Visa Warns Credit Cards at Risk of Gas-Pump Hacks

If you use your Visa credit card to pay at the pump for your gas, you might want to take a closer look at your next card statement just in case something appears off.

That’s because Visa has issued a security alert saying that groups of hackers have been able to exploit weaknesses in the gas pump point-of-sale systems that millions of consumers use every day. Visa said that the hackers have used spam-like emails and other methods to get into gas station payment systems where they have installed so-called “scraping” software that can take a person’s data off of their credit cards.

Foster City-based Visa said it in its security alert that it believes the hacking and thefts have been committed by a cybercrime group that calls itself Fin8, which Visa described as “a financially motivated threat group active since at least 2016” that often targets point-of-sale systems in the retail, restaurant and hospitality industries.

Visa said the Fin8 attacks have so far involved payment systems using just credit card magnetic stripe readers, and not systems that read chip-enabled credit cards with a personal identification number (PIN). The credit-card company has advised gas station operators to encrypt user information by installing chip-and-pin systems, and has said merchants will have to install such systems by next October or they will be held liable for any fraud committed.

Visa didn’t say how many of its accounts may have been affected by the gas-station breaches.