Hackers are able to figure out a credit card number, expiration date and security code for any Visa credit or debit card in as little as six seconds, using nothing more than guesswork, according to an article on the Tech Explore website. They do this by automatically and systematically generating different variations of cards’ security data and firing it at multiple websites, according to research published in the academic journal IEEE Security & Privacy.
Exposing the flaws in the VISA payment system, the team from Newcastle University, UK, found neither the network nor the banks could detect attackers making multiple, invalid attempts to get payment card data using the so-called Distributed Guessing Attack.
Investigators believe this attack method is likely to have been used in the recent Tesco Bank cyberattack, which the Newcastle team describe as “frighteningly easy if you have a laptop and an internet connection.” Tesco, a UK bank, had to block all its current account customers from online shopping after hackers managed to steal money from nearly 20,000 accounts.
The attack occurred in November. One Tory MP suggested the attack could have been state-sponsored, possibly by the Russians, rather than an ordinary criminal operation. MP Chris Philip said the online raid was well-organized and carried out by a well-equipped organization. READ MORE