It takes 6 seconds to hack a credit card

LONDON: It can take hackers just six seconds, a laptop and an Internet connection to hack any Visa credit or debit card, new research has revealed.
The research, published in the journal IEEE Security and Privacy, said that the “distributed guessing attack” circumvents all the security features put in place to protect online payments from fraud.
Neither the network, nor the banks are able to detect attackers making multiple, invalid attempts to get payment card data.
The current online payment system does not detect multiple invalid payment requests from different websites.
This allows unlimited guesses on each card data field, using up to the allowed number of attempts — typically 10 or 20 guesses — on each website, explained Mohammed Ali, a PhD student in Newcastle University.
“Different websites ask for different variations in the card data fields to validate an online purchase.
“This means it’s quite easy to build up the information and piece it together like a jigsaw,” Ali added.
The combination of these two factors — unlimited guesses and variation in the payment data fields — makes it easy for attackers to hack all the card details.
Each generated card field can be used in succession to generate the next field and so on.
“If the hits are spread across enough websites then a positive response to each question can be received within two seconds — just like any online payment,” Ali warned.
The researchers suggested that to minimise the chances of hacking, card-holders should use just one card for online payments and keep the spending limit on that account as low as possible.
“If it’s a bank card then keep ready funds to a minimum and transfer over money as you need it,” said Martin Emms, co-author of the research. — IANS