A laptop, an internet connection and 6 seconds – That’s all you need to hack a credit card. Yes, Hacking credit card in 6 secs! A team of security researchers at Newcastle University, UK in a recent publication, “Does The Online Card Payment Landscape Unwittingly Facilitate Fraud?” have pointed out a flaw in the VISA network. They say that any attacker can use this to hack credit cards in around 6 secs. They used an attack that they call Distributed Guessing attack. This attack can circumvent all the security features in place to prevent online fraud.
Muhammad Ali and the team found that due to flaws in the VISA payment system, neither the network nor the banks were able to detect multiple invalid attempts. Therefore, by systematically generating the automated variants of card’s security details and using it on multiple websites, can give hackers the ability to verify all the necessary security data.
Hacking credit card in 6 secs – Distributed Guessing Attack
So, how does this attack work! Let me try to explain it in simple terms.
The attackers guess the required data and use those details online. The the reply from the website will confirm if the guess was right or wrong. Current systems don’t detect multiple invalid attempts using the same card on different websites. So, there’s a simple trick. Distribute the attack on multiple sites at a same time. Test different combinations on every site until there’s a hit.
According to a news post by Newcastle University, Mohammed explains: “Most hackers will have got hold of valid card numbers as a starting point but even without that it’s relatively easy to generate variations of card numbers and automatically send them out across numerous websites to validate them. The next step is the expiry date. Banks typically issue cards that are valid for 60 months so guessing the date takes at most 60 attempts. The CVV is your last barrier and theoretically only the card holder has that piece of information – it isn’t stored anywhere else. But guessing this three-digit number takes fewer than 1,000 attempts. Spread this out over 1,000 websites and one will come back verified within a couple of seconds. And there you have it – all the data you need to hack the account.”
So, is there any way to keep your card safe?
Now the question arises, is there any way to keep our money safe? Here’s an answer by Dr Martin Emms, co-author on the paper, as quoted by Newcastle University Press Office. “Sadly there’s no magic bullet. But we can all take simple steps to minimise the impact if we do find ourselves the victim of a hack. For example, use just one card for online payments and keep the spending limit on that account as low as possible. If it’s a bank card then keep ready funds to a minimum and transfer over money as you need it. And be vigilant, check your statements and balance regularly and watch out for odd payments. However, the only sure way of not being hacked is to keep your money in the mattress and that’s not something I’d recommend!”