Gas stations are gearing up for a major change in credit-card fraud liability in October, when they will find themselves on the hook for card-skimming attacks at the pump. In the meantime though, cybercriminals will be targeting pay-at-the-pump point-of-sale mechanisms with a vengeance, researchers say.
Fuel pumps represent a last bastion of non-encrypted transactions. Unlike when customers pay inside, the pump mechanism doesn’t require a chip-and-PIN or chip-and-signature scheme, which have built-in encryption and can thwart most amateur card-skimming efforts. Instead, swiping one’s card and using the magnetic strip is the norm.