Fuel card fraud: How to protect your business with increased security

Fraud is on the rise. The Federal Trade Commission released new data in March of 2025 that consumers reported losing more than $12.5 billion to fraud in 2024. This represents a 25% increase over losses reported in 2023.

Over the last several years, fraud has become more and more difficult to detect. Phishing content used to be terribly written and obvious in its nefarious origins. Due to the increased use of generative AI, what used to be transparent and detectable signs of fraud are no longer so apparent. Bad actors have become more sophisticated and their content is much more believable as a result.

Use our new fraud report to train your staff and block fraudsters before they even get started.

Download this resource today and get fraud under control.

Read now

Fraud impacting your business? What to do about it

Now that we know fraud is becoming more prevalent, the question becomes: What do we do about it and how can you protect your business from this insidious, predatorial behavior?

Most fraudsters focus on accessing cash, credit, or goods to resell for a profit. This behavior can harm your business and impact your bottom line. In this article, we review the most common forms of credit card fraud and how to prevent them from doing you harm. 

The most common forms of fraud:

1. Transaction fraud

Transaction fraud includes:

Fraud with a skimming device

A common form of fuel card fraud is when a fraudster obtains card data through a skimming device. They install hidden devices on fuel pumps or point-of-sale terminals to capture credit card information (like card number and PIN) from users when they swipe. These bad actors “skim” the data off the card without a driver’s knowledge. They then use that information to make fraudulent purchases.

Lost/stolen cards

Thieves find a lost card or steal a company card and use the card for illegal purchases.

2. First-party fraud 

First-party fraud is both the most obvious to detect and the most difficult to prosecute. Anytime an authorized representative makes a transaction using their own identity to commit fraud, it’s called first-party fraud. What makes this fraud particularly onerous is that the user perpetrating the fraud can easily authenticate the transactions they are making. This is because they are the person authorized to use the credit. Even if an alert pops up prompting them to manually authorize the purchase, they’ll simply do so and continue with the fraudulent activity undeterred.

Here are a few examples of how first-party fraud could look in practice:

• A person applies for a loan or a credit card with their real identity but has no intention of ever paying that debt back. For example, say a business owner finds themselves in a tight financial situation. To bail themselves out, they knowingly draw credit they won’t be able to repay or just don’t plan to repay.
• When a business opens a fleet card account, they give each driver a fuel card to use. This is a card they’re authorized to use. First-party fraud occurs when one of those drivers uses their card to purchase fuel for a personal vehicle. It can also happen when they sell fuel to an outside party for profit.
• Fraud can also happen when one employee brings friends and their vehicles to the pump. He/she swipes a company card, and allows each friend to fill their tank.

First-party fraud experiences uptick during economic downturns. 

3. Account takeover

Account takeover is one type of Identity theft fraud. This involves a cybercriminal accessing a user’s online accounts. The criminal obtains login credentials through fraudulent means, using them to illegally access another person’s cash, products, and personal account information. If there is one app or website the victim has access to that is improperly secured, the floodgates open for the cybercriminal to wend their way through connecting paths to get to other accounts and do a clean sweep of assets.

Account takeover has tentacles that reach into layer after layer of accounts causing mayhem for the victim. This type of fraud is difficult to counteract and has far-reaching implications.

4. Application fraud

Another common form of fraud is application fraud. This is when a fraudster applies for credit using stolen or inaccurate information.

Application fraud and first-party fraud overlap. This is because application fraud often involves legitimate consumers using their own identity to commit fraud. These types of fraud are the hardest to detect because they involve the use of a true, authenticated identity.

How do I protect my fleet fuel card from fraud and the negative impact it would have on my business?

As phishing and other types of credit card fraud increase in sophistication, here are some actions to take to prevent damage to your business:

• Update the product purchase limits on your fleet fuel card
  • Limit the amount of times a product or service can be purchased and/or the number of transactions your fuel card(s) can perform in a given day, week, or month. This will help your business mitigate potential fraudulent activity. 
• Implement time restrictions
  • Set days of the week and times of the day parameters when drivers can use their fuel cards to make purchases. This will give your business more control over card usage and visibility that can help prevent unwanted use.
• Require real-time trip number validation
  • Adding a trip number prompt to your fleet fuel cards – and updating this number as drivers are dispatched on new trips – is another way to prevent fraudulent activity.
• Activate site restrictions
  • Lock down your fueling network to only necessary merchants.
• Appropriately manage card status
  • Clean up unused and idle cards by updating their status to “hold” or “inactive.” This will prevent bad actors from finding idle cards and reactivating them.
• Require regular employee training
  • Regularly educate your employees on the most common phishing scams and social engineering tactics. Empower your employees to say “no” to any requests that feel out-of-the-ordinary or give them pause. Provide mandatory, annual fraud training.

Among these simple best practices, perhaps the most important thing you can do to avoid card fraud is educate your employees on how to be vigilant and give them the agency to decide on the fly what might be fraudulent and what to do to prevent further action from fraudsters.

What companies and individuals can do to stave off social engineering fraud

Your biggest defense against fraud is your people. According to the 2024 Association of Fraud Examiners (ACFE) Report to the Nations, the median loss businesses experience due to fraud is $145,000, and fraud is estimated to impact about 5% of revenues annually. If you build a culture of education, trust, and agency, your staff will have the power to know fraud when they see it and take the appropriate steps to mitigate that activity and avoid costly impacts. 

Our research shows that newer employees are better at fraud prevention and identifying socially engineered communications than veteran employees. This is likely due to fraud prevention training during onboarding that’s still fresh in their minds. Veteran employees either never received such training or could benefit from a refresher course. The best way to solve this is to make annual, mandatory fraud training part of your business plan and an expectation and priority for your staff. There is great value in constantly retraining and providing fresh information to your entire organization.

Teach your staff to say “no” to fraudsters

Additionally, the most secure environments empower staff to say “no” to fraudsters. Cultures where staff are most vulnerable perpetuate a fear that saying “no” to a perpetrator will mean job loss or other consequences. Fraudsters are manipulative and use menacing tactics to convert your staff, sometimes even threatening that they will lose their jobs if they don’t do what they are told. This forces your staff to take actions that allow criminals to infiltrate your systems. If you empower your staff to be cautious and not easily manipulated, you can avoid this kind of fraud impacting your business.

Train employees on fraud prevention

Here are some basic rules to teach your staff to avoid harmful phishing schemes:

• Never click links you don’t know.
• Never respond to emails when you don’t know the sender.
• Never respond to an unsolicited email asking for account information.
• Do not provide sensitive information over the phone or email.
• With more sophisticated forms of fraud, the domain or sending email is what becomes the tell. Train your employees to ask themselves, “Does this email address make sense?” and avoid clicking on attachments or links sent from an unfamiliar email address.
• Give your employees the power to say, “I need to authenticate this before I can go any further.” And provide the tools to jump-start that authentication.
• Make sure your employees understand that they will never get fired for asking a caller or emailer these kinds of probing questions, nor will they get fired for saying “no” to someone asking for account information.

Fraud: What to be on the lookout for and what to do if you feel you’ve been compromised

A currently surging fraud trend involves receiving AI-generated phishing emails from illegitimate sources. These emails – circulated globally and crafted in a more sophisticated language – are harder to detect. It’s important to remind your employees who handle vendors for your business that WEX will never ask for login credentials to your fuel card account over email. If one of your staff inadvertently responds to a phishing email and provides credentials to a cybercriminal, they should call WEX’s customer service number immediately (printed on the back of your WEX fleet fuel cards). Alert us that your business has been compromised, and we will take the necessary steps to mitigate any attempts at fraud on your account.

General security practices for fleet card managers to prevent fraud on your WEX account

The following suggestions and procedures can also help protect your business from fraud:

• Periodically review eManager and your personnel’s purchasing limits. WEX can supply this list very quickly upon request.
• Keep WEX notified about attrition. Immediately notify WEX when a person with access to eManager leaves the company. Adding WEX to the procedures for employee removals will serve as a good reminder to make sure WEX’s authorized list of personnel is always up to date.
• Stay on top of reject reports. Review rejects periodically to understand what transactions were blocked. This may indicate malicious/unauthorized attempts on your card by drivers.
• Track MoneyCode transactions. Review the checks and balances when a MoneyCode is created for one of your drivers.
• Keep drivers informed and vigilant. Remind your drivers to never provide their PINs to anyone. Just like with a personal credit/debit card, your PIN is your protection for your account. This information should never be shared with anyone.
• Password protection is a priority. Do not share your eManager username or password with anyone, for any reason.

WEX provides the support you need with 42+ years of experience in the fleet industry: We’ve got your back and we’re here for the long haul

One way economic downturns can impact business norms is with increases in fraud, and preventing fraud is all about having the right systems in place in advance of an attack. A fleet card program that gives you visibility, control, and built-in fraud protection is one of the most effective ways to avoid fraudster threats to your business.

With WEX, you get:

• Built-in fraud controls | Purchase limits: Catch suspicious transactions before they impact your bottom line
  
• Detailed, line-item transaction data (Level III): See what was purchased, by whom, and where
  
• Real-time alerts | Customizable reporting: Stay informed and in control
  
• A closed-loop fuel network: Limit exposure and manage risk more effectively
  
• Support and guidance: WEX has been around for 42+ years – our team knows your business and what you need
  

If you’re actively looking for ways to reduce fraud and gain visibility into your fuel spend, the right partner can make all the difference. Smart fraud prevention uses data to predict and prevent issues, and keeps your business moving and your spend right where you want it.

All fleet cards are not the same, and different types of fuel cards suit the needs of different kinds and sizes of businesses. View WEX’s fleet card comparison chart to see which fleet fuel card is right for you.

WEX speaks the language of small business operators. Whether you’re looking to modernize your insight and reporting efforts, save on fuel costs or take advantage of the latest GPS tracking technologies, WEX offers solutions to simplify the business of running a business. To learn more about WEX, a dynamic and nimble global organization, please visit our About WEX page.

Learn more on how to better manage your small business:

• Marketing tips
• Trends
• Sustainability
• Artificial intelligence

Apply for a fleet card today!

Sources:
The Federal Trade Commission
Infosecurity Magazine
National Association of Fraud Examiners