Visa Warns Hackers Are Targeting Gas Station POS Systems To Pilfer Credit Card Info

Gas Pump
We already know about that hackers are able to steal credit and debit card details at gas pumps by using skimmers, which are devices that slip over the payment slot and, for the most part, look legitimate (they're found on ATMs as well). However, skimmers are not the only threats. Visa's Payment Fraud Disruption (PFD) division warns that cybercriminals are targeting gas station point of sale (POS) systems in North America.

This is a concerning threat, because even though skimmers look like they are part of the pump, there are subtle ways to detect that something is amiss. When a hacker infiltrates a computer network, however, customers are left to the security of the company being attacked. In this case, those companies are gas station merchants.

Visa says it discovered three unique attacks. The first one involves sending a phishing email to a gas station merchant. If the malicious link in the email is clicked, it installs a remote access trojan (RAT) on the merchant network. At that point, the malicious actors dig through the corporate network to obtain credentials, which in turn allows them to move laterally into the POS environment.

"There was also a lack of network segmentation between the Cardholder Data Environment (CDE) and corporate network, which enabled lateral movement. Once the POS environment was successfully accessed, a Random Access Memory (RAM) scraper was deployed on the POS system to harvest payment card data," Visa explains.

The second attack method involves similar steps, except Via is not sure how the actors obtained network access to the targeted merchant. Once inside, however, they again move laterally into the POS system to pilfer credit card data.

A third method involves malware that provides a "shellcode backdoor" into the systems.

"It is important to note that this attack vector differs significantly from skimming at fuel pumps, as the targeting of POS systems requires the threat actors to access the merchant’s internal network, and takes more technical prowess than skimming attacks," Visa says.

The good news is, these attacks do not seem to compromise newer credit and debit cards that have security chips on them. However, there are still lots of older credit cards in the wild, so gas station merchants would be wise to heed Visa's advise.