For years, cybercriminals have targeted gas pumps, using an attack method known as skimming. Now, however, Visa is warning of a new kind of attack.
In a post, Visa said a sophisticated hacking group known as FIN8 is targeting “fuel dispenser merchants” throughout North America.
Visa revealed that its fraud disruption team is investigating several instances in which FIN8 exploited vulnerabilities — via malicious emails and other unknown means — in gas station point-of-sale (POS) networks.
The attackers then gained access to the POS network and installed POS scraping software and stole credit card data without having to modify actual pumps.
On the plus side, however, more secure cards, such as chip-and-pin cards, are not affected by the hack.
But, sadly, many gas stations haven’t replaced card readers at pumps. As a result, data is sent in unencrypted form to the vendors main network, making it easy for malicious actors to intercept it.
Aside from using cash and chip-and-pin cards, there’s not much that drivers can do to avoid these attacks.
But Visa is urging merchants to switch to chip-and-pin readers by October 2020. After that, merchants without the new technology will be held responsible for any fraudulent charges made via their POS systems.