Visa warns of hacking risk at gas stations

  • December 16,2019
  • Category

TORONTO — Hackers attacked the payment systems of North American gas station pumps and gained access to customers’ credit card data.

Visa has issued multiple warnings to gas station owners over the past month, after successful attacks in August and September.

Visa describes the attacks as “significantly more advanced” than skimming, in which unauthorized devices are attached to card readers. These devices record information related to all cards subsequently swiped through the reader.

Hackers are able to get into the station’s systems after entering their computers through a phishing email or other methods. Once in the system, the attackers’ program scrapes card information in real-time, as payments are made at the pumps.

Why is this happening?

Visa says stations are being targeted more frequently because they’ve been slower to replace readers with  chip-reading devices.

The company is advising all businesses that use card readers to switch to chip-accepting machines as soon as possible, saying it will “significantly lower the likelihood of these attacks.” By next October, Visa will be absolving itself of all liability for fraud over non-chip devices, with merchants instead bearing full liability for any losses incurred by Visa card users on those devices.

Its believed the attack was carried out by FIN8, a group known to attempt to hack businesses in the retail, restaurant and hospitality sectors for financial benefit.

ZDNet reported in June that security researchers were seeing an upswing in FIN8-related activity after the group had been virtually dormant for two years. FIN8 is believed to be behind an attack that took place on a North American hospitality company. Which bore many similarities to the September attack on the gas station.

Ryan Flanagan Writer
December 15, 2019