Criminals Can Unravel Visa Security Codes With Ease, Study Shows

Many Bitcoin users have compared the digital currency to settlement networks like Visa. However, one important technical aspect which separates Bitcoin from the rest is security.

In early November, Tesco Bank suspended all user transactions after 20,000 clients lost an estimated $700 per account. A study published in the academic journal IEEE Security & Privacy, led by Newcastle University’s Mohammed Ali, revealed that an attack called “Distributed Guessing Attack” could have been used in the breach of Tesco Bank accounts.

Essentially, the Distributed Guessing Attack (DGA) is a method which allows hackers and criminals to gain access to Visa credit card numbers as well as their security codes within six seconds by a process of elimination.

Ali, the author of the study, stated that the process of elimination with credit card networks like Visa is made possible as they permit an unlimited number of guesses for each card data field.

Ali says:

“The unlimited guesses, when combined with the variations in the payment data fields make it frighteningly easy for attackers to generate all the card details one field at a time.”

“Each generated card field can be used in succession to generate the next field and so on. If the hits are spread across enough websites then a positive response to each question can be received within two seconds - just like any online payment,” adds Ali.

Vulnerability of credit cards

The first six digits of any credit card give out vital information to hackers: the identity of the credit card network, bank information and card type. With these three pieces of information, hackers can then use the DGA method to spend funds.

While Visa criticized the research of Ali, it did not deny the possibility of running DGA attacks on their line of credit cards.

“The research does not take into account the multiple layers of fraud prevention that exist within the payments system, each of which must be met in order to make a transaction possible in the real world,” Visa stated.

Financial service providers and credit card operators like Visa settles around $7 trillion in transactions per year, conducting over 100 bln transactions for their users. Considering the sheer size of the Visa network, it is concerning to discover that hackers can use simple methods such as the process of elimination to blindly guess credit card numbers and security codes to carry out transactions.

The Visa and Tesco Bank hacking attack demonstrated the importance of security once again, proving the necessity for trustless financial networks and systems.

Criminals Can Unravel Visa Security Codes With Ease, Study Shows

Vulnerability of credit cards

Related News

Blockchain Can Disrupt Higher Education Today, Global Labor Market Tomorrow

Bloktopia, a VR metaverse, partners with Animoca Brands, Jake Paul and Bitboy to give users access to crypto information

U.S. Consumer Study: Bitcoin More Secure Than Mobile Wallets, Checks

Visa Suspends WaveCrest Status, Stopping Some Crypto Credit Cards

Celsius Joins Major Cryptocurrency Firms Using Simplex’s Fiat Onramp

Payment Provider NetCents Readies Cryptocurrency Credit Card for Launch

Editor's choice

Bitcoin hits $60K for the first time since April after reports of imminent ETF approval

SEC likely to allow Bitcoin futures ETF to trade next week: Reports

ANZ bank settles debanking case with Aussie Bitcoin trader

ASIC targets pump and dump Telegram groups

Paris Hilton and Pranksy collections featured by Sotheby's new NFT platform

Editor's choice