It only takes hackers six seconds to guess or steal your Visa card details (Video) - FEMTOP TECH
Breaking News

It only takes hackers six seconds to guess or steal your Visa card details (Video)

According to security researchers from Newcastle University, they have reveal how it only takes six seconds for hackers to get a Visa credit or debit card’s number, expiry date, and security code.

To be clear the air, only users of Visa cards both credit and debit are vulnerable to this attack. MasterCard has proved to be a tougher nut to crack.

Before publishing their findings in a paper published in IEEE Security & Privacy 2017, the researchers informed Visa about the gaping hole in the Visa cards security but they taught that it was a joke.

The exact problem that the researchers have found stem from two oversights in Visa’s implementation. The first, which should be the gatekeeper, is that Visa doesn’t limit how many failed attempts are made before it locks down the account from further access. This means that computer programs can try to brute force guessing a card’s credentials without fear of being locked out. MasterCard, in contrast, limits it to 10 attempts, no matter what website or e-shop is used.

The second error allows for what is termed a Distributed Guessing Attack. In a nutshell, different online merchants sometimes ask for different card data fields, revolving around card number, expiry date, CVV, and credit card security code. This means that, when taking into account the infinite times a computer program can guess a combination of those fields, hackers can piece together correct guesses from different websites to form a complete and valid credit card picture.

You might think that all this is complicated but, for a computer, all it takes is 6 seconds. Hackers don’t even need to have the credit card number, as they can also brute force guessing a valid one. Guessing expiry dates only takes 60 attempts, which can take place in a split second, because credit cards usually only issue cards valid for 60 months. And the three-digit CVV only takes less than 1,000 attempts. All of these can be tried numerous times without repercussions from Visa.

Sadly, the researchers say there is no silver bullet to this problem other than due vigilance on the user’s part. On Visa’s side, however, it would do well for the organization to put a hard limit on failed attempts, just to make it harder, though not impossible, to pilfer credit card data.

Ajayi Olufemi

Ajayi Olufemi

No comments:

Post a Comment