Mobile payments are fast, secure, and frictionless, unless you’re tapping into the wrong system. One viral video is raising questions about how trust in tech can be exploited, one gas pump at a time.
In a recent TikTok clip, St. Louis-based creator Martice (@lovemartice) gives an up-close look at the potential scam that could give billing and payment access to bad actors rather than the honest retailers trying to make purchases as simple as possible.
“We gotta stop doing tap-to-pay at the gas stations,” she warns in the video that’s been viewed more than 70,000 times.
Beware of Scammers’ Stickers
The scam at the heart of the video is surprisingly low-tech. A scammer prints a personal payment QR code, usually linked to platforms like Cash App, Venmo, or PayPal, and slaps it on or near a gas pump’s tap-to-pay terminal. These decals often mimic the design of legitimate payment prompts, leading distracted drivers to assume they’re paying the gas station. Instead, they’re unknowingly sending money directly to the scammer.
What’s worse: when you tap your phone, the payment goes through instantly, but the pump doesn’t start. That confusion is exactly what scammers count on. Unlike traditional credit card skimming, which steals and reuses card data, this tactic doesn’t compromise your bank account or identity. It simply spoofs your behavior, rerouting your money to someone else while leaving your financial credentials untouched.
Legitimate tap-to-pay readers at gas stations are integrated directly into the pump’s authorization system, meaning the pump won’t dispense gas unless the station’s point of sale network verifies the transaction. If you pay a scammer instead, the pump stays inactive, but your money is already gone. While frustrating, this makes the scam easy to detect in hindsight: no gas, confirmation, or transaction on the pump’s display.
Tokens Enhance Security
Tap-to-pay systems, including mobile wallets like Apple Pay, Google Pay, and Samsung Pay, operate on standards developed by EMVCo, a global consortium owned by major payment networks including Visa, Mastercard, American Express, Discover, JCB, and UnionPay. EMVCo sets the protocols for secure contactless and chip-based payments, ensuring data is encrypted and tokenized during transactions. These standards make tap-to-pay transactions resistant to traditional fraud like card skimming.
The good news is that contactless payments like Apple Pay, Google Pay, and Samsung Pay are, by design, among the safest forms of payment. These systems use tokenization, which replaces your card number with a unique, encrypted token for each transaction. Even if someone were to intercept it, it wouldn’t be reusable.
Worldwide, fraudulent transactions, even including all card-present and card-not-present fraud, make up only about 0.01%–0.05% of daily transactions. This aligns with findings in the UK, where only 0.0151% of total contactless spending was linked to fraud. That said, the security of the technology doesn’t eliminate the risk of social engineering, and that’s exactly what this sticker scam exploits. You’re not being hacked; you’re being misled.
To avoid this kind of deception, the best defense is awareness and scrutiny. Always take a quick look at the payment terminal before tapping. Legitimate payment prompts will be consistent across pumps and typically part of the pump’s design or embedded touchscreen. If you see a paper sticker with a Venmo handle or QR code placed awkwardly on the machine, that’s an immediate red flag. Many gas stations offer official apps or loyalty programs, such as Exxon Mobil Rewards+ or Shell’s Fuel Rewards, that integrate contactless payment and provide extra security. If something feels off, step inside and pay at the counter.
If you do spot a suspicious sticker or believe you’ve sent money to a scammer, you can file a fraud report directly through the payment platform you used—whether that’s Venmo, Cash App, or PayPal. You should also alert the gas station manager so they can remove the sticker and inspect other pumps, and consider filing a local police report.
Part of what makes this scam so effective is how quickly and habitually many of us use tap-to-pay. As mobile wallets have become more common, used by 53% of smartphone users in the U.S. as of 2023, so has our reliance on speed and ease over vigilance. Scammers aren’t cracking systems or defeating encryption. They’re exploiting muscle memory. A fake sticker takes seconds to place and can blend easily with a cluttered pump, especially at night or in bad weather.
Motor1 reached out to Martice via direct message and to EMVCo via a website submission form. We’ll update this article if either responds.
