Generic selectors
Exact matches only
Search in title
Search in content
Search in posts
Search in pages
Facebook Fanpage
Twitter Feed
617 Following
Here’s Why Brands Need To Keep An Open Mind About Mobile Apps! https://t.co/AEBZHw1MVS via @techbooky https://t.co/aGKmX3FS5t
about 1 hour ago
Here Are 3 Cryptocurrencies That Turned $10,000 Into At Least $1,000,000 #cryptocurrency https://t.co/GGLfdJhR50 https://t.co/EiUXj4ve7y
4 hours ago
Fintech Industry Offers The New Checkout Concept With Buy Now Pay Later Payment Option #fintechhttps://t.co/yb3vOjCkvj
4 hours ago
6 Essential Tactics To Run A Profitable Delivery Business https://t.co/uTNBT8fbE7
7 hours ago
Browse By Categories

Hackers Can Guess Your Visa Card Details In About Six Seconds


We’ve reported on some really scary security lapses that are being exploited by hackers but this one appears to be a serious one too. Hackers can now guess your Visa card details in less than six seconds.

Security researchers from the University of Newcastle in a paper titled Does The Online Card Payment Landscape Unwittingly Facilitate Fraud?” said there is a security hole in your bank card that makes it easy for hackers to guess sensitive  information such as  your PIN. In the video attached, you’ll see that using a special tool, it actually takes about six seconds to get aa card’s secure code and it’s easy for them because if guesses for your card’s CVC number (the three digits behind) are spread out across different websites, there’s no security alert sent to you about this. So exploiting this loophole across different websites, they are able to come up with the CVC number for that card as well other basic data like your postal address. The good (maybe not good) news is that this doesn’t affect all cards according to the research carried out. It only affects Visa cards.

The attackers are able to get this information because different websites demand different authentication data from you to process transactions. , websites that only require card number and expiry can be used to glean the expiry date in no more than 60 guesses (because cards are only valid for a maximum of 60 months) and then this card number/expiry pair to can be used to guess the three-digit CVV in no more than 999 guesses.

Seeing as card numbers are region based (you can know this from the first six digits of the card), it becomes easy to hackers to narrow down once they have other data attached to the card. So one difficult one is the address attached to the card, but with the ability to narrow down cards to regions, this can be guessed over time too.

According to tech website BoingBoing, “Mastercards are not vulnerable to this attack because “MasterCard’s centralised network detects the guessing attack after fewer than 10 attempts (even when those attempts were distributed across multiple websites),” but Visa cards are, because “Visa’s payment ecosystem does not prevent the attack.”

To deal with this threat though, the researchers propose a uniform standard required by different websites so that the accuracy of guessing is cut down. Other proposed solutions include use of IP address instead of Captcha and other Visa induced authentication requirements.

To prevent the attack, either standardisation or centralisation can be pursued (some card payment networks already provide this). Standardisation would imply that all merchants need to offer the same payment interface, that is, the same number of fields. Then the attack does not scale anymore. Centralisation can be achieved by payment gateways or card payment networks possessing a full view over all payment attempts associated with its network. Neither standardisation nor centralisation naturally fit the flexibility and freedom of choice one associates with the Internet or successful commercial activity, but they will provide the required protection. It is up to the various stakeholders to determine the case for and timing of such solutions.

Last month, researchers in Lancaster University developed an algorithm that can guess passwords of even more security conscious internet users. Called TarGuess, it is able to guess passwords with a 73 percent accuracy.

MasterCard on the other hand is now attempting to replace passwords with selfie and finger print authentications to make it harder for such guesses to happen.

Previous Post

This Study Shows That Most Students Can’t Differentiate Between Articles They Read Online

Next Post

The Zen of devRant

Related Posts

Subscribe Our Newsletter


Never miss an important Tech news again

HTML Snippets Powered By : XYZScripts.com