The Visa Credit Card Security Flaw That Has Everyone Worried
A new study has claimed that hackers can guess Visa card payment details in a matter of seconds. It is being reported that cyber criminals can utilise computers to make a number of attempts to obtain confidential payment data without the discovery of their illicit efforts. Of course, if you have a Visa credit card or debit card, as a huge number of people do, this is likely to cause huge concern. Below, we take a look at the recent study in further detail. If you have watched the news lately, you will, no doubt, be aware of the fact that the banking and financial services industry has come under a lot of scrutiny lately. The most recent company to come under fire was Tesco Bank after a hacking scam cost £2.5 million and impacted 9,000 customers. Experts believe that the method that was used in this recent hack is the same method that can be used to guess Visa payment details. Experts from Newcastle University have said that with just an Internet connection and a laptop it is ‘frighteningly easy’ to guess Visa card details.
The approach that is used by the hackers is known as a ‘Distributed Guessing Attack’. It bypasses Internet security features, which means that hackers can make a large number of unsuccessful attempts to get the data of a Visa credit card, and they would not be flagged up. So, how do they acquire the details of a card? Well, this flaw means that hackers can systematically fire up a number of variations of payment data at thousands of websites. They can do this simultaneously, which means that cyber criminals can have all of the information needed within a matter of seconds, and thus they simply need to use the process of elimination to verify the correct details of a card. Of course, this can easily be done via a computer.
Mohammed Ali, a PhD student at Newcastle University, said that it’s easy for hackers to piece together card information like a jigsaw. Not only because of the flow that allows cyber criminals unlimited guesses, but also because different websites ask for different variations of the data field on a card to validate a purchase made over the Internet.
Visa has responded to the research, stating that the multiple fraud prevention layers they have in place have not been taken into account. They state that to make a transaction possible in the real world, multiple fraud prevention requirements need to be met. They also state that the most important thing for consumers to remember is that you are protected from liability if your card number is used fraudulently.