The PetrolPlaza audio version is presented to you by UNITI expo 2021, the leading retail petroleum and car wash trade fair in Europe.

English Español Gas stations have become a target for hacker groups, warns Visa

A recent security alert by Visa details how hacking groups are targeting gas stations to skim card data due to their vulnerabilities.

Last update:

In summer 2019, Visa’s Payment Fraud Disruption (PFD) identified three unique attacks targeting point-of-sale systems that were likely carried out by sophisticated cybercrime groups. Two of the attacks were carried out at U.S. gas stations.

Visa warns it has seen an increase of POS attacks against fuel dispenser merchants, and it is likely these retailers are an increasingly attractive target for cybercrime groups, according to the global payment provider.

The reason is the lack of secure acceptance technology such as EMV and tokenization, and non-compliance with PCI DSS.

Hacking groups such as FIN8 are actively exploiting vulnerabilities in gas station point-of-sale networks to skim card data without the need for modifications at the actual pumps.

In one of the incidents, Visa discovered how the hackers first sent a phishing email sent to an employee. The email contained a malicious link that, when clicked, installed a remote access Trojan on the network granting network access. Once the POS environment was successfully accessed, a Random Access Memory (RAM) scraper was deployed on the POS system to harvest payment card data.

Customers can avoid using their credit cards at the magnetic-stripe readers by paying cash or using a gas station payment app, according to consumer advocates.

Visa warns that “sophisticated threat groups have identified fuel dispenser merchants as an attractive target for obtaining track data.”

Among the recommendations issued by Visa to retailers are: Employing the IOCs contained in the report, secure remote access with a strong password, enable EMV technologies, provide each admin user with their own user credentials, turn on behavioural analysis on anti-malware, monitor network traffic and maintain a patch management program.

In case of suffering a confirmed or suspected breach, refer to Visa’s What to do if Compromised (WTDIC), published October 2019.

Related contents


Simon Stocks

A lot. Of emphasis has been put on the need for chip and PIN capable terminals. This is certainly part of the jigsaw but a far. More important and comprehensive solution incorporates a secure network design, with appropriate firewalls etc. The idea of employees using the POS also having access to the internet is an absolute non-starter. The POS needs to be on a separate part of the network that has no access to the internet. Similarly, internet enabled dispensers/pumps need to be segregated in an appropriate manner to ensure that secure data is not accessible.