Tuesday, December 6, 2016

Distributed Visa CVC Guessing

Juan Buis (via Andrew Abernathy):

According to research from the University of Newcastle, there’s a gaping hole in credit card security that makes it easy for hackers to retrieve sensitive information. The researchers discovered that if guesses for the card’s CVC number are spread out between a lot of different websites, the card’s security systems aren’t triggered and the owner isn’t notified that a fraudulent activity might be taking place. The video above shows it only takes six seconds for a specially designed toolkit to reveal a card’s secure code.


Only Visa cards are susceptible to the security flaw, as other card issuers like MasterCard track the hacker’s guessing efforts across different websites. The Visa ecosystem, however, isn’t setup to take actions on multiple websites into account.

Comments RSS · Twitter

Leave a Comment