Here we are, half-way through December. It’s almost time to start playing luggage Tetris in the trunks of our cars and head off to our Holiday destinations (hopefully somewhere warm). Last stop? The gas station of course, need to fill up the tank before we head out.
Unfortunately, quite a few stations are pumping more than just gas.
Cybercriminals are attacking North American merchants who operate gas stations and pumps, attempting to upload “point-of-sale (POS) malware on their networks.” VISA is aware of the situation and publicly stated that its security team has investigated incidents that span across five separate fuel dispenser merchants.
The attacks are meant to gain “access to fuel dispenser merchants’ networks,” where they could deploy the malware, collect payment card data, and upload it onto a remote server.
This has worked in several instances due to a “weak spot in how gas stations and gas pump operators work,” according to the VISA Payment Fraud Disruption team.
Card readers on gas pumps don’t always support chip transactions. In fact, most of them do not, which means they are susceptible to cybercriminals as data from the card’s magnetic strip is sent to the station’s main network, and intercepted.
Outdated technology leaves back-doors unlocked and easily accessible to hackers. This is a perfect example.
VISA has stated that these incidents began during the Summer months and several were traced back to a cybercrime operation “known as FIN8”.
The easiest way to avoid stolen card information at the pump in this case is for fuel dispenser merchants to “encrypt card data while it’s being transferred across a network or stored in memory,” OR “shift to a chip card acceptance policy.”
VISA is hoping that fuel merchants realize the importance of “devices that support chip wherever possible,” so the likelihood of these attacks are decreased.
Starting in October 2020 fuel dispenser merchants will be required to install chip readers on their gas pumps. If card fraud happens after that date, “liability for any card fraud would shift from card issuers to the merchants.”
A little incentive to upgrade their technology.
We still advise any of those who are traveling, not just this holiday but always, be vigilant when using outdated devices. Utilizing the cashier is always a safer option if you’re trying to keep your financials secure at the pump.
If you need assistance with cybersecurity services contact DarkHound at [email protected].
Image source: https://unsplash.com/photos/XQZmfprZt6s