AM 760 KFMB - Talk Radio Station - San Diego, CA - Researchers identify ‘brute force’ method of stealing credit car

Researchers identify ‘brute force’ method of stealing credit card information

Updated:
© Comstock / Thinkstock © Comstock / Thinkstock


By Brad Jones 


Provided by

We all know it’s important to be vigilant while shopping online, so that our information isn’t captured for illicit purposes. However, the user’s due diligence is worthless if the retail platform itself has a security flaw — and new research suggests there might be a glaring issue with the way online stores take payment information.

A group of researchers from Newcastle University in the United Kingdom has published a paper that suggests online criminals can use online payment systems from a variety of different sites to figure out a target’s banking information by “brute force.” The researchers suggest that this methodology may have been used to facilitate last month’s attack on Tesco Bank customers.

More: Following a hack, Russia Central Bank loses $31 million

Typically, a website will only allow a user 10 or 20 guesses at any individual field on a payment form, which is enough to prevent attackers from guessing a 16-digit account number. However, different retailers use different systems, meaning that a criminal could cross-reference data from several sites to find out that information, without ever exceeding the number of guesses that would prompt detection.

MasterCard is apparently immune to this kind of attack, because the company detects guesses even when they’re carried out across different websites, according a to a report from security expert Bruce Schneier. However, Visa does not implement the same system.

It’s thought that criminals only need the first six digits of a card number to facilitate this kind of attack — which is worrying, given that those numbers only refer to the bank and card type. With this information in hand, the card’s full number, its expiration date, and its CCV code can apparently be learned in as little as six seconds, giving the culprit everything needed to make fraudulent online purchases.

This article was originally posted on Digital Trends

Content provided by
INFORMATIONAL DISCLAIMER The information contained on or provided through this site is intended for general consumer understanding and education only and is not intended to be and is not a substitute for professional financial or accounting advice. Always seek the advice of your accountant or other qualified personal finance advisor for answers to any related questions you may have. Use of this site and any information contained on or provided through this site is at your own risk and any information contained on or provided through this site is provided on an "as is" basis without any representations or warranties.
Powered by Frankly
All content © Copyright 2000 - 2017 Midwest Television, Inc. All Rights Reserved.
For more information on this site, please read our Privacy Policy, and Terms of Service, and Ad Choices.