Credit cards are the most common method of making payments online. It’s pretty easy to make a payment using a card, you just need to punch in the number, the expiry and the secure code on the back. Card safety issues still persist even though there has been a lot of progress in making online payments secure. A team of researchers has shown that Visa credit card details can get stolen in under six seconds.
Researchers from the University of Newcastle found that if guesses for a Visa card’s security code are spread out between different websites, the card’s security protocols are not triggered and neither the bank nor the card owner is notified of any potentially fraudulent activity taking place.
The video posted above shows that it only takes under six seconds for a special toolkit to crack a Visa card’s security code. The toolkit relies on data gathered from guesses on different websites and it’s then able to compile relevant information like the card holder’s address or postal code and the card’s expiry date.
This technique has been blamed for the incident earlier this year which saw more than 20,000 Tesco Bank accounts being drained of their money without the account holders finding out. The researchers mention that this flaw only works with Visa cards as MasterCard tracks security code guesses across websites.
The team did reach out to Visa with this information but apparently it didn’t take them too seriously. In a statement provided to The Independent, Visa says that “the research does not take into account the multiple layers of fraud prevention that exist within the payments system, each of which must be met in order to make a transaction possible in the real world.”