SAN FRANCISCO — Skimmers are increasingly stealing credit card data from convenience-store retailers through the back office, payment processor Visa said in two recent security alerts.
Visa Payment Fraud Disruption (PFD), the payment processor’s security arm, investigated five different incidents from two alerts in November and December, respectively.
The attacks varied slightly in their approach. Some perpetrators used phishing emails to trick employees into unwittingly giving the bad actors access to the merchant’s network. From there, some hackers installed malware that allowed them to scrape payment card data from the random access memory (RAM) of the targeted point-of-sale (POS) system.
In another similar phishing incident, an email contained a malicious link that installed a remote access Trojan (RAT) on the merchant network, which granted the threat actors network access.
Some of the investigations PFD reported were unable to ascertain how the bad actors gained access to the merchants’ POS systems.
However, the clear common denominator in each incident was a lack of EMV adoption in the forecourt. “As long as the magnetic strip readers are in place,” Visa wrote in the November report, “fuel dispenser merchants are becoming an increasingly attractive target for advanced threat actors with an interest in compromising merchant networks to obtain this payment card data."
The report implicated the criminal cybercrime network known as FIN8 in two incidents that occurred over the summer. FIN8 targets the retail, hospitality and entertainment industries and is known for its spearphishing campaigns, according to Malpedia, an online malware dictionary.
PFD cited the approaching October 2020 liability shift for POS terminals in the forecourt. On that day, the responsibility for counterfeit fraud will shift to the fuel dispenser merchant if they have not enabled chip acceptance at the gas pump.
The reports also suggested retailers deploy point-to-point encryption, which protects data as it moves between systems, and educate employees about cyberthreats and phishing, among other suggestions.
Members help make our journalism possible. Become a CSP member today and unlock exclusive benefits, including unlimited access to all of our content. Sign up here.