# 1024\_002 Digital Wallet Fraud Prevention

<table data-header-hidden><thead><tr><th valign="top"></th><th valign="top"></th></tr></thead><tbody><tr><td valign="top">Products:</td><td valign="top"><p>Commander, RubyCi, Commander 16</p><p> </p></td></tr><tr><td valign="top">Trademark Notice:</td><td valign="top">Verifone, Commander, Ruby2, C18, and Topaz XL are trademarks of Verifone, Inc. All other registered trademarks or brand names are the properties of their respective holders.</td></tr><tr><td valign="top">Publication Date:</td><td valign="top">March 24, 2026</td></tr></tbody></table>

### Reported EMV Contactless Fraud at Petroleum Convenience&#xD; and Fueling Installations

We are aware that certain threat actors are executing a fraud scheme impacting contactless payment credit card transactions in which a compromised digital wallet transmits an instruction to treat the
\
transaction in “offline” mode, so that the perpetrators can circumvent normal approval mechanisms to acquire goods or gift cards without paying for them. This is a very sophisticated attack and is affecting multiple industries and is not limited to the Petroleum industry.

\
We, at Verifone, take these external events very seriously and have taken immediate steps to identify and prevent the risk of fraud exposure to our customers. Through our efforts, we confirmed that
\
previously updated versions of Verifone software will decline all locally approved offline transactions
\
regardless of whether they originate in-store or at the pump. If you have not already done so, we highly recommend upgrading your software to the most recent version of software approved for distribution by your brand or processor. Specific instructions and versions that mitigate this attack are provided herein.

\
Protecting against fraud is of utmost importance to Verifone and if any further assistance is needed, we are here to support you. If you have any questions about this, please reach out to your Account
\
Representative

### EMV Contactless Fraud Mitigation – Instruction and&#xD; Information

To remove support for EMV Contactless Local Approval, below we provide instructions on what minimum release is available for each version of Verifone Commander software. We also include a list of Patch version releases where applicable. Finally, we provide instructions on how to confirm the current version of Commander software you have installed, and how to upgrade your Commander software.

### Full Release Version

Full release versions of our Commander software that includes the necessary change to disallow Contactless Local Approval are available as listed below. A full release will take 1-2 hours for upgrade as with any other release. The table lists the Minimum Release Version required for each of our Major
\
Releases. Please ensure you upgrade to the corresponding minimum release version or greater to ensure you receive this change.

<figure><img src="/files/9u7pYidcgRW1OzWvDLUC" alt="" width="437"><figcaption></figcaption></figure>

### Patch Versions

If you are running a 53.40 or 53.41 Major Release, patch releases are also available. A patch release includes only the specific change to disallow local approvals but only take 10–15 minutes for the site to upgrade. A patch release can **only** be staged via remote software update (VRSD) for a site and must be applied to its specific version as listed below.

<figure><img src="/files/VqvI3jB68KbkKzD341Bq" alt=""><figcaption></figcaption></figure>

### Checking your Commander Software Version

If you are not sure what version of Commander Software you are running, you can follow these simple instructions to verify this information.

* On your Verifone POS system, tap the Help option.&#x20;

<figure><img src="/files/WyLzGaR4bz24IOyllZmy" alt=""><figcaption></figcaption></figure>

* Then tap About.

<figure><img src="/files/XCVJWuu4eCkR6IDfSAnQ" alt=""><figcaption></figcaption></figure>

* Then read Version Information.

<figure><img src="/files/TySweZRrRRBgFFKC7sSu" alt=""><figcaption></figcaption></figure>

As an alternative process, if you have access to Config Client you may perform the following steps to
\
retrieve the same information:

1. Log into Config. Client&#x20;
2. Click on Help&#x20;
3. Select About.&#x20;
4. In the example below, the location is running the Buypass application with software version 1.01.06

<figure><img src="/files/KG4lnEtLG9PbLbf8huKr" alt="" width="563"><figcaption></figcaption></figure>

### Upgrading your Commander Software

If you are upgrading to one of the full release versions listed the **Full Release Version** section above, you can request the upgrade via remote software update (VRSD) or have a VASC visit your site and upgrade your Commander software.

\
If you are upgrading to one of the Patch versions listed in the **Patch Versions** section above, the upgrade can only be performed via remote software update (VRSD).

\
**If you have any questions regarding the above process or experience any issues while upgrading your sites, please call our Verifone Help Desk 1-800-VERIFONE, select option 1, followed by option 1 again.**


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.verifone.com/petroleum-docs/petro-and-c-store/commander-and-integrated-pos/bulletins/1024_002-digital-wallet-fraud-prevention.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.