Security experts are criticizing state and regional proposals that would require credit card readers at new and existing electric car charging stations. Vermont, Nevada, California, and Arizona are among the states considering this mandate. However, a study by cybersecurity experts April Wright and Jayson Street working with the Digital Citizens Alliance says that these proposals would put drivers more at risk for identity theft.
Related: The Best Password Managers of 2019
Why Are Credit Card Chargers Dangerous for Cybersecurity?
The security problem lies with the magnetic stripe on the back of credit cards, Wright told Security Baron in an interview. While skimming is a hardware method for capturing credit card details, shimming is used when the card has a chip, attempting to bypass the chip and force the user to use the magnetic strip. Wright told Security Baron,
“These proposals that mandate that all EV charging stations have credit card readers are a step in the wrong direction…it’s much more secure and more in line with what the payment industry wants to move over to chips from magnetic strips.”
While there is no electronic payment method that’s completely safe from skimming and shimming, credit card readers are the most vulnerable, Wright continued.
The United States Secret Service vs. Credit Card Readers
In the past few years, the United States Secret Service has cracked down on fraud related to credit card readers, taking the following steps among others:
- In 2017, Colorado law enforcements busted a 12-person skimming ring that stole about $2.5 million per week on average from more than 8,000 victims
- In 2018, the Secret Service announced that they had removed almost 200 credit card readers from gas stations in 16 different states
- In 2019, authorities arrested six people in Arizona that had targeted the credit card readers of 12 different gas stations around Phoenix through skimming
ChargePoint Home Chargers at Risk
Aside from the security risk of mandating credit card readers to electric car charing stations, cybersecurity experts have also found vulnerabilities in the chargers themselves. Kaspersky Lab, a cybersecurity company, found that chargers from ChargePoint Home could easily be hacked. Once the hackers gained access, they could either prevent the car from charging or increase the current, which could damage a home’s electrical system. Since, ChargePoint has claimed that they fixed the charger’s security.