In its statement, Visa explained that cyberattacks on gas stations have been on the rise as business owners have been slow to upgrade their terminals to safer chip-reading technology, from magnetic stripe readers.
The ability of hackers to access the merchant’s internal networks makes these attacks more sophisticated in nature, warns Visa, as compared to the more usual skimming scams in which card-skimming devices are placed inside fuel pumps to skim financial data off swiped debit or credit cards.
Visa’s forensic evidence attributed the attacks to “two sophisticated criminal groups with a history of large-scale, successful compromises against merchants in various industries,” one of which, FIN8, has been active since 2016. This group targets restaurants, retail outlets or any hospitable environment that allows them to read user data.
Visa warns all its customers and merchants to take the following precautions: always opt-in to pay using chip readers or by cash, install malware detection software and report suspicious activity on financial accounts.
Visa is also urging all fuel dispenser merchants to implement a chip reader to alleviate targeted attacks on POS terminals by October 2020. After this date, Visa says it will absolve itself from any compensation to customers — the responsibility will shift to fuel dispensers who failed to make the chip transition.