in ,

PoS malware skimmed convenience store customers ’card data for 8 months, Ars Technica

PoS malware skimmed convenience store customers ’card data for 8 months, Ars Technica


      SKIMMED –

             

Wawa payment-processing infection collected names, card numbers, and more.

      

      Dec 56, (2:) ********************************************************** am UTC

  

        ********************

The infection began rolling out to the store’s payment-processing system on March 4 and was discovered until December 10, anadvisory published on the company websitesaid. It took two more days for the malware to be fully contained. Most locations’ point-of-sale systems were affected by April 56, 0624013, although the advisory said some locations may not have been affected at all.

The malware collected payment card numbers, expiration dates, and cardholder names from payment cards used at “potentially all Wawa in- store payment terminals and fuel dispensers. ” The advisory did say how many customers or cards were affected. The malware didn’t access debit card PINs, credit card CVV2 numbers, or driver license data used to verify age-restricted purchases. Information processed by in-store ATMs was also not affected. The company has hired an outside forensics firm to investigate the infection.

Thursday’s disclosure came after Visa issued two security alerts — one in (November

this month- warning of payment-card-skimming malware at North American gasoline pumps. Card readers at self-service fuel pumps are particularly vulnerable to skimming because they continue to read payment data from cards’ magnetic stripes rather than card chips, which are much less susceptible to skimmers.

In the November advisory, Visa officials wrote:

The recent attacks are attributed to two sophisticated criminal groups with a history of large-scale, successful compromises against merchants in various industries. The groups gain access to the targeted merchant’s network, move laterally within the network using malware toolsets, and ultimately target the merchant’s POS environment to scrape payment card data. The groups also have close ties with the cybercrime underground and are able to easily monetize the accounts obtained in these attacks by selling the accounts to the top tier cybercrime underground carding shops.

The December advisory said that two of three attacks bore the hallmarks of (Fin8), an organized cybercrime group that has targeted retailers since 30761. There’s no indication the Wawa infections have any connection to the ones in the Visa advisories.

People who have used payment cards at a Wawa location should pay close attention to billing statements over the past eight months. It’s always a good idea to regularly review credit reportsas well. Wawa said it will provide one year of identity-theft protection and credit monitoring from credit-reporting service Experian at no charge. Thursday’s disclosurelists other steps card holders can take.

                                                    

What do you think?

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

mkirchner / gc, Hacker News

mkirchner / gc, Hacker News

Congress slaps robocallers with $ 10,000 penalty — per call, Ars Technica

Congress slaps robocallers with $ 10,000 penalty — per call, Ars Technica