The research revealed that if guesses for the card’s CVC number are spread out between a lot of different websites, the card’s security systems are not triggered and the owner is not notified that a fraudulent activity might be taking place. Furthermore, it only takes six seconds for a specially designed toolkit to reveal a card’s secure code.
By building up data gathered from guesses on different websites, the software is able to quickly compile information like the card’s expiry date, the holder’s address or postal code and CVC.
Visa cards are mainly susceptibleto this security flaw, as other card issuers like MasterCard track the hacker’s guessing efforts across different websites, according to The Next Web. The Visa ecosystem, however, is not setup to take actions on multiple websites into account.
Before publishing their findings, the researchers informed Visa, but the company unfortunately didn’t seem to take the findings too seriously, the online publication continued. The company’s response to the research was that the study “does not take into account the multiple layers of fraud prevention that exist within the payments system, each of which must be met in order to make a transaction possible in the real world.”
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now