or with a merchant.
- If the customer fails to notify the Bank timeously when a card is lost or stolen
- If transaction slips are not carefully checked before being signed by the driver
- If a driver attempts to use the card to purchase goods other than the purpose the card is intended for
- If a driver attempts to use the card on a vehicle other than the vehicle embossed on the face of the card
- If customers do not have proper controls in place in terms of who has access to these cards and where these cards are stored if they are not kept by the drivers
8. What suggestions do you offer to clients in protecting them from fraudulent transactions?
Please see attached some tips that we’ve put together for clients to protect them and their drivers against fleet card fraud
Safety Tips from Fleet Card Fraud
Make sure that drivers hand in all transaction slips
Make sure that the slips are matched to the transactions on the vehicle reports. If no slips are handed in, ask the driver for the reason.
An excessive amount of oil is being used
Check for oil leakage or possibly other goods being bought in store and processed as oil transactions.
Compare the vehicle's fuel consumption to the national average
- Too low
- the driver may be concealing vast distances travelled by paying cash for fuel.
- incorrect odometer readings.
- Too high
- incorrect odometer readings.
- filling additional vehicles/containers.
- driving behaviour.
- the heavy load of the vehicle.
- stationery idling vehicle using, for example, a crane or compressor linked to the vehicle.
Distance travelled and the fuel used
Compare the distance travelled against the vehicle's fuel consumption.
Ask the driver to fill the vehicle's tank to its correct capacity. Top-ups should be avoided.
Card left in a vehicle
A common problem is that when the vehicle is used by another driver, the card is removed from the vehicle, used fraudulently and placed back in the vehicle.
Incorrect odometer reading
If one digit is missing or the odometer reading is recorded in the wrong format, this may not necessarily be a fraud. To establish whether all is in order, check whether the distance travelled at the next fill up shows the correct odometer reading. If the odometer reading is completely erratic, and there are no slips, check to see whether the card was used for another vehicle in the same fleet.
Tank value exceeded
Determine whether the correct tank capacity was loaded on the card for that vehicle. Check whether the card is being used for the vehicle described on the card.
Disposing of the vehicle
The card must be retrieved and properly destroyed.
The incorrect Merchant name on the report, but the date and odometer reading in order
Refer to our Merchants department - 0860 106 249. It may be an incorrectly linked Merchant EDC terminal.
Unlawful purchases reflected on your statement
These amounts appear after the vehicle has been disposed of. The dates on the statement are processed dates and not actual transaction dates. Contact your consultant for details.
An employee leaving the company
Retrieve the card the day before the employee leaves the company. If you are unable to retrieve the card, inform the employee in writing that any further usage of the card constitutes fraud and if the card is presented, they may be arrested.
Employee absconds with the card
Report the card as lost immediately to 0860 106 249 or via email at SFMSLostCards@standardbank.co.za together with the driver's full name and surname, ID number, residential address, cell phone number and any other contact details.
Do not let the card leave your sight
To best way to prevent cards from being cloned is to ensure that the card never leaves your sight.
Transaction Authorization Fact Sheet
1. Keep in touch with what is taking place with your fleet
The Standard Bank Fleet Management System validates and authorises fleet card transactions at forecourts and workshops (excluding toll transactions) online. Transactions can be viewed and accessed in real-time via the Standard Bank Fleet Management (SBFM) App (for all Apple mobile devices), the Mobi-Site (Android mobile devices) and the Internet. Declined transactions will also be emailed to you on a daily basis.
2. Overriding a Declined Transaction
Customers registered as administrators for Transaction Authorisations will be able to override the following transactions:
- When the time between transactions is less than the default time span on the system, or the customer’s specified time span;
- When the vehicle tank capacity is exceeded;
- When the vehicle tank value is exceeded, i.e. within tank capacity but when litres are multiplied by the fuel price, then the maximum value allowed by the Fleet Management System is exceeded.
In the following instances the Fleet Management system will prevent a customer from overriding a transaction:
- When the customer is inactive in the Fleet Management system;
- When the customer has been blocked by the Fleet Management system;
- When the vehicle is inactive;
- When the card is inactive, i.e. lost, stolen, expired, hot listed or disposed of.
Only upon passing all of the above checks will the customer be able to authorise a transaction.
Once a transaction has been overridden, our system will allow the card to be swiped again within a limited time period for the exact same amount, after which it will no longer be able to be overridden by the customer.
3. Fleet Card Transaction Authorisation
Reporting on declined transactions via email
You will receive an email from us the morning after a declined transaction. The email, which is systematically generated, contains the details of the declined transaction as well as the reason why it was declined. For example:
- The vehicle’s status was changed to disposed of, indicating that the card was no longer needed;
- The driver attempted to swipe the card for the second time within a narrow time frame;
- The card was reported as lost or stolen;
- The driver attempted to purchase a quantity of fuel that is in excess of the vehicle’s tank capacity;
- The driver attempted to make payment for goods for which the card is not permitted to purchase, for example, a Fuel, Oil and Toll card being used to pay for spares and repairs.
4. Access your fleet of vehicles’ transactions in real-time via the web
In addition to receiving a daily report, our system also enables you to see all transactions authorised for the day (approved and declined) in real-time.
The system is updated dynamically, therefore, you merely need to access the website and every minute the data will be refreshed, showing you which transactions have been processed.
By accessing the website, you will be able to determine immediately the reason why a transaction has been declined and also determine the number of times or attempts to get the transactions processed, through multiple swipes at multiple terminals.
A word of appreciation for the kind assistance from the following people
Derick De Vries, Head of Standard Bank Fleet Division