Skip to main content

Credit cards can be hacked


Beware! Your Credit/Debit Card Can Be Hacked In Just 6 Seconds

Card number, expiry date, CVV2, address -- everything is guessable

     A new attack mechanism, called Distributed Guessing Attack, can steal your credit and debit card details in as few as six seconds. This assault exploits two basic security flaws in the online payment systems–unlimited guesses on payment pages and variation in the payment data fields.

Today, different kinds of cards have become the de facto means of online payments. This has also resulted in an increase in the number of online frauds taking place every month. The current situation, automatically, presents before us the question — what security methods are being taken to ensure a safe cashless transaction?

The researchers from the University of Newcastle have carried out a research and published their result in the IEEE Security & Privacy Journal. The study shows how an attack mechanism, called Distributed Guessing Attack, can bypass all the security measures deployed to ensure the safety of online transactions.

Surprisingly, this invasion can help the cyber criminals fetch your credit card numbers, security codes, expiry dates, and other information in as few as 6 seconds.

How Distributed Guessing Attack works?

The attack makes use of the reply (positive or negative) of web merchant’s payment page to guess the data. It exploits two weaknesses. First, the current payment systems don’t detect multiple invalid requests on the same card from different websites. It implies that unlimited guesses can be made by “distributing” the guesses over tons of websites. Second, as different merchants provide various fields for entering data, the attack scales well and the hacker can use the guessing attack to get information from one field at a time.

These two characteristics that look like a flaw, make things easy for the attackers to get all the credit card details. Within seconds, this attack can be launched on various payment pages. With the help of elimination, the correct card number, security code and CVV number can be verified.

Screenshot of the website bot, farming CVV2 from multiple sites.

In the study, the attack was carried out using automated scripts written in Java Selenium browser automation framework. All the experiments were performed on Mozilla’s open source Firefox web browser.

After the study, the researchers have notified Visa and other affected sites. While some websites have hardened their security settings, many chose to ignore this warning.

In order to enhance the personal security, the researchers have suggested that the card-holders should use a single card for online payments and minimize the spending limit to as low as possible.

What do you suggest? Are our current cashless payment systems secure? Don’t forget to drop your views in the comments section belo

Labels:

Comments

Post a Comment

Popular posts from this blog

Kali linux android simply amazing

How to Install and run Kali Linux on any Android Smartphone TUTORIAL FOR INSTALLING AND RUNNING KALI LINUX ON ANDROID SMARTPHONES AND TABLETS Kali Linux is one the best love operating system of white hat hackers, security researchers and pentesters. It offers advanced penetration testing tool and its ease of use means that it should be a part of every security professional’s toolbox. Penetration testing involves using a variety of tools and techniques to test the limits of security policies and procedures. Now a days more and more apps are available on Android operating system for smartphones and tablets so it becomes worthwhile to have  it on your smartphone as well. Kali Linux on Android smartphones and tablets allows researchers and pentesters to perform ” security checks” on things like cracking wep Wi-Fi passwords, finding vulnerabilities/bugs or cracking security on websites.  This opens the door to doing this from a mobile device such a...
Post a Comment
Read more

What is DNS

D NS stands for Domain Name System is used to as the medium to translate domain names to their respective IP addresses when a client initiates a request query. DNS stores the database of all the domain names and their IP addresses which are registered on the network. Most of us are quite familiar with the term DNS or Domain Name System. DNS can be thought of as an attendance register for various websites present over the internet. In the case of DNS, it maintains the database of all the websites Domain Names and their IP (Internet Protocol) addresses that are operational all over the world. Historical Notes The origins of DNS date back to the time of the ARPANET  when there were only a few computers to get an entry in the database. A HOSTS.TXT file was maintained by Stanford Research Institute, which constituted the data of all the machines, and was copied by all the host machines to remain updated. Jon Postel from the Information Sciences Institute requested Pau...
Post a Comment
Read more

How tor works

 Using the publicly available data, data visualization software firm Uncharted has prepared TorFlow — a map for visualizing how TOR’s data looks as it flows all across the world. It shows TOR network’s node and data movements based on the IP addresses of relays bouncing around the connections of users to avoid spying. TOR is the world’s most widely used tool for anonymity purposes . It has grown into a powerful network that’s spread all over the world. Surprisingly, the TOR project is transparent about the location of the TOR nodes and thousands of machines that power the network. This non-profit organization frequently published an updated list about the bandwidth and location of the computers and data centers spread all across the world. Using the same public data,  TorFlow  maps the TOR network’s nodes and data flow all around the world. This data movement is measured based on the IP addresses and bandwidth of the relay computers bouncing around the...
Post a Comment
Read more