PoS malware skimmed convenience store customers map data for 8 months

American supermarket Wawa said on Thursday that it recently discovered malware that skimmed the payment card details of customers in almost all 850 stores.

The infection started rolling into the store’s payment processing system on March 4 and was only discovered on December 10, an opinion on the company’s website said. It took another two days for the malware to be completely embedded. The point-of-sale systems of most locations were affected on April 22, 2019, although the advice said that some locations might not be affected at all.

The malware collected payment card numbers, expiration dates and card holder names of payment cards that were used at “possibly all payment terminals and fuel machines in the store”. The advice did not say how many customers or cards were affected. The malware has not been able to access PIN codes, credit card CVV2 numbers, or driver’s license information that was used to verify age-restricted purchases. Information processed by ATMs in the store was also not affected. The company has hired an external forensic company to investigate the infection.

Thursday’s announcement came after Visa issued two security warnings – one in November and another this month – warning for skimming payment card malware at North American gas pumps. Card readers with self-service fuel pumps are particularly vulnerable to skimming because they continue to read payment data from the magnetic stripes of cards instead of card chips, which are much less sensitive to skimmers.

In the November opinion, Visa officials wrote:

The recent attacks are attributed to two advanced criminal groups with a history of large-scale, successful compromises against traders in different industries. The groups gain access to the network of the intended seller, move sideways within the network with the help of malware tool sets and ultimately focus on the seller’s POS environment to scrape payment card data. The groups also have close ties with underground cyber crime and are able to easily make money with the accounts obtained during these attacks by selling the accounts to the best cyber crime underground ticket shops.

The December opinion said that two of the three attacks had the characteristics of Fin8, an organized cyber crime group that has been targeting retailers since 2016. There are no indications that the Wawa infections are related to those in the Visa recommendations.

People who have used payment cards at a Wawa location must pay close attention to account statements in the past eight months. It is always a good idea to also regularly view credit reports. Wawa said it provides Experian with identity protection and credit monitoring from Experian for credit reporting for free. Thursday’s disclosure gives other steps that cardholders can take.

Intel confirms ‘Rocket Lake’ desktop chips will offer double- digit performance improvements

Updated With Intel's 7nm manufacturing problems, Intel's Rocket Lake could be the Intel chip you'll be building a desktop PC around. Today's Best Tech Deals Picked by PCWorld's Editors Top Deals On Great Products Picked by Techconnect's Editors Intel confirmed that its 11th-gen next-generation desktop processor, Rocket Lake, will ship during the first quarter of…

Windows Insider build 20246 removes features amid roadmap questions

Removing features within the latest Windows Insider dev build is worrying some who think Microsoft might skip a 21H2 build entirely. Today's Best Tech Deals Picked by PCWorld's Editors Top Deals On Great Products Picked by Techconnect's Editors As Microsoft moves past the Windows 10 October 2020 Update, speculation has begun: What is the future, exactly?…

More medical facilities struck by ransomware as feds warn about cyberattacks

A recent wave of ransomware attacks has infected more hospitals than previously known, including a University of Vermont network with locations in New York and Vermont.The University of Vermont Health Network is analyzing what appears to be a ransomware attack from the same cybercrime gang that has infected at least three other hospitals in recent…

Leave a Reply