ISACs, Secret Service: Cyber Thieves Targeting Non-EMV-Enabled Merchants

In the wake of the decision by Visa and MasterCard to delay the EMV chip card liability shift for gas pumps until 2020, a new advisory emphasizes that cyber thieves are focusing on retailers who have not upgraded their systems. “Criminals are targeting the remaining merchants that have not upgraded, including gas pumps,” said the Financial Services Information Sharing and Analysis Center, the Retail Cyber Intelligence Sharing Center and the U.S. Secret Service in a joint release.

The advisory — which banks are encouraged to share with their commercial customers — provides tactics, techniques and procedures that merchants can use to prevent and mitigate frequent cyber risks. Point-of-sale EMV system upgrades were one area. For fuel pump owners, the advisory included specific steps to mitigate skimming risks. Other techniques discussed included remote access controls, attacks that use e-commerce shopping carts, multi-factor authentication and security patches.