The big picture: Having your payment card details stolen is an unfortunate reality that virtually all of us have had to deal with on at least one occasion (and if it hasn’t happened to you yet, just wait, your time is coming). It happened to my wife just last week and we have no clue how her credentials were captured. Perhaps it was at the pump?
Visa in a recent security alert highlighted the “continued targeting of POS systems” as well as targeted interest in fuel station pumps to obtain data.
In one incident, Visa’s fraud department said a bad actor used a phishing e-mail sent to a merchant employee to install a remote access trojan on the merchant’s network. They were then able to move laterally into the point-of-sale environment and install a RAM scraper to harvest payment card data.
In another incident, Visa observed the same sort of behavior – a hacker that breached a target’s network and moved into the POS environment to steal card data. In this instance, Visa said, the bad actor specifically went after data from magnetic stripe transactions at fuel pumps. The company believes a cybercrime group known as FIN8 was likely behind this attack.
Visa also detailed a third attack against a North American hospitality merchant. While this attack didn’t target a fuel merchant specifically, the card operator said it is possible that FIN8 could utilize the malware from this attack to hit gas stations in future attacks.