American multinational financial services major VISA has warned that North American merchants who operate gas stations are under attack from cybercrime groups who are looking to deploy point-of-sale (POS) malware on their networks.
According to VISA’s security team, it investigated at least five incidents of this nature and it had published security alerts in November and December about it.
This alert follows a previous warning from November that also mentions such merchants being an increasingly attractive target for threat groups “due to the lack of secure acceptance technology, (e.g. EMV Chip, Point-to-Point Encryption, Tokenization, etc.) and non-compliance with PCI DSS”, Bleeping Computer has recently reported.
According to VISA Payment Fraud Disruption (PFD) team, cybercrime groups units have apparently found a weak spot in how gas stations and gas pump operators function.
The in-store POS terminals of some gas merchants reportedly support chip-and-PIN transactions. However, most of the card readers installed at gas pumps do not.
VISA documented breaches at two fuel dispenser merchants in a November 2019 security alert, and another three breaches in a December 2019 alert. The two alerts highlight a new target and modus operandi for cybercrime groups, according to a report in ZDNet.