Research suggests that 'distributed guessing attack' circumvents all security features meant to tackle online fraud. It can take hackers just six seconds, a laptop and an internet connection to hack any Visa credit or debit card, new research has revealed.
Want to go cashless? Beware: Your credit card can be hacked in 6 seconds
Research suggests that 'distributed guessing attack' circumvents all security features meant to tackle online fraud.
It can take hackers just six seconds, a laptop and an internet connection to hack any Visa credit or debit card, new research has revealed.
The research, published in the journal "IEEE Security and Privacy", said that the "distributed guessing attack" circumvents all the security features put in place to protect online payments from fraud.
Neither the network, nor the banks are able to detect attackers making multiple, invalid attempts to get payment card data.
The current online payment system does not detect multiple invalid payment requests from different websites.
This allows unlimited guesses on each card data field, using up to the allowed number of attempts - typically 10 or 20 guesses - on each website, explained by Mohammed Ali, a PhD student in Newcastle University.
"Different websites ask for different variations in the card data fields to validate an online purchase.
"This means it's quite easy to build up the information and piece it together like a jigsaw," Ali added.
The combination of these two factors -- unlimited guesses and variation in the payment data fields -- makes it easy for attackers to hack all the card details.
Each generated card field can be used in succession to generate the next field and so on.
"If the hits are spread across enough websites then a positive response to each question can be received within two seconds - just like any online payment," Ali warned.
The researchers explained that even starting with no details at all other than the first six digits -- which tell you the bank and card type -- a hacker can obtain essential pieces of information.
These are-- card number, expiry date and security code -- to make an online purchase within as little as six seconds.
Researchers believe this 'guessing attack' method could have been used in the recent Tesco cyber attack where the hackers defrauded customers of 2.5 million pounds.
The risk is higher at this time of the year as many people are making online purchases ahead of Christmas.
However, researchers found that unlike Visa cards, MasterCard's centralised network was able to detect the guessing attack after less than 10 attempts- even when those payments were distributed across multiple networks.
The researchers suggested that to minimise the chances of hacking, card-holders should use just one card for online payments and keep the spending limit on that account as low as possible.
"If it's a bank card then keep ready funds to a minimum and transfer over money as you need it," said Martin Emms, co-author of the research.
Source; Business Standard
Job Category:Job News
/fa-clock-o/ WEEK TRENDING$type=list-tab
SSC CPO Examination 2017: Age Limit, Category, Age Relaxation STAFF SELECTION COMMISSION NOTICE RECRUITMENT OF SUB-INSPEC...
Bank Of Baroda Recruitment Patna – 235 Sweeper Cum Peon & Peon -Download Your Admit Card Bank of Baroda invites Application for...
Bank Of Baroda Recruitment – 121 Sweeper Cum Peon & Peon Bank of Baroda invites Application for the post of 121 Sweeper Cum Peo...
Bank Of Baroda Recruitment 2017 Bank of Baroda invites Application for the post of 143 Sweeper Cum Peon in Subordinate cadre for...
Purba Medinipur District Recruitment 2016-17, 83 Gram Panchayat Secretary & Sahayak Posts Purba Medinipur District Recruitment...
UPSC Recruitment 2017 – 2016 - Union Public Service Commission (UPSC) invites Application for the post of 36 Assistant Labour Commission...
CRPF Recruitment 2016: Age Limit & Age Relaxation DIRECTORATE GENERAL, CRPF (MINISTRY OF HOME AFFAIRS, GOVT. OF INDIA) BLOCK ...
AIIMS Delhi Recruitment 2017 - Staff Nurse, Lab Technician & Study Coordinator Vacancy AIIMS, Delhi has invited Applications ...
HQ MEG Centre Bangalore Recruitment 2017 Apply For 249 Group-C Civilian Posts India Army has invited applications from eligible can...
Bank Of Baroda Recruitment 2017 - 150 Sweeper Cum Peon & Peon Bank of Baroda invites Application for the post of 150 Sweeper C...