Pump & Run: Abuse by Customers in Oil & Gas

The oil and gas industry is evolving at an impressive pace, transitioning from a product-focused industry — that emphasized research into the quality of the fuel and the importance of streamlining logistics and supply chains — into a customer-centric field in which experience and service are essential. 

That’s not only a great opportunity for the industry, but it’s also an essential element of survival as electric vehicles become more common; the value created by convenience stores becomes more vital (a process that is already well underway), and consumer preference for seamless payment opens options to increase brand loyalty and spending.

There are also risks involved. There’s the danger of fraud, with fraudsters increasingly interested in this burgeoning area. More subtly, but just as problematic in the long run, are legitimate customers gaming and cheating the system.

The Evolution of the Oil and Gas Industry is Attracting Abuse

In 2022, 50% of US respondents used a loyalty card or app for gas price discounts, a number which is almost bound to have increased since then. Consumers are more than ready to be persuaded to engage differently with this iconic industry. 

The trouble is that some customers see these changes as an opportunity to leverage themselves — benefiting from the evolution to take advantage of oil and gas in a way that abuses the system. This can be very costly for a company. 

Many companies have offered acquisition bonuses of different kinds to encourage signups for their apps and programs. For instance, new signups might get a discount on their gas for the first few times they use the app or get a free coffee in the convenience store. Customers who successfully refer a friend might get extra loyalty points, and so on. 

Programs like this are a great way to generate buzz and enthusiasm around a new app, encourage repeat purchases, and make a particular brand and its advantages part of a consumer’s routine. The thing is, when you’re offering something for (almost) nothing, some people will want to take too much. 

It’s supposed to be one account per customer, but customers who abuse the system sign up for multiple accounts. Some may keep going without limit if they’re not identified and stopped. 

Businesses simply can’t sustain this for long for a variety of reasons:

  • Money: Money paid to customers or given as discounts, in return for fake accounts, represents a direct financial loss.
  • Margins: The loss must be seen in the context of an industry where the pump price rarely brings in real revenue, and a fake account cannot spend extra money in-store.
  • Confusion: If a business doesn’t truly know the number of real customers and their identities, it does not understand its core audience or, therefore, how best to target it for growth. 
  • Payments ecosystem: If a small payment is made to validate a new payment method, but the account belongs to a fake or duplicate identity, the company still pays for the cost of the verification but for no added benefit to the company. At scale, this cost can build. 
  • Bad habits: Teaching customers that they can abuse the system risks inculcating bad behavior as an acceptable expectation for engaging with this brand, which is also a risk for future engagement. 
  • Artificial limitations: Some businesses are so concerned by the cost of abuse that they start limiting what they’re willing to offer in terms of discounts, deals, loyalty programs, and more. That’s a real limitation on growth and engagement, which could make the business less competitive in the long term.

Haven’t I Seen You Somewhere Before?

Many companies started their incentive and loyalty programs without considering abuse since oil and gas have historically seen relatively low levels of fraud and abuse. Forter’s data suggests, however, that the issue of abuse may already be a serious one.

As many as 10% of sign-up attempts in oil and gas may be from users who already possess existing accounts and are setting up without regard to terms and conditions. Many of these aren’t going to put too much effort into cheating; in fact, it’s typical for them to use the same real name and simply set up a series of throwaway email addresses, all using the same pattern. (JaneDoe1, janedoe2, etc.)

Even more astonishing is that as many as 2-4% of these cheating users don’t make the slightest effort to disguise what they’re doing. They’ll use the same device and even delete one fake account and set up a “new” one using the same details as the old one. 

Now, don’t get me wrong, I’m blaming the abusers here. They know that what they’re doing isn’t right, even if they don’t understand the knock-on effect of consequences in terms of rising prices, breakdown of trust, and so on. 

But as a fraud analyst, I also say that we need to demand more from ourselves as a profession when it comes to abuse. We’re supposed to be revenue optimization experts. If we’re allowing abuse to run rampant, we’re not doing a good job optimizing revenue.  

Referral Programs: Incentivizing Abuse

This can be especially true in referral programs, where as many as 5% of signups can be referral abuse. This can really hit companies that invest heavily in these programs to gain new customers. 

These types of programs were so popular as oil and gas shifted towards a consumer-centric model that at the high point of abuse, 5-8% of signups via referrals were likely to be fake. One user might set up tens of accounts to refer these “friends” and get the benefit, either via the new signup or sometimes double-dipping, benefitting both as the “new” user and the “referrer.” 

The problem became acute enough that many companies took steps to limit this kind of abuse, and levels are now more likely to hover around the 3-5% range in those companies. However, some were so spooked by the high cost of abuse that they discontinued their referral programs, which is a real shame for the business, may impact growth long term as well as short term, and is a problematic statement about how the company sees its options with regard to abuse.

Abuse Does Not Have to Be a Price of Doing Business

If you remember one thing from this article, please remember this: You don’t have to accept abuse as a price of doing business. I would say that you shouldn’t accept it. So much can be done to prevent abuse while enabling an excellent experience for good customers. Don’t feel trapped into giving in to cheaters. 

As fraud analysts, we are experts at pinpointing the details that show who a user really is. We can spot similarities between data points like emails — you’d never be fooled by “janedoe3” if you were thinking about the context of fraud. You know when a legitimate customer is returning and cheating your business.  

Combat Cheating and Encourage Commerce At the Same Time

Companies need to start leveraging their fraud-fighting abilities and knowledge to combat abuse as well. This doesn’t just reduce the loss and risk posed to the business but can also help create an exceptional customer experience. 

If you know which customers are abusive and in which ways, you can limit their steps while simultaneously encouraging good behavior. You can also identify loyal customers and give them deals and benefits tailored to their past activities. 

You can ensure that login is easy, or logout is rare for customers when you can be confident that they’re the same good customer all the time. You can also make payments and top-ups easy for these customers. 

It should all be part of the same wider shift towards a consumer-centric vision of the business and the industry more broadly. Encourage customers to avoid the behaviors that hurt your business and embrace the ones that are good for it by using your fraud analysts’ understanding in a different context. You’ll thank yourselves for it in no time.

Doriel Abrahams is the Principal Technologist at Forter, where he monitors emerging trends in the fight against fraudsters, including new fraud rings, attacker MOs, rising technologies, etc. His mission is to provide digital commerce leaders with the latest risk intel so they can adapt and get ahead of what’s to come.