Stay tuned with CashEssentials news ! - beyond payments
By subscribing, you accept our Privacy Policy.
×
×

Cardholders affected by a new kind of attack

January 12, 2017
Tesco bank customers attacked in November 2016 were most probably victim of the new hacking technique called the "Distributed Guessing Attack", a University of Newcastle study shows.
Communication Team / Equipo de Comunicación

A research study led by students from the University of Newcastle and published in IEEE Security & Privacy 2017 journal identified a new method used by hackers to steal credit and debit card data. The “Distributed Guessing Attack” consists of generating multiple variations of cards security data automatically – card number, expiry date and CVV code – and trying to use them on various online payment websites. Hackers are able to find a valid card number in about 6 seconds. Thereafter, it takes them at most 60 attempts to find the expiry date and 100 for the 3-digit secret code.

According to the study, the Visa network is the only one affected as the current system cannot detect multiple invalid payment requests if they are made on different websites simultaneously. As a consequence, hackers can make unlimited guesses until they find the right combination. Conversely, MasterCard uses a centralised network that detects the attack after less than 10 wrong attempts.

Investigators estimate that the attack against British bank Tesco that occurred last November might have been carried out using this fraudulent guessing method. About 9,000 customers have had their current bank accounts plundered, for a total value of £2.5 million.

To read the full report, please click here or download the report below.

Documents

Related