At a charging station in Loiret, France, it was recently discovered that someone had pasted a fake QR code over the real QR code, leading users to a fake payment service.
No one reacted
The victims in this case experienced paying without receiving any electricity. Unfortunately, it happens all too often that apps and charging services do not work. It is actually so common that many do not react. They go to the next charging post - or drive on to the next charging point. That is what the victims of the fraud in France did. Most people who experience this will think:
- Does this apply to everyone, or just me? Maybe it's the wrong chip, the wrong app, the wrong password, the wrong phone, the wrong car, or maybe just a temporary error on the charging post?
The fraudsters in France had ensured that only small amounts were withdrawn, the size of what normal charging sessions cost. This contributed to no one reacting. Therefore, the fraud could continue over time.
A new skimming method?
Charging stations with QR open up a new type of fraud. If you end up on a payment page, no one raises an eyebrow that a bank ID is required, which can give fraudsters the opportunity to withdraw larger amounts. This type of fraud is similar to the skimming of cards that were previously used at ATM terminals, but is easier to carry out. Furthermore, there are now far more charging stations than ATMs. It will only be a matter of time before this appears in Norway.
Card terminals and skimming
In Norway, a requirement applies that charging stations ordered after 1 July 2023 must be able to accept card payments. I am not sure whether payment solutions via QR code apply as card payment. I'm not sure about one either physical card payment with a card reader or "tagging" will be more secure than QR. Unfortunately, the location of many charging stations provides good working conditions for a new generation of "skimmers". While the payment terminals for fuel pumps is well protected under cover in supervised places, located the charging stations often off the beaten track - often with little visibility from the outside.
Be critical of the site
Before using the QR code, you should check that the information on the charging post looks real. Check that the QR code leads you to a page that can be linked to the charging company or a known payment service such as Nets, Vipps or PayPal. I myself have stood at a Spanish charging station and paid via Net's payment solution with a bank ID. I wouldn't have dared to pay if I didn't recognize the payment image from Nets.
- Doesn't everyone use an app, then?
Use of a QR code – or bank card when the time comes – are solutions that do not require a valid app to be installed for the charging point in question. If you stand at the charging station without an app, it will be faster to scan the QR code than to install the app. If you are in one of our neighboring countries, it may be that the app does not accept Norwegian bank cards, or that you cannot be verified as Norwegian bank ID from abroad.
An app or chip with pre-stored payment information is probably more secure than QR codes and card readers. Unfortunately, the app and chip do not always work as expected. Most people have probably ended up in such a situation. It happened to me a couple of days ago.
The QR code can be good to have
A perfectly normal evening - dark and cold at a busy charging station from Wed. The app from Fortum Charge & Go showed the post I was standing at, but the chip didn't work. Wrong piece? I tried to start charging from the app instead, but the IDs on the contacts did not match those listed in the app. Wrong app? If I remember correctly, there was another charging company here before - that is, before Wed took over. Okay, so I went into the app from instead Wed, which showed correct IDs on the contacts - except the one I was standing in front of - the only one available. The pole had two sides - one side was out of order - fault in terminal? - while the display on the other side showed that everything should be ok. Nevertheless, no contacts on the bar were shown in the app. Error in the app? The last solution could then have been to use the QR code as at Wed gives access to a solution with Vipps. I chose instead to drive on to the next charging station.My point is that the solution of scanning a QR code can be good to have when other solutions fail. Then you are irritated and a little impatient - exactly what the scammers want - helped by the fact that errors can always occur at charging stations.