Image used with permission by copyright holderWe all know it’s important to be vigilant while shopping online, so that our information isn’t captured for illicit purposes. However, the user’s due diligence is worthless if the retail platform itself has a security flaw — and new research suggests there might be a glaring issue with the way online stores take payment information.
A group of researchers from Newcastle University in the United Kingdom has published a paper that suggests online criminals can use online payment systems from a variety of different sites to figure out a target’s banking information by “brute force.” The researchers suggest that this methodology may have been used to facilitate last month’s attack on Tesco Bank customers.
Recommended Videos
Typically, a website will only allow a user 10 or 20 guesses at any individual field on a payment form, which is enough to prevent attackers from guessing a 16-digit account number. However, different retailers use different systems, meaning that a criminal could cross-reference data from several sites to find out that information, without ever exceeding the number of guesses that would prompt detection.
Related
This Mac malware can steal your credit card data in seconds New malware can steal your credit card details — and it’s spreading fast Visa says magstripe credit cards are at risk of data theft if used at gas pumps
MasterCard is apparently immune to this kind of attack, because the company detects guesses even when they’re carried out across different websites, according a to a report from security expert Bruce Schneier. However, Visa does not implement the same system.
It’s thought that criminals only need the first six digits of a card number to facilitate this kind of attack — which is worrying, given that those numbers only refer to the bank and card type. With this information in hand, the card’s full number, its expiration date, and its CCV code can apparently be learned in as little as six seconds, giving the culprit everything needed to make fraudulent online purchases.
zpostcode
Recruit
weather
mreligion
Yellowpages
sport
constellation
shopping
name
game
directory
literature
Word
tour
furnish
Lottery
tftnews
lyrics
News
digital
car
dir
Edu
Finance
