Please Try again!
Your Visa Cards Can be Hacked in 6 Seconds, Says the New Study

Your Visa Cards Can be Hacked in 6 Seconds, Says the New Study

As the value of online sales increased so has the amount of online fraud. With more and more people being pushed into the digital economy as a result of demonetization, online sales and transactions have become crucial in our daily lives. However, we often ignore the vulnerabilities hidden within the online transactions and generally assumes our credit and debit cards are inherently safe.
A new paper published by the researchers at the University of Newcastle claims titled ‘Does The Online Card Payment Landscape Unwittingly Facilitate Fraud?’ says that hackers or attackers can guess your secret Visa payment card data in under six seconds. It is shocking to know that how easy it is for a hacker to get a hold of your Visa card number. One of the ways in which they get your card number is by inferring the combination your card number’s first six digits, which are based on the brand of your card, the bank that issued the card and type of the card. They then employ an algorithm called Luhn Algorithm to get rest of the digits.
Other ways they use to secure numbers are buying them in bulk from the dark web or by using an NFC reader with a smartphone to skim the numbers. From here four seconds all they need to learn the expiration date and CVV code.
The study done by Mohammed Aamir Ali, Budi Arief, Marin Emms, and Aad Van Moorsel, investigated the Alexa top- 400 online merchant payment sites, which includes many popular sites. They observed that difference in security solutions of various websites introduces a practically exploitable vulnerability in the overall payment system. An attacker can exploit these differences to build a distributed guessing attack which generates usable card payment details one field at a time. Each of these generated fields can be used in succession to generate the next field by using a different merchant’s website, explains the paper.
This is because different merchant’s website uses different fields of information to confirm the card’s identity. Most of the online merchants use only use details like card number, expiry date, and CVV code, and in order to make online purchases as easy as possible, many of them allow customers to make 50 to even unlimited incorrect guesses. In the case of MasterCard, its centralized network detects guessing after fewer than 10 attempts blocking any further attempts.
Sadly, there is nothing much we can do from customer’s point of view rather than be informed and follow standard safety procedure till the exploits are fixed.

Also Read : How To Protect Your Digital Life
(Image Credits: IndiaTimes)

Contribute to LifeHacker

Write for Us

Subscribe for latest stories