Home Internet This tool could crack credit numbers in 6 seconds

This tool could crack credit numbers in 6 seconds

7 min read

In what amounts to a very clever brute force attack, a group of researchers has figured out how to find credit card information including expiration dates and CVV numbers by querying ecommerce sites. The process, which was outlined in IEEE Security & Privacy, involves guessing and testing hundreds of permutations of expiration dates and CVV numbers on hundreds of sites.

MasterCards aren’t susceptible to this attack because their system shuts down cards after 100 attempts. Visa cardholders aren’t so lucky.

The researchers, Mohammed Aamir Ali, Budi Arief, Martin Emms, and Aad van Moorsel, believe that their tool can also be used to guess ZIP codes and address data or hackers can simply correlate location data with issuing banks or use skimmers to figure out where different cards are used. If the commerce site doesn’t require a ZIP code, however, cracking the card is as simple as running a program.

To prevent the attack, either standardisation or centralisation can be pursued (some card payment networks already provide this). Standardisation would imply that all merchants need to offer the same payment interface, that is, the same number of fields. Then the attack does not scale anymore. Centralisation can be achieved by payment gateways or card payment networks possessing a full view over all payment attempts associated with its network. Neither standardisation nor centralisation naturally fit the flexibility and freedom of choice one associates with the Internet or successful commercial activity, but they will provide the required protection. It is up to the various stakeholders to determine the case for and timing of such solutions.

The researchers believe that these attacks are already happening in the wild and that their solution  while distressing  isn’t unique, which makes it much scarier.

Related Content :  Facebook adds "Find Wi-fi" Feature to its Mobile App

Source: Tech Crunch 

Disclaimer: Tech Habor is not responsible for the misuse of this article. This article is a news item for research and informative  purposes only. Copyrights reserved for Tech Crunch

Load More Related Articles

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Check Also

Google Duplex starts rolling out for Non-Pixel Smartphones

Google Duplex is part of Google Assistant, and it can call restaurants or businesses to sc…