Most people are probably familiar with the wave of hackers stealing ATM card information from unsecured terminals that went around a few years ago. It now appears that credit cards are the next big target for hackers. According to Visa, cybercrime groups are using poorly secured gas station pumps to steal the credit card data of millions of consumers.
Hackers are gaining access to point of sale (POS) networks with malicious emails and then installing scraping software that steals the data. Supposedly only credit cards with a magnetic strip (not those with a chip or contactless payment capabilities) are at risk. The new trend is damaging to both consumers and gas station owners alike.
Unfortunately for consumers, most POS gas station pumps are extremely outdated. This means that many of them only accept credit card payments from the old-fashioned mag stripe. Coupled with the fact that some people still don’t have a credit card with a chip, paying at the pump is not as secure as most consumers think.
The recent report from Visa’s fraud disruption team details how multiple cybercrime groups are targeting these POS systems. One group known as Fin8 infected the networks of gas merchants with a malicious email to gain access. Once inside, it was able to install credit data scraping software to steal the card information of everyone who made a purchase at the gas station’s POS pumps.
During each transaction, unencrypted payment information is sent from the pump to the station’s main network. From their position behind the network’s firewall, hackers found a way to steal card data during that transfer.
If there is a bright side to this situation it’s that cards with chips and those that are secured with PIN codes appear to be safe. The same goes for newly outfitted pumps that accept contactless payments like Google Pay or Apple Pay.
Next year likely won’t be a fun one for many gas station owners. Visa announced earlier this year that fuel merchants must outfit their pumps with chip card readers by October 2020. Those who refuse to comply will be liable for damages related to fraud that occurs as a result of having unsecured POS systems.
Unfortunately, most pumps are built with outdated technology. As a result, owners will likely need to replace entire pumps rather than simply adding a chip reader. For a medium-sized gas station that renovation can cost upwards of $250,000. It is estimated that it will cost around $22.5 billion for every American gas station to make the upgrade.
On the consumer side, there isn’t much that can be done. Since cyberattacks occur as a result of unsecured networks, people can’t do much to avoid putting their information at risk. Of course, paying inside with cash is always the safest option. In today’s card-driven world, however, that isn’t realistic for some.
One alternative is to fuel up at recently remodeled stations that are outfitted with the more secure chip card readers. Yet, until all locations comply with the new standard, the best move is to simply keep a close eye on your credit card account and combat any fraud early on.