The real solution here is to have contactless chip & pin systems at the pump, but apparently that is years away because of cost. In the meantime I find the best way to monitor my CC expenses is to enable SMS/Push alerts for any transaction above $0. This way I always expect to get an alert at the point of sale for any transaction. Anything unknown is a red flag and it also works well for subscriptions that I may forget about and want to cancel.
What service or cards offer SMS alerts for any transaction? The best I have it American Express which will alert me only when I have a transaction over $10. V.me by Visa used to offer an alert service for any amount and it was great, but unfortunately that service got shut down.
When I added my American Express card to Apple Pay, it started sending me push notifications for every transaction. It's crazy how fast it is, before I can even put my card back in my pocket my phone buzzes. You see pre-authorizations too, so when you swipe at a gas pump it usually shows a $100 authorization check.
Any push notification would be ok, but SMS is preferred because it's more reliable for me. The Visa service V.Me was great because you could use any card, even all the specialty rewards cards, and they didn't even have to be Visa cards!
I have "in-app" alerts (push notifications) enabled for a Discover card and two AmEx cards but they are set at relatively high amounts ($500, IIRC). I haven't checked to see how low they can be set. That requires you have their apps installed, however. I'm not sure if you can get them via SMS.
I don't know about alternatives, but I noticed that when I hooked up my Amex to Apple Pay, every transaction shows up as a push notification on my iPhone, nearly instantly.
I believe this is the case with any credit card placed into an Apple Wallet for Apple Pay, regardless of the card issuer. Every charge initiates a notification.
I found this useful when I was wondering about a charge that I wasn't expecting pop up. I logged into the card issuer's online portal and found that it was something I care about, but simply forgot it was pending. Though if it was a fraudulent charge, I could've just gave them a ring. It certain can help in noticing fraudulent transactions in a much shorter time frame than simply waiting for a statement.
That hasn't been the case for me. I get ApplePay notifications for every POS charge for my Amex Platinum even if it's not via ApplePay. But I have cards from Chase, Citi, and Bank of America in ApplePay as well, and I only get notifications if it's an ApplePay transaction. I wish they all did it the way Amex does.
Edit: Actually, I mis-remembered. Internet charges on the Amex do cause a notification. But not for any of the other cards.
I found these alerts really useful. I spotted a random travel site charge and thought maybe my wife had reserved a hotel for an upcoming trip. The next day I saw two more alerts on my phone and called Amex. Yep, fraud, new card issued now. Amex thanked me for keeping a close eye on the charges. I guess they realize it helps them catch/prevent fraudsters too.
Is this really necessary though? Personally, none of my cards will allow me to dispute a transaction until it posts as a charge not merely an authorization.
Seeing as you have 60 days after posting to dispute a charge, immediate notification seems like overkill.
I could see the usefulness for subscriptions or to shutdown a shopping spree before it gets out of hand I guess.
> Seeing as you have 60 days after posting to dispute a charge, immediate notification seems like overkill.
It's often much more than 60 days.
We had a chargeback at work that was a couple months over a year old. That surprised me...I had thought that a year was the limit.
That's not actually the most surprising thing I learned about credit cards last year, though. We got a notification from the payment processor near the end of the year that a charge from March had been reported as a success but actually failed. By "reported as a success" I do not just mean that the API had reported success on the charge. The payment processor had also reported later that it had successfully settled. They just never actually transferred any money to us.
While talking to them on the phone the payment processor rep then told me that the same thing had happened on the charges on this customer's monthly subscription for all subsequent months.
According to the payment processor rep, the customer had told his bank that he no longer wanted our service (but neglected to tell us...). The card was still good, and so the bank still said "approved" when we would try to charge it, then would apparently later notice that the customer did not want the charge and somehow arrange to block settlement, and the payment processor apparently has no way to report this.
Notice how messed up this is: you can put through a charge on a credit card, have the issuing bank and payment processor tell you it went through, have it settle according to the payment processor, have it show up as successfully settled in all reports from the payment processor...but the money just doesn't show up.
Unless the payment processor tells you about this, the only hint you'll have that something is wrong is that there will be a discrepancy between what is supposed to have shown up in your bank account and what actually showed up, and you won't have any way to tell which charge is the one that silently failed.
I never heard of that happening before either. I suspect the problem is with the issuing bank, not the processor. (I don't recall offhand what bank was the issuing bank, other than it was small and obscure enough I've never heard of it).
I'd prefer not to name the processor since I suspect that the same problem could happen at any processor when dealing with cards from that issuing bank so I don't want to drag the processor's name through the mud.
It would be nice if you could have some kind of "leading edge" trigger on it, so if there's a transaction from a merchant that's unique in, say, the last two months, you get an SMS. If someone steals your credit card and goes on a shopping spree they're unlikely to do it at the same stores you go to.
No, an actual chip should be secure enough to make skimmers pointless. However, we somehow desided to built and roll out a completely insecure chip system.
Ex of a simple and secure system. cc shows transaction cost, user clicks ok on the card. Card digitally signs a transaction with time stamp, vender ID, and amount.
Want safe online transactions, add a USB dongle or Bluetooth.
I think the idea is that it's reasonably-secure against skimmers taking your data and then re-using that data in another session or location when the card is absent.
But it won't save you from a compromised point-of-sale system that lies to you about how much you're paying or which commits fraudulent transactions while the card is still in the reader.
Which is why the amount should be displayed on a display embedded in the card itself. The control for authorizing the transaction should also be part of the card.
Now, if only we carried around a device that included a display and some sort of input mechanism, plus a near-distance communication chip...
(Ok, if the device is a general computing device, a special secure operation mode might be needed for this sort of use case, one which can't be subverted by normally installed software, but still...)
No reason why it shouldn't. This is not DRM, is your own credit, secured on your behalf. It should just be resistant to software based tampering by default. Specially, as I said, "normally installed software". If you can make sure that rooting your device requires a explicit knowledgeable user interaction (say: rebooting, erasing all data, then re-keying your device to your bank account somehow - in person visit?), then I see no reason why you should be prevented from changing the secure operation mode code itself or building your own compatible device.
I mean, you can mod the brakes on your car if you really want to, at your own risk. What is a bit strange is when your media player can affect your brakes without you even noticing. Same principle here, less lives on the line.
I believe he's referring to the current scan card + signature combo, which is very well known for being insecure because you t can be man in the middled, and the card is transmitting enough of it's information to duplicate the card if that data was captured by a skimmer.
When working a retail job I once (and only once) saw a credit card with a photo of the person it was issued to on the back. It was also about the only card I really bothered to check ownership on because signatures were useless.
Thankfully we've now got chip & pin, completely removing the need for minimum wage retail staff to verify ownership of credit cards.
Here it is, Planet Money Ep. 564: The Signature (16:20)
"Today on the show: the signature. It's supposed to say, "This is me." But where did the idea come from? And why are we still using it? We consult a rabbi, a lawyer and a credit card executive."
Canada has an oligopoly of banks, so there are things Canada can do that seem to be difficult for the US, and vice versa.
In this case, when all five banks decided to go to pin-enabled credit cards, they just did it. Retailers were given a certain amount of time to switch over, “or else.” There are few alternatives, so the entire country moved forward.
Whereas, south of the 49th parallel, there is all kinds of competition for credit cards and for merchant services, so if a few banks don’t feel like sending out cards with chips an PINs, they don’t. And if a few retailers don’t want to go to the expense of upgrading their systems, they don’t have to.
On the flip side... There is nearly zero Apple Pay up here.
NFC is limited in the amount you can charge and what's to stop the bad guys fitting their own nfc and taking $5bucks.
Some one has demoed a proof of concept system that you could hide in a back pack and walk through a crowded train/tube station and harvest small sums from hundreds of people.
However the same technology would allow chip and pin transactions with the addition of a keypad, if only the US hadn't gone for the ridiculous chip and signature nonsense.
Playing devil's advocate here, why do I care (as a consumer) if my credit card number is stolen? I'm not responsible for illegitimate charges as long as I report them within a reasonable time. That's generally accepted to be up to 40 days considering paper billing cycles.
Why do people sign up for text alerts and notifications on smartphone apps for certain purchase amounts? You're just doing the credit card company's job for them. At that point, what's the point? You're probably getting a new card number in a few days anyway.
Not trying to be flippant, I'm genuinely curious why people obsess over some of this as a consequence-free user.
>> You're just doing the credit card company's job for them.
In what way? You stated in your first paragraph that it's your responsibility to report fraud.
Regardless, it's not about being responsible for the charges, it's about not having to read a full credit card statement every month, looking for potentially fraudulent charges in a list of transactions made days or weeks prior. With a notification, I'm not looking at my credit card bill trying to figure out what the $45 charge to "AAZZYBD Ind. Co. Ltd." was (could be an Olive Garden, could be a gas station, could be a deep web retail site).
I've found that they will detect the fraud before I do. Like they always have. It's your responsibility to report fraud, but they're the big loser so they have more incentive to find the bad purchases ASAP.
Going through notifications after each purchase, or looking at a monthly bill, you're doing the same thing but in different time periods. We're all on the brink of app notification overload, I don't need one for each purchase I or my wife makes.
Not true. The rules aren't as generous as you think. Banks in the US have been covering more than they are legally required.
But what about outside the US?
Also this requires someone to religiously check the credit card statements, there is a time limit in which to report fraudulent transactions. (FYI: this is why I still get paper statements -- to remind myself to check)
This happened to me once. AMEX and I worked things out. They overnighted a card to me and gave me a number to call if I really had to make a purchase. They were going to generate a one time use card number and the merchant could punch it in. I never did need it though. I just waited for the replacement to arrive the following morning.
> “The stations know they’re buying stolen gas,” Scarince said. “They’re fully aware the fuel is not coming from a legitimate source. There’s never any paperwork with the fuel driver, and these transactions are missing all the elements of a normal, legitimate transaction between what would be a refinery and a gas station.”
This seems like the easiest way to tackle this problem (aside from chip cards). I doubt it would take much pressure on these guys to get the market for this to dry up, or at least considerably reduce the profitability. I'd guess the gas station owners have a lot more to lose than the thieves actually stealing gas.
You have to prove that they accepted stolen gas. Which isn't exactly easy, given the number of gas stations. Also, the Mafia is experienced at moving and selling drugs in larger quantities than the gas thefts here - I wouldn't be surprised if there weren't any "neighborhood fuel delivery services".
As a firefighter, this is an issue around here (Washington state).
People steal the brass end caps off hydrants. Dozens of them. Sell them to scrap metal places.
That conversation, I'm certain, doesn't go like "Oh, hey, I'm Bob from the Fire Department, getting rid of old hydrant caps" "Oh, sure! Sounds legit, Bob, let me give you some cash!"
I'm surprised that running a gas station isn't more regulated, i.e. being required to provide reports of how much has been sold, how much has been delivered, and who it was purchased from (and eventually using ANPR to say who bought how much :D).
Banks, credit card companies: Give me an API for accessing my own data. Give me an opportunity to set a callback address that gets pinged whenever my card is used somewhere. Even better: make it possible for this callback to decline transactions (obviously this comes with certain problems).
This would open up innovation and I'm sure this would lead to interesting solutions for combatting the fraud.
In EU something a little bit like this will become mandatory for banks. To my understanding one part of Payment Service Directive 2 (PSD2) is that banks will be required to allow third party access to bank account statements (on customers permission, of course).
These guys are criminals. Someone should be going after them. But the secret service?
This should be handled by the CC industry. US pumps should have chips like they do in most every other developed nation. It's an arms race, but prevention is easier than investigation.
And do not blame "the attendants". I worked as a light mechanic at one of the last truly full service stations. The pump/retail guys are payed minimum wage on flexible shifts to do a job that is actually rather dangerous. Only one of possibly a hundred attendants may know anything about the skimmer install. The guys who own/run the stations should also not be above suspicion. My bosses were some rather shady characters.
One of the two focuses of the secret service is financial crimes:
"Financial Crimes, covering missions such as prevention and investigation of counterfeit U.S. currency, U.S. treasury securities, and investigation of major fraud."
I am well aware of their various duties. That doesn't detract from my point that enforcement by such an agency is a remarkably inefficient means of addressing the problem.
The Secret Service is a federal agency. They are arguably a step up the ladder from the FBI. Their people do not come cheap. In this case they are being deployed against scammers who are filling homemade tankers with gas ... not big fish. (fyi, the Secret Service really really doesn't like the SS acronym. I made that mistake in a memo once. They are the one US agency without cool initials.)
It is almost always better/cheaper to prevent a crime from happening by removing the opportunity. Without bringing in spreadsheets and US federal budget reports, having the CC industry deploy a technological solution is cheaper than investigating, trying, arresting and housing these criminals. Gas pumps are expensive units, require regular service, and each move thousands of dollars worth of gas every day. A few bucks for the chip reader is no great burden.
Thanks! There's not a lot of info on the Secret Service's financial side (at least I didn't see much in Wikipedia) so it's hard to assess what's a normal use of their resources.
I don't know if I would really "blame" the attendants, but underpaid and low morale people in position of security are a risk anyways, being an armed guard, a gas pump attendant, a cashier or a money conveyer. I still don't really know how the people in power think about that, because they are the people perpetuating that.
> I still don't really know how the people in power think about that, because they are the people perpetuating that.
It's a risk-cost tradeoff. Many people desperate enough to work in these areas are happy they actually got even a shit job and don't intentionally defraud their employer (and losses due to customer theft are priced in, anyways). The bet is on those who are crazy/desperate enough to actually exploit the weaknesses in the system to commit bigger fraud - and how much damage is to be expected.
Now, take the expected damage and contrast it with paying your employees more, and I bet that it's cheaper risking one or two 10K thefts a year than paying all employees more which can be, even if you're only running a 10-employee shop and raise salaries by 2-3K/yr, the cheaper option.
Except that the station owners don't even see this as theft. The gas is sold. They get the money. That, or insurance pays for this crime perpetrated upon them. It is the CC issuer who most often takes the real hit.
Are you referring to the penalties or the annual membership fees? Nobody I know ever pays the annual fee; it's rarely worth it, unless they have a very good rewards system.
Although, I'm not sure what's worse, the penalties or the interest if you don't fully pay your balance every month.
The credit card networks charge merchant fees to process transactions. Those fees account for the cost of indemnifying cardholders against fraudulent transactions. The fees are passed along to customers in the form of higher prices, or come out of the merchants’ profits (or some of each). It’s all priced in.
One of the main duties of the secret service is investigating the counterfeiting of U.S. currency and access device fraud (including credit and debit fraud).
> US pumps should have chips like they do in most every other developed nation.
I'm confused: Are you talking about chips in the pumps - or the cards? The article seems to show a deep integration into the pumps to steal not only the magstripe data, but also the PIN. So I guess they already target chip & pin systems?
Plus, depending on the architecture of these systems you can 'degrade' a transaction from 'needs pin' to 'pin not required' (we had a couple of related downgrade articles here on HN and the 32C3 had - specific to Germany, but acc. to the authors probably somewhat applicable elsewhere - a talk about direct attacks against payment terminals to do the same thing).
Credit card companies DO have chips in their cards, but thousands of merchants around the country don't yet support them. Credit card companies are doing their best to pressure merchants to upgrade their systems, but they can't just suddenly cut off those thousands of merchants.
If they did, the headlines would suddenly be "Credit card companies forcing mom and pop shops to spend thousands on new equipment"
----
On Oct. 1, 2015, Visa and MasterCard put in force new rules that can penalize merchants who do not yet have chip-enabled terminals. Under the new rules, merchants that don’t have the technology to accept chip cards will assume full liability for the cost of fraud from purchases in which the customer presented a chip-enabled card.
But those rules don’t apply to fuel stations in the United States until October 2017, and a great many stations won’t meet that deadline, said Verifone’s Turner.
----
According to "Yearbook 2005: British Retail Consortium" [1], by the time of the liability shift (1 January 2005) "retailers accounting for 75% of transactions" had a chip+PIN terminal, with the remainder "well on the way". It goes on to explain that small businesses including petrol stations were consulted as the change was planned, there was no relaxed deadline for them. (If my memory is correct, petrol station pumps were among the first to switch, as they had the highest level of fraud — relatively high-value transactions with no supervision.)
Gas/Petrol stations were, along with restaurants, also the rare places where the CC was physically separated from the customer. By mandating chips+pin, customers no longer handed their cards over to people who might scan/copy them while out of sight.
You just have to transfer full legal liability onto the CC company in the event of fraud. They would build and deploy a sane crypto scheme by COB tomorrow, wherein my plaintext CC number would not be revealed during every transaction.
It's a 6 week turnaround time for Visa and Mastercard. But yeah, they can do it and have done it. Having non-standard procedures is a pain on the IT implementation side, and the US is non-standard.
Given the sensationalist scare quotes (such as there possibly being 30 of these unsafe trucks in existence), I presume the Secret Service is going after Mastercard and Visa for their willful negligence that created this situation?
The problem is most gas stations are pre-pay now. So if you want to pay with CC inside, you have to make two trips -- one to give them your card to hold onto while you pump gas, and a second trip to finalize the transaction and get your card back. Unless you know you are buying exactly $xx.xx of gas (and not a fill up), then you could just do one trip to the register.
Just based on the headline, I had guessed that some enterprising miscreant had figured out how to siphon off some of the gas as customers were fueling - perhaps through a small tap on the line.
The way I've seen it done around here (Southern California) is more social hack than technical hack: the enterprising miscreant comes up to you with a gas canister while you're pumping and gives you some sob story how he lost his wallet and needs a few gallons to get back down to San Diego.
The article involves a scam that is slightly larger potatoes and was newer than I expected. I was under the impression that skimmer problem had been largely neutralized (not sure where I got the idea, maybe something to do with new chip card rollout). Guess not.
Another low tech scam involves thieves swapping pump handles on two sided pumps. You swipe your card and the thief on the other side of the pump gets a free fillup. Takes a bit of coordination to not get caught, but most people don't pay attention when they're filling up.
The rest of the world had to put up with the EMV change-over. But the US just keeps delaying and delaying. If the card industry applied the same tactics to the US then merchants would switch over pretty quickly e.g if the shop doesn't have emv certified chip card terminals then the shop has to accept the loss from the fradulant transaction.
That is now the case for retail since October 2015. Any fraudulent transaction using the magstripe and the retailer is responsible for the loss. The rollout has been slow but I think the only major chain I use on a daily basis that hasn't got chip readers is Starbucks.
This doesn't apply to gas stations until October 2017. Assuming that the card industry doesn't blink, the problem should solve itself fairly quickly given that margins on gas stations are razor thin so if they have to eat the fraud then they will be lining up to install the new readers.
There is some kind of genius in the propaganda around the gas thieves. They are stealing stuff, but let's paint them even darker by saying their trucks are unsafe. You know what's probably more unsafe? a policeman with a gun. But the prosecutor is elected, every case is more than a legal case, it's an election campaign PR operation, you have to win indictment, the trial and the reelection with every case.
I just love it, nobody can state anything objectively and with detachment anymore, everything is politically overloaded, even stuff that could be even as consensual as thievery.
> They are stealing stuff, but let's paint them even darker by saying their trucks are unsafe
These things are literal rolling bombs. Diesel is not as critical (it doesn't emit explosive vapours and you need higher temperatures to get it to burn, and unless you vaporize it it will just burn and not explode), but take one of these trucks with 1 ton of petrol in plastic tanks and you got yourself a pretty nice fire/explosion hazard. Not to mention that ordinary plastic gets attacked by the petrol and thus will be weaker than the same tank filled with water.
All this needs to go off is a single drunk driver slamming into such a truck. To those who still think "ah that's harmless, just a fire", go visit your local fire department at an exercise session and watch how powerful just a liter of burning petrol is, then scale this up to a 1-ton-payload truck spewing the stuff everywhere.
There's a reason why ordinary fuel trucks are heavily regulated (e.g. in Germany, they're not allowed on roads in environmentally protected zones, must carry a number of fire extinguishers, have a speed limit of 60 km/h on country roads and 80 km/h on Autobahns, the drivers must be specially licensed).
Speed limits and road restrictions are all well and good, but if a tanker catches fire those extinguishers are not going to help. They may help prevent some external fire from propagating to the tanker, but if the tanker itself is burning ... run.
Diesel might seem better, but there are issues. Gas will burn/evaporate away and be gone. Diesel gets into soil and lingers, creating more environmental damage than if gas was left to burn away. The driver is safer hauling diesel, but the environment is safer if he hauls gas. This conflict is more dramatic with propane trucks (bigger fire risk, but no real chance of soil damage).
We are not talking about Europe, we are taking about the US, there is no real safety regulation on the streets, and people heavily mod cars on the war tank model (rigid box for everybody). It's not 30 sketchy tanks in a State the size of Germany that will add any significant risk. Every single handy US guy will weld his own tank instead of buying a plastic one because it's manly and DIY. And they love gas: for the home generator connected to the AC in the summer when the electricity is out, because in the wild everything works with gas engines, because of boating, for preparation to the apocalypse etc. So many reasons to make your own welded gas tank.
I've never seen or known anyone to make a welded gas tank. Nor an a/c on a generator. And yet I've known a lot of "handy" people, including specifically welders. Where in the US are you referring to?
> Every single handy US guy will weld his own tank instead of buying a plastic one because it's manly and DIY.
All the more reason to be fucking afraid. One bad weld and the entire tank ruptures when slammed into (or it might just fail from ordinary vibration!). Or it leaks either gas or a sloppy weld on the top side vents fumes - the OP actually mentions a driver lighting a cigarette, causing his truck to explode.
Welding together a truck might cause it to fall apart. Welding a tank might cause a disaster.
Isn't California the wealthiest State of the US? people buy war vehicles (MRAP) as week-end toys there. Money is not an issue at all. You just have to find 30 wealthy weirdos with a welder to drawn those trucks.
And frankly, maybe I would do it too in some circumstances, it's DIY, the tank has exactly the size and shape you need and you live only once, so I might rationalize the risk (on the other hand, I don't think I would ever do a custom roto-casting or blow-molding of a significant size, that looks like a pain in the butt and a lot of tooling for a one-off).
I don't want to drive anywhere near someone with 1,000 liters of fuel stored in a weak shell. If that ignites and catches fire, anyone nearby could come to a horrendously, horrendously painful death.
Legit oil carrying trucks are everywhere, and they are no real different appart that they hold way more gas in them. As far as I know every single accident involving a volatile liquid carrying truck has led to a fire. There is no real push for double hull or stuff like that in the oil trucking industry. The only safety is segmented tanks, but as far as I know they don't really stop fire propagation (but they stop waves, so they are tremendously useful anyways).
edit: of course, you'll have the prepper, the boat enthusiast, the car or truck modder, the american wild lover, and a bunch of other people carrying sketchy home made gas tanks everywhere around you in the land of freedom.
There's a major difference: driving one of the legitimate tanker trucks requires a special class of driver's license, which one can't get without extra training and a good driving safety record.
(Also, I'm pretty sure you're wrong about every single accident leading to fire. Fender-benders and low-speed collisions do happen.)
For starters, you can see the legit truck carrying flammable payload and steer clear, if you have concerns about your safety. "Bladder trucks" are specifically disguised to prevent you from spotting them.
A 10 gallon fuel cell in a race car or a 1 gallon portable gas tank sitting on a boat aren't the same as a 500 gallon homemade bladder stuffed into an overloaded passenger car. I honestly can't tell if you're being facetious here. Also, a guy bringing gas home for his lawnmower is doing something useful that justifies the risk somewhat. These guys are purely motivated by greed. There's no good reason to drive these trucks around.
-These trucks have no HAZMAT signs to alert first responders to the dangers within.
-There is no separation between driver and cargo, so things like smoking or even electrical sparks could ignite the gasoline.
-These bladders don't appear to be commercially engineered or fit for this purpose. They could easily leak.
-The trucks pictured are running well over their rated payload capacity and are 10+ years old. 500 gallons of gasoline weighs 3125 lbs and even the large Excursion shown is only rated for 1500-2000 including driver and legitimate fuel.
-The drivers are incentivized to run away from police at the scene of an accident and their insurance won't cover criminal activity. If a commercial fuel truck catches fire and someone gets injured due to burns, they'd have to pay.
-The drivers aren't properly trained for handling hazardous materials. They could do things like stall on railroad tracks and kill hundreds of people.
To me, the risk seems much higher than a hobbyist with a custom hot rod or a legitimate tanker truck.
no, plastic is generally safer. One of the most important safety innovation in cars is the plastic gas tank (as a side note, we are looking for something as transformative for batteries in electric cars), it bends way further than steel before leaking.
Normal trucks are not stupid, it's just that past a certain size, only steel can hold the static force of the liquid. There are contradictory factors, you want the cargo to be held firmly in place when you brake, but you want the tank to be accepting a lot of deformation before breaking. I'm not sure, but a secondary concern might be contamination, I'm not sure you can switch liquids in a plastic tank, while you can clean a steel tank.
Bigger tanks also flex more. So they need something that won't fatigue as quickly. If it spends its life bouncing down roads, plastic will begin to show cracks at flex points long before steal.
