A research team from Newcastle University in the UK discovered a method to hack credit cards, including dates and security codes, in as little as six seconds.
The method uses a “Distributed Guessing Attack” in which online payment websites are used to guess the data and the reply to the transaction will confirm whether or not the data was correct, according to a 2 December press release.
Researchers were able to use this technique work out card numbers, expiry dates and security codes of any Visa credit or debit card because current online payment system don’t detect multiple invalid payment requests from different websites. Subsequently, the researchers were able to try an unlimited amount of guesses on each card data field, using up to the allowed number of attempts – between 10 and 20 guesses – on each website.
“This sort of attack exploits two weaknesses that on their own are not too severe but when used together, present a serious risk to the whole payment system,” PhD student Mohammed Ali said in the release.
Ali went on to say that the attack allows for criminals to gather the card information one field at a time and that unless all merchants ask for the same information then it’s easy for an attacker to piece the information together like a jigsaw.
This article originally appeared at scmagazineuk.com