‘Brute force’ allows hackers access in 6 seconds
A serious threat that haunts every consumer who uses online mode for payment, is their hard earned money being stolen by unknown and untraceable sources. This usually happens if the gateway database that is in sync with the user’s card (banks) is not secure. A hacker can easily hack into the debit or credit card within 6 seconds. Hackers have programs that systematically test millions of possible passwords.
Disturbed Guessing Attack
The ‘Disturbed Guessing Attack’ mode of hacking, as the name suggests is when the hacker makes multiple guesses. Neither the network, nor the banks are able to detect attackers making multiple, invalid attempts to get payment card data. The current online payment system does not detect multiple invalid payment requests from different websites. This allows unlimited guesses on each card data field, typically 10 or 20 guesses on each website.
The combination of unlimited guesses and variation in the payment data fields, makes it easy for attackers to hack all the card details. Each generated card field can be used in succession to generate the next field and so on. The hacker can start with just the first six digits of the bank and card type, to obtain essential pieces of information. These include card number, expiry date and security code to make an online purchase, with this information within as little as six seconds they could hack all the details. ‘Guessing attack ‘ method could have been used in the recent Tesco cyber-attack where the hackers defrauded customers of 2.5 million pounds.
Brute Forcing
Unlike Visa cards, MasterCard’s centralized network was able to detect the guessing attack after less than 10 attempts even when those payments were distributed across multiple networks. The black market sells the dupe cards by millions for 10$ a card.
NordVPN – the world’s most advanced VPN service provider, analyzed 4 million cards from 140 countries to find that the most common method to hack a payment card is ‘Brute Forcing’. This type of attack is incredibly quick and can be executed in a matter of seconds. Criminals try to guess the card number and CVV.
The first 6-8 numbers are the card issuer’s ID number. That leaves hackers with 7-9 numbers to guess because the 16th digit is a checksum and is used only to determine whether any mistakes were made when entering the number. The Hacker uses a rapid trial-and-error approach to guess the correct password, PIN, or in this case payment card number. It doesn’t require a lot of brainpower or complex algorithms.
Protect Yourself
Are there any ways to protect yourself from phishing and hacking? There is very little that users can do, other than abstain from using online payment modes and cards altogether. Since the practicality of that is minimal, the next best thing to do to minimize the chances of hacking are for the card-holders to use just one card for online payments and keep separate bank accounts, while keeping the spending limit of the online card account as low as possible.