In August and September 2019, Visa Payment Fraud Disruption (PFD) investigated two separate breaches at North American fuel dispenser merchants. The attacks involved the use of point-of-sale (POS) malware to harvest payment card data from fuel dispenser merchant POS systems. It is important to note that this attack vector differs significantly from skimming at fuel pumps, as the targeting of POS systems requires the threat actors to access the merchant’s internal network. In one of the two cases investigated by PFD, the threat actors successfully compromised the merchant’s network through a phishing email that contained a malicious attachment. Once the malware was deployed on the merchant’s network, it scraped Track 1 and Track 2 payment card data from the random access memory (RAM) of the targeted POS system.

Article ID 36000196852