Two unique cyber attacks launched this summer targeted gas stations to steal credit card information, Visa has announced. The credit card company warns POS used by these type merchants are especially vulnerable due to outdated technology.
Multiple strategies — In one of the attacks, hackers were able to access the network of a gas merchant by sending a phishing email to an employee. Once in, they were able to move laterally to the POS system and scrape credit card data that wasn’t firewalled off from the rest of the network.
In a second incident, it’s unknown how the hackers gained initial access to the network. Once in, they were again able to move to the unprotected POS system, where they specifically targeted fuel pumps that still use magnetic strips instead of chips. Both of these attacks were much more sophisticated than credit card skimming.
Time for an upgrade — Unfortunately, cardholders will have to hope the gas stations take the necessary steps to prevent the attacks. Visa recommended merchants better segment their networks or use a chip-and-PIN policy.
By 2020, the latter will be required of merchants to avoid liability for fraud. But many businesses have such old technology that entire pumps will need to be replaced, costing up to $250,000 per station, according to Engadget.