They Discover A Technique That Allows To Hack Credit Cards In 6 Seconds
If you have ever made a purchase online you will know that in order to pay with your credit or debit card, in addition to the card number, you also need to indicate two verification values: The expiration date and the CVV code.
The CVV (Card Verification Value) code is a number, usually, three digits found on the back of the cards. The purpose of this number is to add an extra layer of protection to transactions, making it necessary to confirm that the customer has physical access to the card.
A recent study by the University of Newcastle says that it is possible to find out the values of the verification code for VISA credit and debit cards, using a network of web robots (computer programs that automatically perform tasks on the Internet) that take advantage of a Weakness in card payment systems on the web, which allows a very high number of erroneous code attempts, sometimes even unlimited.
The steps that the thieves would follow would be the following: first, they are done with the 16 digits of a credit card, either through social engineering (Are you one of those who still give the card to the cashier when they go to pay?) Or using algorithms that generate valid card numbers.
Next, they must find out the expiration date and CVV of that card. To do this, they use bots that, using the payment platform of thousands of shopping websites, begin to test the combinations of dates and digits in a distributed way.
Having a list of thousands of shopping sites, making less than 10 attempts per site will help you find the right combination. The number of possible combinations is not too high, 999 possible CVV codes and less than 50 possible expiration dates (taking into account that only month/year is indicated and that the expiration window will surely be less than 5 years).
In the study by the University of Newcastle, they point out that credit card data can be obtained in just 6 seconds.
The study also indicates that this technique could have been used to steal almost 3 million euros from the TESCO chain of shops in the United Kingdom.