LONDON (dpa-AFX) - Working out the card number, expiry date and security code of any Visa credit or debit card can take as little as six seconds and uses nothing more than guesswork, new research has shown.
Research published in the academic journal IEEE Security & Privacy, shows how the so-called Distributed Guessing Attack is able to circumvent all the security features put in place to protect online payments from fraud.
Exposing the flaws in the VISA payment system, the team from Newcastle University, UK, found neither the network nor the banks were able to detect attackers making multiple, invalid attempts to get payment card data.
By automatically and systematically generating different variations of the cards security data and firing it at multiple websites, within seconds hackers are able to get a 'hit' and verify all the necessary security data.
Investigators believe this guessing attack method is likely to have been used in the recent Tesco cyberattack which defrauded customers of £2.5m and which the Newcastle team describe as 'frighteningly easy if you have a laptop and an internet connection.'
And they say the risk is greatest at this time of year when millions are purchasing Christmas presents online.
Copyright RTT News/dpa-AFX