Regular readers of Coffee Talking know I do a lot of cross country travel. Most of it done by car.
When it comes to paying for gas we've known for years to be careful of 'readers' at the pumps. To look for anything that looks amiss, look to see that there isn't a fake card reader inserted inside the real one. Put your fingernail into the slot and feel for any second reader that might be inserted, wiggle the slot to make sure it's legit, use an inside pump verses one on the outside, etc.
Now, hackers don't even need to put in a reader at the physical pump. The new thing is to use malware to download it into their software and boom; you're hacked.
Visa sent out a security alert about hackers who have breached gas pumps in North America, potentially leading to a customer's credit card information being stolen.Because my husband and I don't like using credit cards at all, I've been using a debit card to pay for gas during travels - but being very careful to follow all the rules about 'trying' to be safe doing so. I did a lot of travel in October, returned home the first week of November and by November 21/22nd woke one morning to see 9 fraudulent charges coming through on my bank account. I immediately texted, called, visited my bank, had my card shredded and got a new one. Yada yada.... BUT the question was HOW did they get my info?
This is different from the credit card skimmers that consumers have been warned about for years because, this time, there is no physical device placed on the pump. It's all in the software.
Visa is warning gas station owners who haven't made the switch to chip acceptance to do soon because these attacks will continue and have the potential to compromise multiple accounts. Visa also says that starting in October 2020, merchants will be responsible for any customer fraud related to not having chip-enabled readers at their pumps.
"As long as the magnetic stripe readers are in place, fuel dispenser merchants are becoming an increasingly attractive target for advanced threat actors with an interest in compromising merchant networks to obtain this payment card data," Visa said in its alert.
The bank and VISA fraud mentioned... we'll never know. I had my card in hand, but a copy had been made and was being used first to pay for 3 Netflix charges, then for a fitness membership charge in Texas, a middle eastern man's name in Illinois and then middle eastern names in Israel.
Because we had no holidays, birthdays to buy for or other uncommon charges, really, the only thing I had been using my card for was groceries, household items, online bills and.... gas. Over 5 states - back and forth numerous times in the past 2 months.
Obviously, I kind of figured my card hack was probably related to gas purchases, although I had tried to be as conscientious as possible when doing so. But when I saw this latest alert from VISA, it did make me wonder.......
So - How do you protect yourself and your money?
- Never use a debit card that's linked to your bank account. You are generally protected from fraudulent transactions with a credit card, limiting how much you will be responsible for. But if a hacker drains your bank account by stealing your debit card information, you may never get that money back.
- If you currently don't have a chip-enabled card, contact your credit card company and ask them to send you a replacement card with the chip right away.
- When possible, avoid using card readers that only accept the magnetic stripe. Use the chip readers if they are available, usually found inside the store. It may take a little more time, but it is more secure.
- Regularly check your credit card and bank account online for any signs of transactions you didn't make. Immediately report any fraudulent charges you do find. You may need to have your card suspended and have the company send you a new one.
- Sign up for fraud alerts with your bank or credit card company. Some will let you receive an alert if a transaction exceeds a certain dollar amount.