Study: Hackers Can Guess All Your Visa Card Numbers in 6 Seconds

What's Hot

How to Cut the Cable TV Cord in 2017Family

8 Major Freebies and Discounts You Get With Amazon PrimeSave

Study: People Who Curse Are More HonestFamily

8 Creative Ways to Clear ClutterAround The House

15 Things You Should Always Buy at a Dollar StoreMore

Pay $2 and Get Unlimited Wendy’s Frosty Treats in 2017Family

5 Reasons to Shop for a Home in DecemberFamily

This Free Software Brings Old Laptops Back to LifeMore

Should You Donate to Wreaths Across America? A Lesson in Charitable GivingAround The House

6 Reasons Why Savers Are Sexier Than SpendersCredit & Debt

Resolutions 2017: Save More Money Using 5 Simple TricksCredit & Debt

10 Free Things That Used to Cost MoneyAround The House

7 New Year’s Resolutions to Make With Your KidsFamily

10 Simple Money Moves to Make Before the New YearFamily

The 3 Golden Rules of Lending to Friends and FamilyBorrow

Researchers say your risk is highest this time of year. Find out how Visa responds to the report.

A new study has given us another reason to review credit card bills and bank statements closely.

Hackers can correctly guess every number on your debit or credit card — including the expiration date and security code — in as few as six seconds, according to researchers at Newcastle University in England.

While Visa has disputed the findings, the researchers say your risk is highest this time of year because many shoppers buy gifts online.

The vulnerabilities that enable hackers to correctly guess card numbers are particular to Visa cards, according to the study. The researchers conducted experiments involving MasterCard and Visa. They found MasterCard was not vulnerable in the same way.

Their findings were recently published in the journal IEEE Security & Privacy.

The Institute of Electrical and Electronics Engineers, or IEEE, is a nonprofit organization that describes itself as “the world’s largest technical professional organization dedicated to advancing technology for the benefit of humanity.”

The study found that hackers use a technique known as a “distributed guessing attack” to successfully guess your card numbers. This method involves using multiple websites that accept debit or credit card payments to make guesses.

Two weaknesses make this attack possible, according to lead study author Mohammed Aamir Ali, a doctoral student in Newcastle University’s School of Computing Science:

  1. Currently, the online payment system does not detect when multiple invalid payment requests — resulting from a hacker’s unsuccessful guesses — are distributed across different websites. This allows a hacker to make unlimited guesses for each of the three card data fields: card number, expiration date and security code.
  2. Different websites ask for different card data fields to validate online purchases. For example, some ask for all three fields, while others ask only for the card number and expiration date.

Ali says it’s the combination of these two weaknesses that makes it “frighteningly easy for attackers to generate all the card details one field at a time.”

Putting that another way, he concludes:

“So even starting with no details at all other than the first six digits — which tell you the bank and card type and so are the same for every card from a single provider — a hacker can obtain the three essential pieces of information to make an online purchase within as little as six seconds.”

Fortunately, the researchers note, simple steps like monitoring statements and balances regularly can help consumers guard against distributed guessing attacks.

Visa notes other safeguards in a statement provided to Money Talks News on Thursday:

“The research does not take into account the multiple layers of fraud prevention that exist within the payments system, each of which must be met in order to make a transaction possible in the real world. …

Visa also offers enhanced security using Verified by Visa (based on the 3DSecure standard) which offers improved security for e-commerce transactions. … Where a merchant chooses not to use Verified by Visa for a card not present transaction, they will assume the risk for fraud. …”

To learn about how Verified by Visa works, visit Visa’s consumer webpage on the topic. To learn about other safeguards Visa provides for cardholders, visit its “Security + support” page.

For more tips, check out “7 Ways to Guard Your Wallet — and Identity — When Shopping Online.”

What’s your reaction to this news? Share your thoughts below or on Facebook.

Stacy Johnson

It's not the usual blah, blah, blah

I know... every site you visit wants you to subscribe to their newsletter. But our news and advice is actually worth reading! For 25 years, I've been making people richer without making their eyes glaze over. You'll be glad you did. I guarantee it!


Read Next: 10 Tips to Get the Best Deals From Outlet Shopping

Check Out Our Hottest Deals!

We're always adding new deals and coupons that'll save you big bucks. See the deals to the right and hundreds more in our Deals section.

Click here to explore 1,774 more deals!