Cyber crimes on my electric car? More likely than you think, study says

car
Nissan LEAF charging at the Freedom Station in Houston, TX. This is an eVgo Network station with both Level 2 and DC fast charge.
car
Nissan LEAF charging at the Freedom Station in Houston, TX. This is an eVgo Network station with both Level 2 and DC fast charge.

Electric vehicle (EV) drivers could become targets for cyber criminals if new proposals that mandate the installation of credit card readers at EV charging stations are approved, according to a new security study published Tuesday.

The study – authored by cybersecurity experts April Wright and Jayson Street in partnership with the Digital Citizens Alliance – analyzes proposals in several U.S. states and concludes that requirements for credit card readers at public EV charging stations could expose drivers to increased risk of fraud, cybercrime and identity theft.

In Nevada, the Governor’s Office of Energy (GOE) issued a mandate requiring credit card readers at all Direct Current Fast Charge (DCFC) projects that receive funding through the state’s “dieselgate” settlement with Volkswagen.

“With a growing number of EVs on the road and dozens of new models hitting showrooms soon, the safety and security of EV charging stations should be paramount,” Wright said. “Yet, mandating credit card readers would expose drivers to new security risks and put them in the crosshairs of cyber criminals who use ‘skimmers’ and ‘shimmers’ to commit fraud.”

The authors argue that “skimmers” and “shimmers” – small devices engineered to steal credit card data – are a normally placed on gas pumps and other “unattended” locations (like ATMs) that are difficult for consumers to detect. 

Compounding the problem, many EV charging stations are located in remote areas along highways and in parking garages, providing an opportunity for criminals to install credit car stealing devices without being detected, according to the study.

Stolen data captured by these devices are sold on the Dark Web, where it is used for fraud and identity theft costing up to 16 million Americans $16 billion annually, according to the study.

Payments made at EV charging stations currently rely on mobile payments that are “contactless” which the study says is more secure and the best way to avoid “skimmers” from capturing and storing all the details in a card’s magnetic stripe.

Wright and Street warn that new proposals in states including California, Vermont, Nevada and Arizona would be a significant step backward for EV charging security, forcing the installation of payment technologies such as Magnetic Stripe Readers that cyber criminals could exploit.

“It’s hard to imagine a better way to gift cyber criminals with high-value skimming and shimming targets than to require credit card readers at EV charging stations,” said Street. “EV drivers are perceived to have higher income on average, and compounding the problem, many charging stations are located in remote areas that would allow criminals to conduct their operations more covertly.”

Jeniffer Solis
Reporter | Jeniffer was born and raised in Las Vegas, Nevada where she attended the University of Nevada, Las Vegas before graduating in 2017 with a B.A in Journalism and Media Studies. While at UNLV she was a senior staff writer for the student newspaper, the UNLV Scarlet and Gray Free Press, and a news reporter for KUNV 91.5 FM, covering everything from the Route 91 shooting to UNLV housing. She has also contributed to the UNLV News Center and worked as a production engineer for several KUNV broadcasts before joining the Nevada Current. She’s an Aries.

1 COMMENT

  1. I’ve driven an EV for 7 years now. Most stations have the contactless and an account system. That works fine. There is no need for CC readers on charging stations. Especially when there is a standard for auto makers that automatically transfers your account information via the charging cable back to the charging station so they know who to bill.

LEAVE A REPLY

Please enter your comment!
Please enter your name here