VISA has issued an alert that the point-of-sale (POS) systems of North American fuel dispenser merchants are under an increased threat of being targeted by cybercrime groups that have ties to top tier cybercrime underground carding shops.

In November 2019, VISA issued a warning, noting that in August and September 2019, Visa Payment Fraud Disruption (PFD) investigated two separate breaches at North American fuel dispenser merchants.

The attacks involved the use of POS malware to harvest payment card data from fuel dispenser merchant POS systems. “It is important to note that this attack vector differs significantly from skimming at fuel pumps, as the targeting of POS systems requires the threat actors to access the merchant’s internal network,” says VISA.

In one of the two cases investigated by PFD, the threat actors successfully compromised the merchant’s network through a phishing email that contained a malicious attachment. Once the malware was deployed on the merchant’s network, it scraped Track 1 and Track 2 payment card data from the random access memory (RAM) of the targeted POS system. The threat actors were able to obtain this payment card data due to the lack of secure acceptance technology, (e.g. EMV® Chip, Pointto-Point Encryption, Tokenization, etc.) and non-compliance with PCI DSS.

VISA notes that the targeting of fuel dispenser merchants is the result of the slower migration to chip technology on many terminals, which makes these merchants an attractive target for criminal threat actors attempting to compromise POS systems for magnetic stripe payment card data.