Credit Card Hackers Targeting North American Gas Stations With Info-Stealing Software

Visa investigators claim multiple reports of such computer-based attacks over the past year.

byRob Stumpf|
Credit Card Hackers Targeting North American Gas Stations With Info-Stealing Software

Credit card skimming has become an increasingly popular method of fraud which affects the lives of everyday people. In fact, it's become so common that consumer protection agencies and governmental regulatory bodies regularly publish information that trains individuals how to spot skimmers at ATMs and gas pumps. As consumers are becoming more savvy, thieves have started to change the way they collect data, even compromising the computers at a gas station halfway around the world to obtain card info.

Visa's Payment Fraud Disruption (PFD) division recently published two reports which state that over the summer, it investigated at least three computer-related security incidents, two of which were targeted at separate unnamed North American fuel dispenser merchants.

According to the report, the culprits used a phishing email to target employees at one of the merchants. When an employee clicked on the link included in the email, a Remote Administration Tool was unknowingly installed on the user's computer and was used as a backdoor which gave the group access to the merchant's networks. From there, the hackers were able to perform reconnaissance and find their way to Point of Sale (POS) terminals, scraping the computer's memory for patterns of numbers which resemble credit cards.

This could mean that any time an individual used a traditional card swipe to purchase fuel or other goods at one of the merchants, their account info could be read and remotely transmitted anywhere in the world. From there, card numbers can be written onto blank credit cards or sold on the dark web for cryptocurrency. Visa indicates that the merchants compromised didn't support more secure methods of credit card input (like EMV chip or tap to pay cards) which made the attack more successful.

Visa’s PFD says it believes the attacks were carried out by a group called FIN8, which, as the name might suggest, is a known cybercrime actor primarily motivated by financial gain. The collective was first noticed in 2017 when it targeted the hospitality and retail industries, but fell silent until security researchers noticed its presence again earlier this year.

"Card skimming at fuel pumps remains a pervasive and increasing threat for fuel dispenser merchants. However, these recent, more technically-advanced threat campaigns targeting fuel dispenser merchant POS systems marks a concerning trend that will likely continue," wrote Visa in a statement.

"Many fuel dispenser merchants are currently updating their systems to accept and process more secure transactions, such as upgrading to devices that support chip. However, as long as the magnetic stripe readers are in place, fuel dispenser merchants are becoming an increasingly attractive target for advanced threat actors with an interest in compromising merchant networks to obtain this payment card data."

For consumers, there's not much advice to offer for this particular situation other than avoid swiping your card's magstripe and instead use secure payment methods like like chip or tap to pay cards, or simply pay with cash. Visa reminds merchants that it's important to audit their PCI compliance against industry requirements regularly, as several attack vectors could have been prevented should the merchants have been in compliance.

Got a tip? Send us a note: