This upcoming weekend millions of Americans will hit the road to visit both familiy and friends for the holidays, and with every long road trip comes something that’s just inevitable; stopping at one (or more) gas station(s) to refuel their cars. Just recently, Visa shared a visa security alert about credit card data theft when users pay with old magstripe credit cards at gas pumps.
The issue here is that people that still have an old magnetic stripe (magstripe) credit card and decide to use it to pay for the refueling service risk having their account details stolen by a group of hackers. This group is no other than the notorious FIN8 cybercrime group, a financially motivated group that has been targeting the retail, hospitality and entertainment industries.
The American multinational financial services corporation (Visa) recently shared a report (published in December 2019) where they warn magstripe credit cards owners about a group of hackers and how they’re exploiting a weakness to steal consumers data, advising any unsuspecting drivers to avoid paying at gas pumps with their old magstripe credit cards.
Visa stated that the group of hackers is exploiting the weakness in the point-of-sale (POS) networks gas stations use. The hackers managed to infiltrate that same network and installed their own card scraping software on it. Visa’s report declares that a form of malware known as a “RAM scraper was injected into the POS environment and was used to harvest payment card data”.
This basically means that whenever customers swipe their old magstripe credit card at a gas pump to pay for the refueling service the hackers’ software can intercept their card’s data and reroute it to the POS network. The group of hackers can easily do this because the data contained in old magstripe cards isn’t encrypted.
But there’s no reason to reason to be alarmed, as there are a few ways to avoid becoming the next victim. The first is the most obvious one – simple avoid paying at the pump and go inside the gas station instead and pay the cashier directly.
There’s however, another option. If your card has a chip in it, use that method to pay instead of swiping your card.
When using point-of-sale devices that support chip card transactions, the data sent by the chip is generally encrypted, which means that it’s impossible for the hacker’s software to steal your info. If by any chance a gas pump doesn’t have a chip reader, then it’s back to option one – just go inside and pay at the gas station’s store or pay in cash.
According to Visa Security Alert, using such devices is expected to “significantly lower the likelihood of these attacks.” The company also suggested using other secure payment methods that use EMV technology like “contactless, mobile, and QR code.”
If your smartphone supports it and you are familiar with these mobile payment services, you could also pay with your mobile device via Apple Pay, Google Pay, and Samsung Pay.
Since data theft via old magstripe cards has become such a common, recurring problem, Visa also decided to encourage all gas stations in America to install chip readers at their pumps by next year’s October. If the gas stations ignore the advice, Visa might hold them accountable for any counterfeit fraud that happens at their pumps.
