Standing outside in the cold isn't always the worst part of filling your car's gas tank. If you pay for gas by card at the pump, you could be making yourself vulnerable to credit card fraud. As Lifehacker reports, criminals are now compromising gas stations by hacking into their computer systems.
Gas pump card readers have numerous safety issues compared to the systems used in stores. They aren't under constant human surveillance, which makes them easy targets for thieves looking to install card skimmers. But the new hacking scheme takes advantage of a different vulnerability; while most retailers transitioned to chip readers years ago, many outdoor gas pumps still rely on less-secure magnetic strips to complete transactions.
Visa shared a report this month [PDF] revealing that cyber-criminals are hacking into these point-of-sale systems by sending phishing emails to gas station employees. The emails contain a link that, when clicked, grants the sender access to the merchant's network. That means when customers use the card readers outside, hackers can steal their information without ever having to visit the gas station in person.
The deadline for most companies to switch over to chip readers was 2015, but for gas stations, that date was extended to October 2020 because the infrastructure at pumps is harder to update. The new phishing scheme may continue to be a problem as gas stations make the change over the next year, but until then, there are a few steps customers can take to protect their information. Pay for your gas inside when possible, as the register will likely use a chip reader. When you do have to pay with a card outside, use a credit card instead of a debit card, as credit cards are better protected against fraud and won't lead hackers to your personal bank account. And of course, if you have cash on hand, paying with that is always the safest bet.