If you use an old magnetic stripe (magstripe) credit card, you may want to avoid doing so the next time you’re at a gas pump.
A recent report from Visa suggests that magstripe credit cards may be especially vulnerable to data theft by hackers when used at gas station pumps. The report, published in December 2019, asserts that a form of malware known as a “RAM scraper” had been “injected into the POS [point of sale] environment and was used to harvest payment card data.”
According to Visa, even though the gas station accepted both chip and magnetic stripe cards, it was clear that the RAM scraper only targeted the payment data that came from those who paid at the pump with a magnetic stripe card. (In this case, the gas station accepted chip-style transactions within the gas station’s store, and accepted magnetic stripe transactions at the pump.)
Visa concluded its report with a few recommendations for fuel merchants on how they could increase the security of their transactions, especially emphasizing the use of point-of-sale devices that support chip card transactions, since using such devices is expected to “significantly lower the likelihood of these attacks.” Visa also suggested the use of other secure (EMV technology) payment methods such as “contactless, mobile, and QR code.”
There are also a few things that customers can do to safeguard their cards’ payment data when using their credit cards. As Fast Company notes, it may be best to avoid swiping your credit cards altogether and instead opt to use your card’s chip (if it has one) to pay for your goods and services. This means that if a gas pump doesn’t have a chip reader, you may have to just pay within the gas station’s store or pay cash.
And even when you’re not at the gas pump, you can still use other payment methods besides the chip or swiping a magstripe card. If you’d rather pay with your mobile device, we have guides to help you get started with some of the most popular digital wallets, including Apple Pay, Google Pay, and Samsung Pay.
- Hackers stole $1.5 million using credit card data bought on the dark web
- Wawa data breach: Hacker is selling 30 million credit cards on the dark web
- No, the government can’t go undercover with fake profiles, Facebook says
- Amazon card vs. Apple Card: Should you get a credit card from a tech company?
- Hackers could have credit card numbers of 880,000 Orbitz users