Want to be a reporter or would you like to buy a report for the best price?
Just Sign Up here!
Privacy guidelines License our content Help
Criminals have many different ways to steal credit card numbers. They'll install skimmers on bank machines and point of sale hardware. They'll hack into payment processing systems to steal them in bulk. As it turns out, they don't even need to steal numbers. They can guess them in just six seconds, reported Forbes.
They don't need a lot of information to do it, either. Armed only with the first six digits of a Visa card (which are known numbers that identify the issuer), the remaining ten digits, the expiration, and the CVV code from the back of the card can be guessed faster than you can probably type all that data into a checkout screen on a website.
In a research paper entitled "Does The Online Card Payment Landscape Unwittingly Facilitate Fraud?" Newcastle University PhD candidate Mohammed Ali described what he calls a "distributed guessing attack." The attack leverages two features of Visa's authorization system that "on their own are not too severe," according to Ali. When properly exploited, however, he adds "they present a serious risk to the whole payment system."
The first problem is that the system does not track failed payment attempts across multiple websites. The second is that not all sites verify the same card information when authorizing a purchase. Armed with a piece of software they developed to see just how easy it was to exploit these weaknesses. In some cases, they were able to find a valid combination in as few as 10 guesses.
It's so easy and takes so little time, in fact, that The Independent believes that this may be how criminals pulled off the recent attack on Tesco Bank customers.
Even when more guesses are required, they're not hard to come by. With so many places online willing to process credit card transactions it's trivially easy to find yet another place to attempt an authorization.
show source http://www.forbes.com/sites/leemathews/2016/12/05/visa-numbers-are-frighteningly-easy-for-criminals-to-guess/#4b28347c1f94