Latest in Gear

Image credit:

Thieves can use web bots to guess your Visa card details

It takes just 6 seconds to get the right numbers.
Jon Fingas, @jonfingas
December 6, 2016
Share
Tweet
Share

Sponsored Links

Simon Dawson/Bloomberg via Getty Images

If you've punched in credit card details while shopping online, you've probably wondered how secure those digits are. According to Newcastle University, the answer is: not very. Its researchers have discovered that thieves are using web bots to guess Visa credit and debit card info thanks to a flaw in the company's payment system. The biggest challenge is obtaining valid 16-digit card numbers, usually by buying them or using an algorithm to generate valid examples. After that, the bots find expiration dates and CVVs (that three-digit number on the back) by spreading guesses across hundreds of shopping sites, plugging numbers into fields until they hit the jackpot. While that sounds like a painstaking process, the bots can figure things out in 6 seconds.

The flaw comes through the lack of checks for this kind of behavior. While it's bad enough that online stores often allow dozens of incorrect guesses (sometimes an unlimited amount), Visa doesn't appear to have a system in place to check for this kind of suspicious activity. Mastercard, in contrast, would realize something was wrong in "less than 10 attempts" and shut down the potential crime, no matter where the payment processing was taking place.

We've asked Visa for its response. However, this isn't just a theoretical exercise. On top of existing observations, it's believed that this technique was used in a recent attack on UK retailer Tesco that racked up £2.5 million ($3.2 million) in fraud. As for the solution? Visa would ideally implement a Mastercard-like check for odd behavior, but the most immediate fix may come from the stores themselves. Some of the websites used for these guesses are reducing the opportunities to guess info, making these attacks more difficult. Until there's a more permanent solution in place, though, you'll want to keep a close eye on your Visa card statements for any unusual charges.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

The 2020 Engadget Holiday Gift Guide

The 2020 Engadget Holiday Gift Guide

View
Scientists find neutrinos from star fusion for the first time

Scientists find neutrinos from star fusion for the first time

View
Comcast is hiking TV and internet prices in 2021

Comcast is hiking TV and internet prices in 2021

View
Google shows off 'Cyberpunk 2077' running on Stadia at 4K

Google shows off 'Cyberpunk 2077' running on Stadia at 4K

View
The best Black Friday tech deals we could find

The best Black Friday tech deals we could find

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr