With a minute amount of credit card information, Newcastle University researchers noted it takes six seconds for the data to be stolen. All anyone needs to do is guess wrong quickly.
In a majority of Internet transactions, all a person needs to verify a card is the account number, CVV and expiration date. It’s not unusual for at least one of these to be leaked during a data breach. While some payment processors don’t need all three of them, you do need them to boost the fraudulent activity. It appears the way payment processors keep an eye on transactions on websites make it extremely easy to determine what information is missing… all by the elimination process.
Most websites will block cards after there have been 20 failed attempts for it to be used. The problem is that card companies don’t track the usage on various websites. This allows for trials to be carried out on multiple sites, without the imposition of too many incorrect guesses blocking the card. According to researchers, the Visa payment platform appears to be more vulnerable than others.
The researchers developed a program known as CCS2015 Toolkit and used it on the database of various website payment systems. The toolkit was able to automate the process of connecting with various sites with partial card details. In order to use the tool, a person would type in the information they knew about the card and click a button to locate the rest of the information. The program goes through various numbers until there’s a hit.
It takes just seconds to come up with the CVV number if the expiration date and account number are known. It takes less than 1,000 tries to attain the CVV and less than 60 to attain the expiration date.
The team said it was concerned that banks and payment platforms have no system designed to deal with this problem. They said nobody would try multiple times to carry out a transaction on the same credit card. According to the researchers, Visa cards at typically the main target of this type of attack. MasterCard will lock a card after there have been 10 failed attempts in a short time period.
The reality is that there is no surefire way to protect oneself from hacking attempts on your credit card. You just need to be vigilant about charges.