Visa Card Owners: Beware of Hackers at Petrol Stations |

Visa Card Owners: Beware of Hackers at Petrol Stations

The company has warned customers across the United States that their card data may be getting scraped from gas stations, where security experts say they found a vulnerability


Customers in India can breathe easy. For the moment though, as the problem is currently limited to the United States where Visa Card holders have been warned by the company that their data could be compromised via a specific vulnerability detected by their cybercrime teams within the gas station networks.

A report published in says Visa’s fraud detection teams are probing several incidents where a specific hacking group defrauded gas station owners and while doing so gained access to the Point of Sales (POS) networks via malicious emails and other means. They installed POS scraping software that then exploited the vulnerability using mag stripes in card readers that can’t read chips.

The company put out a security alert defining the nature of the crime and confirmed that the hacking did not seem to have had any impact on the more secure cards with embedded chips. It however warned that many of the service stations hadn’t replaced card readers yet, which aggravated the risk for customers filling up their vehicles and paying through the existing POS network.

Though India has moved ahead in terms of having POS systems that read embedded chips, the chances of cybercrime are more in the mofussil areas where the technology hasn’t yet made an appearance. For example, there isn’t a single fuel station in Bangalore that doesn’t have a card reader that can read the embedded chip, but drive on the roads beyond Mysore to Ooty and you may find a few of these.

The statement from Visa says the data at the POS network gets sent in an unencrypted format to the vendor’s main network where they get their hands on it. Another challenge is that the POS systems aren’t firewalled from each other which means that hacks can gain lateral entry once the network is breached.

The payment company holds the view that there isn’t much the cardholders can do to avoid such attacks, given that even if their cards have embedded chips, the merchants may not have the requisite machine installed at the POS to ensure that data is encrypted. "Fuel dispenser merchants should take note of this activity and deploy devices that support chip [cards] wherever possible, as this will significantly lower the likelihood of these attacks," says Visa.

Though instances of this data stealing menace may have reduced following adoption of the embedded chip on the cards, the fact remains that making payments using the mag stripe could still bode ill for card users across India.

Maybe, they should carry a few hundred rupees in their pockets to pay for fuel at the friendly roadside gas station on that dusty village road.

TAGS: Visa, CreditCard, Cybercrime, Data Loss, Petrol Stations