Visa Inc (NYSE:V) issued a warning to its customers because cybercriminals target transactions at Gas Pumps to steal credit or debit card data. According to a communiqué from Visa, the cyber groups carried out a sophisticated attack at two fuel dispenser merchants in North America. Gas Pumps are attractive targets for hackers.
Different from skimming
The skimming requires a special device to grab the card data and create a new card with that information. In the latest attack, the cybercriminals sent malicious code to an employee of a Gas Pump and gathered the internal network details. They monetize such information of credit or debit cards on the dark web.
FIN8 is responsible for stealing Visa data
The point of sale systems that still have not implemented the chip is the prime target to steal Visa card details. In November 2019, Visa has alerted its customers, saying that attacks at the gas pumps are increasing faster. FIN8, an elite hacking group, exploits the vulnerabilities at Gas Pumps and collect the card information. A simple scan using an app can detect the Bluetooth enabled skimmers. However, it is hard to detect the attacks carried out by the FIN8 group.
The customers can use chip and pin protected cards at the point of sale systems. However, you need to ensure that the point of sale systems support the cards with chip and pin protection. According to the available information, older cards that lack PIN and chip are prone to hacking. Therefore, such customers are advised to pay in cash at the counters to prevent the theft of Visa card details.
The recent findings indicate that gas pump dispensers have not changed their old point of sale systems. They transmit data in an unencrypted form to the network of vendors. It helps to thieves to steal such unencrypted information quite easily.
The merchants are given time till October 2020 to change the older systems and implement new point of sale systems to support chip-based Visa cards. Those merchants, who have not replaced their older systems after the deadline, are liable to pay the damages to the cardholders for any data theft and the resulting loss.