EXECUTIVE SUMMARY:

Very recently, VISA issued security alerts stating that point-of-sale (POS) malware is targeting gas station and gas pump merchants in North America. VISA’s security team has investigated at least five of these types of incidents.

Cybercrime groups carry out these attacks with the goal of gaining access to fuel dispenser merchants’ networks. They install POS malware on these networks by scraping a computer’s RAM in hopes of finding unencrypted payment card data. This unencrypted payment card data is then uploaded to a remote server where criminals can access it.

The VISA Payment Fraud Disruption (PFD) team believes the hack targets a vulnerability in gas station and pump operations. Gas pump readers, unlike terminals in stores that now typically support chip or tap transactions, operate under older technology that uses credit cards’ magnetic strips. The data from the magnetic strips then is normally sent unencrypted to the gas station’s main network, leaving a weak link in the chain for criminals to jump in and steal it.

VISA believes almost half of the attacks were linked to a cybercrime operation known as FIN8. The easiest solution in the short term is for fuel merchants to encrypt customers’ card data when it is transferred across a network. Fuel merchants have until October of 2020 to switch payment systems to chip compatible card readers on their gas pumps. After October of 2020 liability for card fraud will shift from the card issuers to the merchants.

To learn more about the malware incidents at gas pumps in North America, check out this ZDNet article.