Visa Warns of Data-Stealing Malware at Gas Pumps

Visa has released two security reports describing a new cybersecurity threat at gas stations. In the November and December security alerts, Visa warns of an advanced malware program targeting outdated card readers at fuel pumps.

Until now, card skimming has been the primary payment security threat at fuel pumps. A skimmer is a data-collection device installed on the card reader at the pump. When a card is inserted into for payment, the skimmer gathers the card number and other details so hackers can replicate the card in the future.

The malware that Visa detected does not require a physical device. Instead, it taps into the payment processing technology at the pump. Many fuel pumps do not have chip readers installed, even if the registers inside the gas station are chip-enabled. The data collected by the magnetic strip reader on the pump is not encrypted like data on the microchip. The malware continuously scans for unencrypted card data and automatically uploads information to a remote server. Hackers do not have to interact with the pump to gather information.

To combat these attacks, Visa is urging merchants to update to EMV payment technology on outdated fuel pumps. Visa also suggests monitoring network traffic for suspicious connections, using strong passwords for remote access, and assigning unique login credentials to each system administrator.

If you are a concerned consumer, consider paying for fuel inside the gas station rather than at the pump. If the card reader inside is not chip-enabled, you may opt to pay with cash instead. Regardless of your payment preference, keep an eye on your credit and debit card accounts. Report any suspicious activity to your bank or credit card company.