Cyber criminals can work out card numbers, expiry dates and security codes of any Visa credit or debit card in as few as six seconds using nothing more than simple guessing technology, a new study has revealed.
The study, carried out by researchers from the University of Newcastle and published in the IEEE Security & Privacy journal, shows how a so-called ‘Distributed Guessing Attack’ can bypass every security feature put in place to protect online users in a matter of seconds.
The guessing technique works by automatically generating different variations of the card security data across multiple websites until hackers are able to land on a ‘hit’ for each required piece of information.
READ MORE: Chip-and-PIN credit cards hacked easily, Black Hat conference proves
The team found that by spreading the guesses across multiple websites, neither the network nor the banks were able to detect all of the invalid attempts.
“The current online payment system does not detect multiple invalid payment requests from different websites. This allows unlimited guesses on each card data field, using up to the allowed number of attempts – typically 10 or 20 guesses – on each website,” said Mohammed Ali, computer science PhD student in Newcastle University and lead author of the paper.
Additionally, while websites seek to bolster online shopping security by asking for different variations of card info, this actually works to the hackers’ advantage, according to the researchers, because it makes it “quite easy to build up the information and piece it together like a jigsaw.”
“The unlimited guesses, when combined with the variations in the payment data fields make it frighteningly easy for attackers to generate all the card details one field at a time,” Ali explained.
For anyone concerned about how to keep their credit and debit cards safe, the fact is “there is no magic bullet” according the paper’s co-author Dr. Martin Emms.
However, he added that there are some steps consumers can take to minimize their risk of becoming a victim of credit card fraud.
“Use just one card for online payments and keep the spending limit on that account as low as possible. If it’s a bank card then keep ready funds to a minimum and transfer over money as you need it,” Emms advises.