If You Swipe, Your Credit Card Information Could Be Swiped at the Gas Pump

Gas pump credit card hack

A recent article in Inc. highlights the risks of swiping your credit card at the gas pump. Visa, the credit company, issued a security warning to alert customers of the threat posed by a hacking group called Fin8 — “The hackers are exploiting a weakness in gas station point-of-sale networks that allow the hackers to remotely obtain credit card information from gas pumps.” They use scraping software to steal unencrypted credit card information that is transmitted when the gas pump card reader uses only the magnetic strip and not a chip or PIN.

The Visa security alert notes, “It is important to note that this attack vector differs significantly from skimming at fuel pumps. The targeting of POS systems requires the threat actors to access the merchant’s internal network which takes more technical prowess than skimming attacks. Fuel dispenser merchants should take note of this activity and deploy devices that support chip wherever possible, as this will significantly lower the likelihood of these attacks.

The challenge here, for many gas station operators, is the cost to switch to POS terminals that support credit card chip technology. This cost is estimated to be upwards of $250,000.

The Visa security alert lays out several recommended actions for merchants to mitigate the threat from these types of attacks. Along with these recommendations, we also provide a few suggestions to leverage Kaseya solutions to implement these proposals.

  • Employ the IOCs (indicators of compromise) contained in the report to detect, remediate, and prevent attacks using the POS malware variant. 
  • Secure remote access with strong passwords, ensure only the necessary individuals have permission for remote access. Disable remote access when not in use, and use two-factor authentication for remote sessions.
    • Kaseya VSA, our endpoint management and remote monitoring solution, allows you to control access by user role and scope. It also provides 1-Click access to allow authorized technicians to remotely access endpoints without having to know or manage credentials. VSA generates admin-level credentials on-the-fly and discards them once the session is completed.
Kaseya VSA 1-Click Session Screen
  • Enable EMV technologies for secure in-person payments (chip, contactless, mobile and QR code).
  • Provide each admin with their own user credentials. User accounts should also only be provided with the permissions vital to job responsibilities.
  • Turn on heuristics (behavioral analysis) on antimalware to search for suspicious behavior, and update antimalware applications.
    • Kaseya VSA is integrated with leading antivirus and antimalware tools such as Bitdefender and Malwarebytes. Manage AV/AM deployments from a single pane of glass in your endpoint management solution.
Kaseya VSA - Anti-Virus Anti-Malware Dashboard
  • Monitor network traffic for suspicious connections, and log system and network events.
    • Traverse is Kaseya’s solution for advanced network performance monitoring and management. It has a built-in event manager that collects, filters, categorizes, and displays a variety of events such as SNMP traps, Win events, and Syslogs. Traverse is integrated with VSA to provide visibility of network information, such as network topology maps, in VSA.
  • Implement Network Segmentation, where possible, to prevent the spread of malicious software and limit an attacker’s foothold.
  • Maintain a patch management program and update all software and hardware firmware to most current release to limit the attack surface for zero-day vulnerabilities.
    • Kaseya VSA automates software patch management to ensure all of your endpoints are up to date with the latest patches, including critical security patches.
Kaseya VSA Patch Management Dashboard

Maintaining security for your business and your customers is a critical but highly challenging task. Stay one step ahead of hackers by implementing these recommendations.

To learn more, download our eBook 5 Ways to Improve the Security of Your Business

Sppoky Moon in Orange sky

MSPs Deliver Silver Bullet for SMBs Spooked by Cybercrime

October means Halloween, when ghouls and goblins lurk in the shadows, when the creaks and groans of the floorboards makeRead More

Guy wearing pumpkin mask holding a laptop

5 Scary Cyberattacks — How Much Did They Cost and What Can You Learn?

Cyberattacks can be as scary as horror movies. They continue to evolve, wreaking havoc in organizations and keep IT professionalsRead More

Digital Security Lock

5 More Ways to Improve the Security of Your Business

Small and midsize businesses (SMBs) have become a common target of cybercriminals, mainly because of their lack of resources andRead More

Top 5 terrifying cybersecurity trends to watch out for in 2020

Top 5 Terrifying Cybersecurity Trends to Watch Out for Going Into 2020

Small and midsize businesses (SMBs) are constantly under cyber threats in this dark and scary digital world. Cybersecurity is aRead More

Connect IT - You're Invited! - Join us at MGM Grand Las Vegas - May 4th - 7th, 2020
Get the 2019 Kaseya State of IT Operations Report - Download Now