Pay at the Pump - how a ZIP code can save you from fraud
October 19th, 2007 Posted in Credit Card Fraud, Merchant
Have you noticed that more and more gas/petrol stations have been asking for your ZIP/postal code before permitting you to pay-at-the-pump? The reason for this is usually assumed to reduce the number of people who steal credit cards and use them to buy gas and get away for free. Why not ask for a simple thing like the person’s zip code just to make sure it’s really is the card holder who is using that credit card?
In addition to protecting themselves, gas stations are protecting many others because many times a criminal will use a stolen credit card at a gas station to “test” it out and make sure it’s still working. They assume that if it can buy gas then it can buy just about anything else! By asking for the customer’s zip code (something they should know) the gas station is helping to stem fraud and make criminals go elsewhere to test their wares.
It’s a small bit but it helps and makes me smile every time I am required to enter mine.
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
16 Responses to “Pay at the Pump - how a ZIP code can save you from fraud”
By Jeremy on Oct 19, 2007
I definitely think it’s a great idea. The only issue is that the thief could ‘bypass’ this by going straight to the attendant - it is riskier of course if the attendant asks for your ID. But think about it, I wouldn’t think most attendants care (in my experience they just ask you how much you want on the card and never check your ID. And if they did, you could say “Oh, I’m filling up for my friend” and probably get by on that). In any case, they could also force users to enter their zip codes at the cash register too. In effect, it would be like having to enter your PIN for your debit card.
By Michael on Oct 24, 2007
So instead of using a zip code, why not just require a unique PIN that is only tied to the card, and not to anything else? Kudos for the attempt, but I think it misses the mark.
By JR on Oct 24, 2007
Yeah, obviously it’s not perfect, but the point is that this is definitely better than not asking for the zip code. I don’t think he is suggesting that this is the perfect fix.
By PCI Punk on Oct 24, 2007
Too bad that many countries do not have 5 digit zip codes, e.g. UK, and the machines does not accept any other input. This means that many ppl with non-us cards may get stuck in the middle of the desert at 3 AM when there is no clerk to manually swipe your card … DOS?
By PG on Oct 25, 2007
Countries like the UK have Chip & Pin systems - we are asked for PIN code when visiting non-attendant payment terminals. I believe this will eventually roll out across the US, but until then this Zip code check (presumably done by AVS) seems like a good idea - though AVS checking is notoriously flaky and could end up being more of a problem for legitimate card users than fraudulent users.
By Bryan Johnson on Oct 25, 2007
What’s interesting to me about this is that they’ve essentially just turned on Address Verification Service (AVS), a fraud protection feature that’s been alive a well in the credit card processing industry since something like 1996.
By Michael Dahn on Oct 25, 2007
PCI Punk, the systems should be smart enough to identify the issuer of your card and prompt you only when they support the address verification system. This of course brings up the issue of cross-border fraud, where stolen credit cards from the UK can be ‘tested’ in the US before being used fraudulently.
By PCI Punk on Oct 26, 2007
Mike, unfortunately it does not work. I have had many cases when the card was denied since the system only allows entering digits and not alpha chars, which are need for a UK postal code. However, as you mention, some machines accept code for UK cards.
To test stolen non-US issued cards if they are valid, there are much easier and faster ways of doing it than at a gas pump in the US :).
By Michael Dahn on Oct 26, 2007
PCI Punk, yes I know but I didn’t want to hint at better ways to commit fraud.
By gnkinis on Dec 1, 2007
I just had my first experience with this and I don’t like it! I want to drive up to the pump, swipe my card, get my gas and leave. I don’t want a presumption that I am a criminal. When my bag was stolen with my credit card and id, the thief knew my zip code when he used it at the gas station. I know that credit card theft is just a little bit more involved than that but I think we should really slow down on the paths of heading towards complete and total police state.
By Michael Dahn on Dec 1, 2007
Well… we can’t make everyone happy.
By jagboy666 on Jul 17, 2008
This zipcode does not work for overseas visitors and just by using your hotel zipcode, you can get around it - I won’t mention 90210 !
By Shannon S. on Jul 20, 2008
My wallet was stolen and gas was purchased off my stolen credit card at a gas station that required that the zip code be entered. Well my zip code was on my drivers license. This new “crime prevention tool” is bogus and does not work because 99% of the time when a crook steals your credit card they steal your purse or wallet and the zip code is there for them. Some guy sold the credit card companies this useless zip code system that is good for nothing but made the guy who created it rich and he most likely bribed an executive in the credit card company to OK buying it. It is a hassle to honest folks and does nothing to prevent crime!