Visa warns credit cards at risk of gas-pump hacks

By Rex Crum

The Mercury News

If you use your Visa credit card to pay at the pump for your gas, you might want to take a closer look at your next card statement just in case something appears off.

That’s because Visa has issued a security alert saying that groups of hackers have been able to exploit weaknesses in the gas pump point-of-sale systems that millions of consumers use every day. Visa said that the hackers have used spam-like emails and other methods to get into gas station payment systems where they have installed so-called “scraping” software that can take a person’s data off of their credit cards.

Visa said it in its security alert that it believes the hacking and thefts have been committed by a cybercrime group that calls itself Fin8, which Visa described as “a financially motivated threat group active since at least 2016” that often targets point-of-sale systems.

Visa said the Fin8 attacks have so far involved payment systems using just credit card magnetic stripe readers, and not systems that read chip-enabled credit cards with a personal identification number (PIN). The credit-card company has advised gas station operators to encrypt user information by installing chip-and-pin systems, and has said merchants will have to install such systems by next October or they will be held liable for any fraud committed.