GuidesAPI ReferenceChangelog
Open a StraitsX AccountContact SalesLog In
Guides
Open a StraitsX AccountContact Sales
Start typing to search…

Automated Fuel Dispenser (AFD) Fraud Risk Advisory

🛑

Action Required: Critical Security Update

We are issuing this advisory following a recent Visa Payment Fraud Disruption (PFD) alert triggered by higher-than-usual Automated Fuel Dispenser (AFD) transaction frequency.

What is an AFD Attack?

AFD (Automated Fuel Dispenser) refers to payment terminals at gas stations that allow customers to pay directly at the pump without entering the kiosk. These terminals are classified under MCC 5542.

The Standard Transaction Flow

  1. Status Check (Hold): The pump initiates a small authorization (usually USD 1) as a temporary hold to verify the card is active.
  2. Fuel Dispensing: The customer pumps fuel; the actual total is unknown at this stage.
  3. Settlement (Completion): After fueling, the system submits the actual cost for final settlement.

The Fraud Mechanism

In an AFD Attack, fraudsters maintain a minimal balance (just enough to pass the USD 1 check). They pump a large volume of fuel, but the final settlement fails due to insufficient funds. Because the fuel has already been dispensed, the loss is unrecoverable. At scale, losses can reach tens of thousands of USD within hours.

Critical Action: Protecting Your Card Program

To mitigate this risk, you must implement the recommended_hold_amount logic immediately.

1. Utilize recommended_hold_amount

We provide a recommended_hold_amount field within the Remote Host Authorization payload for all USD 1 hold transactions at AFD merchants. This field provides the Visa-recommended pre-authorization hold (typically USD 100–350 depending on card type).

2. Implementation Requirements

  • Hold the Full Amount: Your system must hold the amount specified in recommended_hold_amount against the cardholder's balance, rather than just the USD 1.
  • Balance Validation: If the cardholder’s balance is lower than the recommended hold amount, decline the authorization.
  • Reconciliation: Release the hold only after the transaction is reconciled with the actual final fuel cost.
📘

Technical Documentation

For implementation details, refer to the Remote Host Authorization API Reference.

Strategic Security Measures by StraitsX

StraitsX has implemented the following global defenses to strengthen our network:

  • Regional Blocks: AFD transactions are currently blocked in the US, Mexico, Brazil, Taiwan and Japan.
  • Transaction Limits: AFD holds are optimized and limited to 2 transactions per card, per day.
  • Enhanced Detection: Deployed advanced fraud detection to identify suspicious patterns in completion failures.
  • Visa Coordination: Continuous monitoring in partnership with the Visa Risk Operations Center.

Updated 29 days ago