Hackers may be able to figure out your entire credit or debit card number, expiration date and security code — in as little as six seconds, according to a new study.
New report: Credit cards can be hacked in seconds
Researchers at Newcastle University in the UK said criminals are able to do it through what’s called a “distributed guessing attack,” which is able to get around security features that are meant to prevent online fraud.
The report found that the flaws are limited to the Visa network.
With just a laptop and an Internet connection, researchers said it’s “frighteningly easy” for attackers to hack an account simply by guessing the credit card number, expiration date and 3-digit security code.
There are two weaknesses that have made this possible, according to the study.
- The current online system doesn’t detect multiple invalid payment requests on the same card from different websites, allowing unlimited guesses if they’re distributed over many different sites.
- Different web merchants ask for different variations in the card data fields, allowing the guessing attack to work one field at a time.
Researchers said most hackers illegally purchase valid card numbers to begin with, so they may only need to carry out a guessing attack for the expiration date and 3-digit security code.
The study also looked at MasterCard, but it found that the network was able to detect the guessing attack after less than 10 attempts. Researchers believe only Visa’s network is vulnerable.
In a statement to Clark.com, a Visa spokesperson said, “The research does not take into account the multiple layers of fraud prevention that exist within the payments system, each of which must be met in order to make a transaction possible in the real world.”
Visa also pointed out that customers won’t be responsible for any fraudulent charges if their account is hacked.
How to protect yourself from fraud
In addition to checking your statements regularly, Clark suggests that you have a credit card that you use for online shopping and nothing else.
That way it’s easier for you to monitor your transactions for unusual activity.