Thieves can use web bots to guess your Visa card details

If you’ve punched in credit card details while shopping online, you’ve probably wondered how secure those digits are. According to Newcastle University, the answer is: not very. Its researchers have discovered that thieves are using web bots to guess Visa credit and debit card info thanks to a flaw in the company’s payment system. The biggest challenge is obtaining valid 16-digit card numbers, usually by buying them or using an algorithm to generate valid examples. After that, the bots find expiration dates and CVVs (that three-digit number on the back) by spreading guesses across hundreds of shopping sites, plugging numbers into fields until they hit the jackpot. While that sounds like a painstaking process, the bots can figure things out in 6 seconds.

The flaw comes through the lack of checks for this kind of behavior. While it’s bad enough that online stores often allow dozens of incorrect guesses (sometimes an unlimited amount), Visa doesn’t appear to have a system in place to check for this kind of suspicious activity. Mastercard, in contrast, would realize something was wrong in “less than 10 attempts” and shut down the potential crime, no matter where the payment processing was taking place.

We’ve asked Visa for its response. However, this isn’t just a theoretical exercise. On top of existing observations, it’s believed that this technique was used in a recent attack on UK retailer Tesco that racked up £2.5 million ($3.2 million) in fraud. As for the solution? Visa would ideally implement a Mastercard-like check for odd behavior, but the most immediate fix may come from the stores themselves. Some of the websites used for these guesses are reducing the opportunities to guess info, making these attacks more difficult. Until there’s a more permanent solution in place, though, you’ll want to keep a close eye on your Visa card statements for any unusual charges.

Via: Ars Technica

Source: Newcastle University, (PDF)

Source: Engadget - Read the full article here

Author: Daily Tech Whip

This article is part of our 'News Tiles' service. The site is currently in Beta. When it is fully operational you will be able to search through and arrange the 'Tiles' to display a keyword, product or technology over your chosen time period. For example you would be able to display all of the leading tech articles on the new Kindle Fire, in one spot in real time. You will also have access to our own original reporting and analysis as well as a polished place to post your own thoughts & reviews here, amongst the Daily Tech Whip Community. Please let us know if you have any feedback via the contact form or via Twitter. Don't forget to come back next week and see our full site and claim your name and your own free tech blog.

Share This Post On