Proposals in several states could leave electric vehicle charging stations vulnerable to criminals, according to the Digital Citizens Alliance, a nonprofit organization which promotes internet safety. The organization issued a report last week arguing that initiatives under consideration in at least a dozen states would attract cyber thieves by allowing the use of traditional credit cards equipped with magnetic stripes at EV charging stations.
- Agencies in four states are considering adding magnetic stripe card readers on all public charging stations.
- Currently, most chargers use contactless payment methods, which are difficult to hack.
- The move is backed by the California Air Research Board and is being considered by Northeast States for Coordinated Air Use Management.
The nonprofit noted that most EV charging payments today rely on hard-to-hack “contactless” methods using Apple Pay, Google Pay or an encrypted card using radio-frequency identification (more commonly known by the acronym RFID). By contrast, the older technology used in magnetic stripes can be compromised by thieves using easily obtained skimming devices. “Compounding the problem, many EV charging stations are unmonitored, unattended, and located in remote areas along highways and in parking garages. This provides an opportunity for criminals to install malicious devices without being detected.”
The California Air Resources Board, along with government agencies in Arizona, Nevada and Vermont are considering adding magnetic stripe credit cards as a payment option at some or all of their public charging stations. Meanwhile, the Northeast States for Coordinated Air Use Management, a nonprofit of air quality agencies, is considering recommending its eight member states add the older technology as a payment option.
Magnetic stripes have been used on credit cards since the early 1970s.
“While these proposals may be well-intentioned, they could expose drivers to new security risks while providing cyber criminals with easy access to attractive targets,” wrote the study’s authors, cybersecurity experts April Wright and Jayson Street.