NEW JERSEY — Be careful when you pay at the pump.

The New Jersey Department of Homeland Security has issued a warning about data breaches at gas stations that will ultimately change the way the state handles transactions at the pump. Gas stations in New Jersey have been targets of payment card skimmer attacks in which physical devices are placed on gas pumps to steal the payment data from a debit card's magnetic stripe, the department said.

Following the breaches, all gas stations in New Jersey will be required to have chip readers at pumps by October 2020. New Jersey officials also said drivers should use credit cards or cash at fuel pumps in place of debit payments to reduce the risk of payment card fraud. The state Department of Homeland Security is reacting to security alerts published in November and December by the credit card company Visa that detailed incidents of malware at gas pumps and gas station operators across North America.

Cybercriminals are installing malware on merchants' fuel dispenser networks in order to steal unencrypted payment card data, according to the New Jersey homeland security department's cybersecurity division, the New Jersey Cybersecurity and Communications Integration Cell. In a statement, Visa said it investigated two separate breaches at North American fuel dispenser merchants this fall, although the company didn't say where. The attacks involved the use of malware to harvest payment card data.

Many gas station pumps in New Jersey are still not fitted to accept chip card transactions and can only read payment data from the card's magnetic stripe. The data from the stripe is sent unencrypted to the gas station's network, where it can be stolen, the department said.

Fuel dispensers have until October 2020 to become chip card compatible; at that time, the liability will shift to the merchant for any payment card fraud, the department said.