You are here: Home » Finance » News » Others
Business Standard

Want to go cashless? Beware: Your credit card can be hacked in 6 seconds

Research suggests that 'distributed guessing attack' circumvents all security features meant to tackle online fraud

IANS  |  London 

Want to go cashless? Beware: Your credit card can be hacked in 6 seconds

It can take hackers just six seconds, a laptop and an internet connection to hack any Visa credit or debit card, new research has revealed.

The research, published in the journal "IEEE Security and Privacy", said that the "distributed guessing attack" circumvents all the security features put in place to protect online payments from fraud.

Neither the network, nor the banks are able to detect attackers making multiple, invalid attempts to get payment card data.

The current online payment system does not detect multiple invalid payment requests from different websites.

This allows unlimited guesses on each card data field, using up to the allowed number of attempts - typically 10 or 20 guesses - on each website, explained Mohammed Ali, a PhD student in Newcastle University.

"Different websites ask for different variations in the card data fields to validate an online purchase.

"This means it's quite easy to build up the information and piece it together like a jigsaw," Ali added.

The combination of these two factors -- unlimited guesses and variation in the payment data fields -- makes it easy for attackers to hack all the card details.

Each generated card field can be used in succession to generate the next field and so on.

"If the hits are spread across enough websites then a positive response to each question can be received within two seconds - just like any online payment," Ali warned.

The researchers explained that even starting with no details at all other than the first six digits -- which tell you the bank and card type -- a hacker can obtain essential pieces of information.

These are-- card number, expiry date and security code -- to make an online purchase within as little as six seconds.

Researchers believe this 'guessing attack' method could have been used in the recent Tesco where the hackers defrauded customers of 2.5 million pounds.

The risk is higher at this time of the year as many people are making online purchases ahead of Christmas.

However, researchers found that unlike Visa cards, MasterCard's centralised network was able to detect the guessing attack after less than 10 attempts- even when those payments were distributed across multiple networks.

The researchers suggested that to minimise the chances of hacking, card-holders should use just one card for online payments and keep the spending limit on that account as low as possible.

"If it's a bank card then keep ready funds to a minimum and transfer over money as you need it," said Martin Emms, co-author of the research.

RECOMMENDED FOR YOU

Want to go cashless? Beware: Your credit card can be hacked in 6 seconds

Research suggests that 'distributed guessing attack' circumvents all security features meant to tackle online fraud

Research suggests that 'distributed guessing attack' circumvents all security features meant to tackle online fraud

It can take hackers just six seconds, a laptop and an internet connection to hack any Visa credit or debit card, new research has revealed.

The research, published in the journal "IEEE Security and Privacy", said that the "distributed guessing attack" circumvents all the security features put in place to protect online payments from fraud.

Neither the network, nor the banks are able to detect attackers making multiple, invalid attempts to get payment card data.

The current online payment system does not detect multiple invalid payment requests from different websites.

This allows unlimited guesses on each card data field, using up to the allowed number of attempts - typically 10 or 20 guesses - on each website, explained Mohammed Ali, a PhD student in Newcastle University.

"Different websites ask for different variations in the card data fields to validate an online purchase.

"This means it's quite easy to build up the information and piece it together like a jigsaw," Ali added.

The combination of these two factors -- unlimited guesses and variation in the payment data fields -- makes it easy for attackers to hack all the card details.

Each generated card field can be used in succession to generate the next field and so on.

"If the hits are spread across enough websites then a positive response to each question can be received within two seconds - just like any online payment," Ali warned.

The researchers explained that even starting with no details at all other than the first six digits -- which tell you the bank and card type -- a hacker can obtain essential pieces of information.

These are-- card number, expiry date and security code -- to make an online purchase within as little as six seconds.

Researchers believe this 'guessing attack' method could have been used in the recent Tesco where the hackers defrauded customers of 2.5 million pounds.

The risk is higher at this time of the year as many people are making online purchases ahead of Christmas.

However, researchers found that unlike Visa cards, MasterCard's centralised network was able to detect the guessing attack after less than 10 attempts- even when those payments were distributed across multiple networks.

The researchers suggested that to minimise the chances of hacking, card-holders should use just one card for online payments and keep the spending limit on that account as low as possible.

"If it's a bank card then keep ready funds to a minimum and transfer over money as you need it," said Martin Emms, co-author of the research.

image
Business Standard
177 22

Want to go cashless? Beware: Your credit card can be hacked in 6 seconds

Research suggests that 'distributed guessing attack' circumvents all security features meant to tackle online fraud

It can take hackers just six seconds, a laptop and an internet connection to hack any Visa credit or debit card, new research has revealed.

The research, published in the journal "IEEE Security and Privacy", said that the "distributed guessing attack" circumvents all the security features put in place to protect online payments from fraud.

Neither the network, nor the banks are able to detect attackers making multiple, invalid attempts to get payment card data.

The current online payment system does not detect multiple invalid payment requests from different websites.

This allows unlimited guesses on each card data field, using up to the allowed number of attempts - typically 10 or 20 guesses - on each website, explained Mohammed Ali, a PhD student in Newcastle University.

"Different websites ask for different variations in the card data fields to validate an online purchase.

"This means it's quite easy to build up the information and piece it together like a jigsaw," Ali added.

The combination of these two factors -- unlimited guesses and variation in the payment data fields -- makes it easy for attackers to hack all the card details.

Each generated card field can be used in succession to generate the next field and so on.

"If the hits are spread across enough websites then a positive response to each question can be received within two seconds - just like any online payment," Ali warned.

The researchers explained that even starting with no details at all other than the first six digits -- which tell you the bank and card type -- a hacker can obtain essential pieces of information.

These are-- card number, expiry date and security code -- to make an online purchase within as little as six seconds.

Researchers believe this 'guessing attack' method could have been used in the recent Tesco where the hackers defrauded customers of 2.5 million pounds.

The risk is higher at this time of the year as many people are making online purchases ahead of Christmas.

However, researchers found that unlike Visa cards, MasterCard's centralised network was able to detect the guessing attack after less than 10 attempts- even when those payments were distributed across multiple networks.

The researchers suggested that to minimise the chances of hacking, card-holders should use just one card for online payments and keep the spending limit on that account as low as possible.

"If it's a bank card then keep ready funds to a minimum and transfer over money as you need it," said Martin Emms, co-author of the research.

image
Business Standard
177 22

Upgrade To Premium Services

Welcome User

Business Standard is happy to inform you of the launch of "Business Standard Premium Services"

As a premium subscriber you get an across device unfettered access to a range of services which include:

  • Access Exclusive content - articles, features & opinion pieces
  • Weekly Industry/Genre specific newsletters - Choose multiple industries/genres
  • Access to 17 plus years of content archives
  • Set Stock price alerts for your portfolio and watch list and get them delivered to your e-mail box
  • End of day news alerts on 5 companies (via email)
  • NEW: Get seamless access to WSJ.com at a great price. No additional sign-up required.
 

Premium Services

In Partnership with

 

Dear Guest,

 

Welcome to the premium services of Business Standard brought to you courtesy FIS.
Kindly visit the Manage my subscription page to discover the benefits of this programme.

Enjoy Reading!
Team Business Standard