Home / Software & Service News / Thieves can use web bots to guess your Visa card details

Thieves can use web bots to guess your Visa card details

If you’ve punched in credit card details while shopping online, you’ve probably wondered how secure those digits are. According to Newcastle University, the answer is: not very. Its researchers have discovered that thieves are using web bots to guess Visa credit and debit card info thanks to a flaw in the company’s payment system. The biggest challenge is obtaining valid 16-digit card numbers, usually by buying them or using an algorithm to generate valid examples. After that, the bots find expiration dates and CVVs (that three-digit number on the back) by spreading guesses across hundreds of shopping sites, plugging numbers into fields until they hit the jackpot. While that sounds like a painstaking process, the bots can figure things out in 6 seconds.

The flaw comes through the lack of checks for this kind of behavior. While it’s bad enough that online stores often allow dozens of incorrect guesses (sometimes an unlimited amount), Visa doesn’t appear to have a system in place to check for this kind of suspicious activity. Mastercard, in contrast, would realize something was wrong in “less than 10 attempts” and shut down the potential crime, no matter where the payment processing was taking place.

We’ve asked Visa for its response. However, this isn’t just a theoretical exercise. On top of existing observations, it’s believed that this technique was used in a recent attack on UK retailer Tesco that racked up £2.5 million ($3.2 million) in fraud. As for the solution? Visa would ideally implement a Mastercard-like check for odd behavior, but the most immediate fix may come from the stores themselves. Some of the websites used for these guesses are reducing the opportunities to guess info, making these attacks more difficult. Until there’s a more permanent solution in place, though, you’ll want to keep a close eye on your Visa card statements for any unusual charges.

Via: Ars Technica

Source: Newcastle University, (PDF)

Click Here For Original Source Of The Article

About Ms. A. C. Kennedy

Ms. A. C. Kennedy
My name is Ms A C Kennedy and I am a Health practitioner and Consultant by day and a serial blogger by night. I luv family, life and learning new things. I especially luv learning how to improve my business. I also luv helping and sharing my information with others. Don't forget to ask me anything!

Check Also

Microsoft’s Seeing AI app for the blind now reads handwriting

Artificial intelligence took center stage at Microsoft's AI Summit in San Francisco on Wednesday. Aside from announcing AI smarts for a range of software -- from Bing to Office 365 -- the tech titan is also ramping up its Seeing AI app for iOS, which uses computer vision to audibly help blind and visually impaired people to see the world around them. According to Microsoft, it's nabbed 100,000 downloads since its launch in the US earlier this year, which convinced the tech titan to bring it to 35 countries in total, including the EU.

It's also getting a bunch of new features. The app now boasts more currency recognition, adding British pounds, US dollars, Canadian dollars, and Euros to its tally. Going beyond the color in a scene, it can also spot the color of specific objects, like clothes. Plus, it's no longer restricted to just short printed text, with handwriting recognition now part of its skill set. You can also customize the voice that it uses to speak its observations out loud, and set how fast it talks.

Finally, a musical light detector alerts you to the light in an environment with an audible tone -- Microsoft claims the tool will save users from having to touch a hot bulb or LED battery to check if it's on. Despite the big update, there's still no word on an Android launch.

Source: Microsoft