Important Update: Verifone Software approved for Potential EMV Contactless Fraud at Petroleum Convenience and Fueling Locations
Verifone has recently identified a potential fraud risk involving EMV contactless credit card transactions across multiple industries, including petroleum, and fueling stations. The fraud scheme exploits a vulnerability in which a compromised digital wallet processes transactions as offline, meaning they are approved locally without being sent to the host for authorization.
CHS Payment Solutions has tested and approved both a patch version and a full release version to address this issue for the Verifone Commander and Commander EF Solutions. Merchants currently running version 53.41.04 can choose either the patch or the full install. However, those not yet upgraded to version 53.41.04 must complete the full installation. The patch version (53.41.54) is available only through the Verifone Remote Software Delivery (VRSD) service, which offers a quicker upgrade path than a full installation. Instructions for requesting the patch via VRSD can be found at the following link: VRSD Request Instructions
| Version Type | Suite Number | Base Number | Applies to |
|---|---|---|---|
| Patch | 2.03.54 | 53.41.54 | 53.41.04 |
| Full Release | 2.03.55 | 53.41.55 | All Versions |
Affected Systems:
- Verifone Commander
- Pinnacle Commander EF
- Triple E Commander EF
Recommendations:
- Ensure ID is requested for age restricted items.
- Limit quantity of high-value items like cigarette cartons or electronics
- Upgrade Commander to patch or full release as soon as possible.
If you have any questions regarding this potential fraud risk, please contact CHS Payment Solutions at 800-852-5301.
