I Got Two-factored at the Gas Pump

I stopped to get gas after work. I swiped my debit card and the pump asked me for my zip code.

Being a curmudgeon and assuming the gas pump was hassling me for marketing data, I lied to the gas pump. 55555 I entered. The gas pump told me to see the assistant inside.

Access denied, turkey.

Turns out the gas pump wanted the zip code to compare it against the billing address of the card. Pretty smart. That’s basic two-factor authentication – authenticating your identity by providing two factors – something you have (a debit card) and something you know (the billing zip of the debit card). Progress.

5 Responses to I Got Two-factored at the Gas Pump

  1. Al says:

    This is one reason I keep my drivers license and credit cards in separate wallets; I don’t want the thieves to be able to get my zip from the license. Maybe I’m being overly cautious but it’s really no extra burden.

  2. andyinsdca says:

    We’ve been doing this in California for a few years! Welcome to the 21st Century!

    PS: Anyone that uses a debit card for anything but getting cash from an ATM in a secure location is asking for trouble; skimmers are too easy to put on card-readers at gas stations, etc.

  3. Sean says:

    +1 to what Andy said. Think I’ve been doing this at least 10 years in Seattle, and vaguely recall having to enter the zip in socal in the later 1990s.

    Between my wife and I, we average 1.5 replacement debit cards each year due to fraud alerts. That’s maybe the only thing Bank of America has done correctly.

  4. Mike S says:

    Yep, it’s been like that for years in CA. Now that I’m out in a more rural area, I question its utility, since a zip code covers a much larger area.
    But I suppose that if the cardholder and thief aren’t from the same area, the thief would have to a bit of research to find out other local zip codes before being able to use the card.

    Like Andy, though, I only use credit cards in the wild, and use debit cards more selectively.

  5. cyrus says:


    or you could use a different billing address (PO box) and keep everything in on wallet.