Ever wonder about the safety of using credit cards at gas pumps? Well, Visa has issued two recent security alerts (here and here) about cybercrime groups that have hacked North American fuel dispensers, installed malware, and culled out what appears to be unencrypted card data, ZDNet reports. Seems there were five attacks in all, two of which are linked to a cybercrime group called FIN8, which has targeted retail, entertainment, and hospitality industries before. Also seems the fuel attacks mark a new MO for cybercrime operations.
One big problem, Visa says, is that many gas stations don't use chip-and-PIN card readers on gas pumps—they just read the card's payment data from its magnetic stripe. So Visa is telling fuel dispenser merchants to install chip-and-PIN systems by October 2020, at which point card-fraud liability will shift to operators. An analyst at Trend Micro (which warned about this threat four years ago) tells ZDNet that operators can also use VPNs to encrypt traffic to the gas station's main network. As for the rest of us, well, it might be best to use in-store chip-and-PIN transactions or good old cash. (Read more cybercrime stories.)