Hacking: six seconds to hack a Visa card!

Holders of a Visa-type bank card, tremble! A recent British study has come to the conclusion that credit card security flaws do exist and proves it in video.

In recent years, the bank card security system has been called into question, but despite numerous hacks and other abuses, nothing revolutionary seems to have been done. A study carried out by the University of Newcastle (United Kingdom) proves that it is « terribly easy » to hack into a Visa-type bank card and that this manipulation would take only six seconds for a hacker to obtain data such as the expiry date of the card as well as the security code. The technique used here has a name: Distributed Guessing Attack or Brute force attack.

You should know that to achieve their ends, hackers must first know the number of the victim’s card, but the first digits are rather easy to find since they identify the issuing bank of the card. Finding this information is not a mystery for a hacker who will just have to use databases circulating on the Web which are also provided for this.

The British researchers conducted their study by « attacking » seven Visa cards on their own software. Each time, in less than 60 tries, the right combination was unearthed and for the discovery of the card’s cryptogram (3-digit security code), less than a thousand attempts were enough. The software in question can even identify the postal code and the address of origin of the card.

According to the researchers, data from MasterCard cards is more difficult to obtain, simply because this system detects hacking attempts after about ten attempts. And a good way to fight against piracy when making online payments is to confirm them by SMS.

Visa, for its part, seeks to reassure:

“Visa is committed to keeping fraud low and working closely with card issuers and acquirers to make it very difficult for cardholder data to be obtained and used unlawfully. »

Finally, e-commerce sites should review their security system in order to improve it. Indeed, some sites would only detect fraud after fifty failed attempts, while others would have no limits.

Here is the demonstration of the six-second hacking of a Visa card:

Sources: France Soir – 20 Minutes – PDF of the study available HERE.

Laisser un commentaire