Visa Alerts That Attackers Are Scraping Card Data From Gas Stations

Cybercrime teams are aggressively exploiting an error in gas station POS (point-of-sale) systems to pinch credit card info, Visa has disclosed. The firm’s fraud disruption groups are probing various cases in which a hacking team dubbed as Fin8 defrauded fuel dispenser vendors. In each instance, the hackers got access to the POS systems using unknown means and malicious emails. They then set up POS scraping tool that used the lack of safety with ancient mag stripe cards that does not have a chip.

The hack does not seem to impact safer chip cards, but not all users have those, so service stations frequently operate with mag stripe scanners, as well. The info is actually sent in an un-encoded format to the main network of the vendor, where the hackers have understood how to decode it. The other issue is that the POS networks area not firewalled off from other, less essential regions of the network, letting hackers to get lateral access as soon as the network is compromised.

There is not much cardholders can do to prevent the hacks, but Visa has consulted that fuel vendors to encode data while it is sent or employ a chip-and-PIN rule. “Fuel dispenser vendors must take note of this activity and use machines that support chip wherever achievable, as this will considerably reduce the chances of these hacks,” it claimed in the security alert for this month.

Previously this year, Visa declared that fuel vendors must use chip scanners by October next year. After that, any stations without the new technology will be responsible for any fraud. The issue is, many such businesses have extremely ancient tech and must restore the complete pump at an expected cost of almost $250,000 for each station. Spread all over the convenience shops in the US, the total hit has been predicted at almost $22.5 Billion.