Skip to main content

Credit cards can be hacked


Beware! Your Credit/Debit Card Can Be Hacked In Just 6 Seconds

Card number, expiry date, CVV2, address -- everything is guessable

     A new attack mechanism, called Distributed Guessing Attack, can steal your credit and debit card details in as few as six seconds. This assault exploits two basic security flaws in the online payment systems–unlimited guesses on payment pages and variation in the payment data fields.

Today, different kinds of cards have become the de facto means of online payments. This has also resulted in an increase in the number of online frauds taking place every month. The current situation, automatically, presents before us the question — what security methods are being taken to ensure a safe cashless transaction?

The researchers from the University of Newcastle have carried out a research and published their result in the IEEE Security & Privacy Journal. The study shows how an attack mechanism, called Distributed Guessing Attack, can bypass all the security measures deployed to ensure the safety of online transactions.

Surprisingly, this invasion can help the cyber criminals fetch your credit card numbers, security codes, expiry dates, and other information in as few as 6 seconds.

How Distributed Guessing Attack works?

The attack makes use of the reply (positive or negative) of web merchant’s payment page to guess the data. It exploits two weaknesses. First, the current payment systems don’t detect multiple invalid requests on the same card from different websites. It implies that unlimited guesses can be made by “distributing” the guesses over tons of websites. Second, as different merchants provide various fields for entering data, the attack scales well and the hacker can use the guessing attack to get information from one field at a time.

These two characteristics that look like a flaw, make things easy for the attackers to get all the credit card details. Within seconds, this attack can be launched on various payment pages. With the help of elimination, the correct card number, security code and CVV number can be verified.

Screenshot of the website bot, farming CVV2 from multiple sites.

In the study, the attack was carried out using automated scripts written in Java Selenium browser automation framework. All the experiments were performed on Mozilla’s open source Firefox web browser.

After the study, the researchers have notified Visa and other affected sites. While some websites have hardened their security settings, many chose to ignore this warning.

In order to enhance the personal security, the researchers have suggested that the card-holders should use a single card for online payments and minimize the spending limit to as low as possible.

What do you suggest? Are our current cashless payment systems secure? Don’t forget to drop your views in the comments section belo

Comments

Popular posts from this blog

So what exactly is cryptography

Nowadays Internet is an important part of Life.  We are using the Internet for sending confidential data also like password,for storing army secrets. But the Internet is insecure medium.we all use internet at a daily basis.  Do you know why? Insecure Medium: Imagine you are sending a data.  In internet world, data are separated as packets and send to the destination.  Do you think the data directly reaching the destination?   If  you think so,you are wrong.  The packets are going through different routers.  Finally, the data is sent to the user.  In this gap, Intruders(i mean attackers) takes advantages. so who are they .the are  I.they  can see what you are sending.  Because your data are simple and easy to readable by anyone. How to secure the data? We can not stop the intruders and their activities.  But we can make our data as Unreadable for Intruders.  For this purpose, the Cryptography is introduce...

Lunix malware havoc

The Krebs DDoS attacks have proven that the IoT landscape is a fertile ground that can breed huge botnets capable of launching massive DDoS assaults. As such, it should be no surprise that malware authors are now focusing their efforts on this sector and putting out new threats in the hopes of building the next Mirai botnet. One of the latest additions to the IoT malware market is a trojan codenamed Linux/NyaDrop, recently reverse engineered by MalwareMustDie, the same researcher who discovered the Mirai malware. MalwareMustDie points out in his research that this binary appeared in May, but was somewhat simplistic and not that common. Things changed after the Krebs DDoS attacks, and a new sample has appeared on the market, with the malware’s author most likely drawn back to the IoT landscape by Mirai’s success. Just like most IoT malware nowadays, NyaDrop’s author relies on brute-forcing Internet-exposed IoT devices using their default credentials. In a conversati...

Remove virus from android

Desktops aren’t the only gadgets that can be affected by a virus. Android devices have a malware problem and it’s growing every day. If you do get a virus, you could perform a factory reset to get rid of it, but that means you’d lose all your data — those photos you shot, the saved games, the text messages, and everything else. Obviously, you want a factory reset to be your last option. So what can you do to remove a virus from Android without a factory reset? Is It Really a Virus? If your phone isn’t functioning the way it should be, there’s a chance you have some malware on it. One wrong tap somewhere and a malicious file might have been downloaded on your phone, which is leeching battery life, Internet resources, or your personal data. But it could be something else. Suppose your Android refuses to boot or crashes every time it starts up. Or maybe you can’t seem to download apps from the Play Store. These are not necessarily caused...