Most e-commerce sites automatically block credit cards whose corresponding expiry date and three-digit CVV have been incorrectly entered more than 10 times. This security precaution is supposed to prevent cybercriminals who’ve only accessed stolen credit card numbers from taking unlimited guesses at the correct numeric combination of the other two pieces of information.
But according to new research from Newcastle University, it takes just six seconds to complete a successful “distributing guessing” attack to crack Visa credit card details. What’s a distributed guessing attack, you ask?
Fraudsters can use this type of attack to evade security policies guarding credit card credentials by submitting countless payment request combinations to hundreds of e-commerce sites in unison. This process allows bypass those failed attempt limits and verify correct Visa credit card credentials in no time at all.
To find out what e-commerce sites can do about this type of attack and why Visa cards are vulnerable, while Master Card is immune, check out Distributed guessing attack lets hackers verify Visa card details on Network World.
For general tips on how to protect your personal information while online shopping this holiday season, click here.