Cybercrime organizations are actively exploiting a flaw in gas station point-of-sale (POS) networks to steal credit card data, Visa has reported. The corporate fraud disruption teams are investigating several incidents during which a hacking group, often known as Fin8, defrauded gas dispenser merchants. In every case, the attackers gained entry to the POS networks by way of malicious emails and different unknown means. They then put in POS scraping software that exploited the lack of security with old-school mag stripe cards that lack a PIN code.
The hack doesn’t seem to affect extra safety chip-and-pin cards, however not all shoppers have these, so service stations typically work with magazine stripe readers, too. The data is seemingly despatched in an unencrypted kind to the vendor’s main system, where the thieves have discovered how to intercept it. The opposite downside is that the POS systems aren’t firewalled off from different, much less crucial parts of the network, allowing thieves to realize lateral access once the network is breached.
There are not a lot of cardholders can do to avoid the assaults; however, Visa has suggested gas merchants to encrypt data while it is transferred or use a chip-and-PIN policy. “Gas dispenser retailers ought to take note of this exercise and deploy devices that assist chip-and-pin wherever attainable, as this can significantly decrease the chance of these assaults,” it advised in the December security alert.