Payment processing giant Visa warned that hackers are stealing credit card data from the point-of-sales systems at gas pumps, which are becoming increasingly attractive targets for such cybercrime groups due to their lack of secure acceptance technology. Visa said in summer 2019, its Payment Fraud Disruption or PFD teams identified three unique attacks targeting merchant point-of-sale or POS systems that were likely carried out by sophisticated cybercrime groups.
Two of the attacks targeted the POS systems of North American fuel dispenser merchants. According to Visa, forensic analysis of the targeted networks indicated that the attacks on the fuel dispenser merchants can likely be attributed to a cybercrime group known as FIN8. The company noted that FIN8 is a hacker group active since at least 2016 that often targets the POS environments of retail, restaurant and hospitality merchants to harvest payment account data.
Visa's security alert said hackers first gained access to the POS networks of the fuel dispenser merchants via phishing emails containing malicious links that when clicked, granted network access to the hackers. They then conducted reconnaissance of the corporate network and obtained as well as utilized credentials to gain lateral access into the POS environment. After successfully accessing the POS networks, the hackers deployed POS scraping software to harvest payment card data.
According to Visa, the malware injected into the POS networks appears to have targeted the magnetic stripe cards specifically. Therefore, the payment cards used at the non-chip fuel pumps were at risk in the POS networks as hackers exploited the cards' lack of security.
However, the cybercrimes did not appear to affect the more secure chip-and-pin cards at the gas pumps. Earlier this year, Visa had announced that fuel dispenser merchants must deploy chip-and-pin readers by October 2020. Any card-fraud liability discovered after that would shift to the service stations.