How crooks can hack your credit card in just SIX SECONDS: Experts warn flaws mean it is 'frighteningly easy' to collect the number, expiry date and three digit security code
- Experts say the details can be taken easily from Visa credit and debit cards
- Number, expiry date and three digit code is needed to transfer money
- Cyberteam at Newcastle University believe this was used in Tesco hack
Hackers can steal your credit or debit card details in just six seconds, experts have found.
Academics say security flaws mean it is ‘frighteningly easy’ to collect the number, expiry date and the three digit security code of Visa cards.
These are all the details a fraudster needs to transfer money from a bank account or rack up huge spending on a credit card.
The Cyberteam from the Newcastle University believes that the technique, known as a Distributed Guessing Attack, was used in the recent £2.5million hack on the 20,000 customers of Tesco bank.
The research, published today in the journal IEEE Security & Privacy, shows the method means cyber criminals can circumvent all the security features which should protect online payments from fraud.
The number, expiry date and the three digit security code is all that is needed to commit fraud (file pic)
The Cyberteam from the Newcastle University believes that the technique was used in the recent £2.5million hack on the 20,000 customers of Tesco bank (file pic)
Hackers are able to get hold of valid debit and credit card numbers, but they do not know the expiry date or security code.
The scam involves using a computer programme to automatically fire the card number at a vast number of websites.
Within seconds, hackers are able to get a ‘hit’ and then use guessing software to establish the card expiry date and security code.
The Newcastle team say that this jigsaw process, which on the face of it appears hugely complex, can take as little as six seconds. When a consumer accesses a website, they are normally asked for a password. If they fail to get the correct one after a fixed number of attempts they will be effectively locked out.
However, the Newcastle team said there is no system to stop criminals using a computer to make a vast number of guesses at a Visa card number and then other security details across a range of websites.
Mohammed Ali, of the university’s School of Computing Science, warned that hackers do not even need a genuine Visa card number to start the hacking process. He said: ‘Most hackers will have got hold of valid card numbers as a starting point but even without that it’s relatively easy to generate variations of card numbers and automatically send them out across numerous websites to validate them.
‘The next step is the expiry date. Banks typically issue cards that are valid for 60 months so guessing the date takes at most 60 attempts.
‘The CVV [the three-digit security code] is your last barrier and theoretically only the card holder has that piece of information – it isn’t stored anywhere else. But guessing this three-digit number takes fewer than 1,000 attempts.
The experts found it is only the Visa network that was vulnerable. MasterCard blocks the card after a few unsuccessful attempts (file pic)
Spread this out over 1,000 websites and one will come back verified within a couple of seconds. And there you have it – all the data you need to hack the account.’
He added: ‘The unlimited guesses, when combined with the variations in the payment data fields make it frighteningly easy for attackers to generate all the card details one field at a time.’
The Newcastle team found it was only the Visa network that was vulnerable. The rival MasterCard network blocks a card after a few unsuccessful attempts to use it across several websites.
Dr Martin Emms, co-author on the research paper, said there is no ‘magic bullet’ to protect yourself from online fraud.
He said: ‘We can all take simple steps to minimise the impact if we do find ourselves the victim of a hack. Be vigilant, check your statements and balance regularly and watch out for odd payments.’
Most watched News videos
- Mob storm police station and lynch suspected paedophile
- Reckless 20-year-old streams doomed joy-ride on Facebook Live
- Hilarious footage shows schoolgirl shouting words to hymn at nativity
- Panic as phone is submerged in WATER during condom challenge
- Woman in high spirits 'entertains' Southern Rail train passengers
- Woman who ranted in store also yelled at staff in Coffee shop
- Baby elephant reunited with its mum after being rescued from pond
- Moment judge gets slapped in the face at 2016 IFBB Diamond Cup
- 100 special police agents protect suspected paedophile from mob
- Angry Trump supporter goes on wild 'racist' rant inside store
- Incredible in air choreography with pilots and flying crew
- Me-Wow!: Cat sees snow fall from the sky for the first time
- 'I told you, don't you f*** with me': Unarmed former NFL...
- 'Straight-A, religiously devout' boy, 14, 'shot dead his...
- Get ready for the big freeze! Western half of US to be hit...
- Detective claims California supermom may have been abducted...
- Rosie O'Donnell says she is 'sorry for the pain' her Barron...
- High school senior, 18, shoots herself in front of her...
- Tom Ford refused to dress Melania Trump when asked in the...
- PIERS MORGAN: Mariah, anymore of this embarrassing tackiness...
- Woman who launched a 'racist tirade' against two black...
- 'He stood over and murdered him. What else do you f***ing...
- EXCLUSIVE: Colombian crash plane missed crucial refuelling...
- 'I was lucky enough to find my soulmate 63 years ago': Kirk...