Our info ain’t safe anywhere!
Hackers will target your credit and debit card pretty much anywhere you can use it, online or off. Gas pumps have become an increasingly popular target in recent years.
In the past, attacks at the pump largely relied on card skimming hardware that had to be physically installed atop the pump’s built-in card processing hardware. It’s proven to be a relatively simple task for even a modestly-skilled criminal.
Now, however, Visa is warning of a new kind of attack. The elite hacking group known collectively as FIN8 is actively exploiting vulnerabilities in gas station point-of-sale networks to skim card data without the need for modifications at the actual pumps.
That’s a huge problem for customers. Hardware skimmers aren’t always that hard to detect. Poor fit and finish can give them away — as can a gentle tug on one that’s been poorly installed.
Even more sophisticated Bluetooth-enabled skimmers can be exposed by a simple scan with an app. By hooking into the underlying systems that process customer payments, FIN8’s attack is completely undetectable by a customer who’s paying at the pump.
You’re not totally defenseless, however. You can, of course, pay for your fuel purchase with cash. You can also use some cards without fear that they’ll be compromised.
If you have a chip-and-pin card, you’re in good shape. Visa notes that only cards that lack those protections (older-style cards that only bear a magnetic stripe on the back) are at risk.
Chip-and-pin cards only offer you protection if the point-of-sale hardware you’re using them on supports the technology, however. Many merchants have been slow to deploy updated hardware because of expense or hassle.
Visa has drawn a line in the sand to urge merchants to make the switch. They have until October 2020 to support chip-and-pin. After that, those who still aren’t on board will be held liable for any fraudulent purchases made via their point-of-sale systems.