A cyber insurance carrier asked Verizon to investigate an unusual pattern of payment card fraud emanating from one of its customers—an oil and gas company. There was an escalating pattern of counterfeit fraud at a single gas station about a month prior, then spread to five others. Verizon configured evidence traps on the payment processing servers at a number of gas stations.
First, the support vendor, contracted by oil and gas company to provide general IT and POS support to the gas stations, connected via Remote Desktop over VPN to the payment processing server. Upon connection, a check occurred to verify no other active logons were in progress. Next, the system clock was set forward two years. Then, a configuration file was modified to enable a verbose debug setting in the payment application, creating an output file capturing clear text copies of authorization requests from each fuel pump. This included complete mag-stripe sequences sufficient for conducting payment card fraud. The session ended with setting the clock back to the correct date and time.
As it turned out, this individual would seek out late-night assignments over the weekends that required only a single person in the office on call. He would connect to customer systems to steal payment card data.