New Delhi: Hackers can take as less as six seconds to hack a laptop and an internet connection to access an individual’s Visa credit or debit card data.
As per a new research published in the journal “IEEE Security and Privacy”, “distributed guessing attack” can succeed in breaching all the security features put in place to protect online payments from fraud.
IANS report based on the research published in the journals said that neither the network, nor the banks are able to detect attackers making multiple, invalid attempts to get payment card data.
The current online payment system does not detect multiple invalid payment requests from different websites.
This allows unlimited guesses on each card data field, using up to the allowed number of attempts – typically 10 or 20 guesses – on each website, explained Mohammed Ali, a PhD student in Newcastle University.
“Different websites ask for different variations in the card data fields to validate an online purchase, enabling hackers to build up the information and piece it together like a jigsaw.
The combination of these two factors — unlimited guesses and variation in the payment data fields — makes it easy for attackers to hack all the card details.
Each generated card field can be used in succession to generate the next field and so on.
The researchers explained that even starting with no details at all other than the first six digits — which tell you the bank and card type — a hacker can obtain essential pieces of information.
These are — card number, expiry date and security code — to make an online purchase within as little as six seconds.
Researchers believe this `guessing attack` method could have been used in the recent Tesco cyber attack where the hackers defrauded customers of 2.5 million pounds.
The risk is higher at this time of the year as many people are making online purchases ahead of Christmas.
However, researchers found that unlike Visa cards, MasterCard`s centralised network was able to detect the guessing attack after less than 10 attempts – even when those payments were distributed across multiple networks.
The researchers suggested that to minimise the chances of hacking, debit or credit card-holders should use just one card for online payments and keep the spending limit on that account as low as possible.