Six seconds. According to researchers from Newcastle University, this is exactly how long it takes to remotely hack a bank card. NordVPN’s analysis of hacking techniques confirms how easy it is for cybercriminals to extort bank details using just a laptop.
The study was conducted on approximately 4 million bank cards hacked and sold for $10 on the dark web. It lists the 5 most commonly used methods. No one is safe from these attacks, sometimes it is better to prevent than to cure by implementing all possible security measures.
Among the methods used is the so-called “brute force” attack. A bit like a thief deciphering the lock of a safe. The hacker tries to guess the card number, expiration date, and CVV (card verification value) by testing several combinations. But what takes an infinite amount of time for our thief takes only six seconds for a computer that can make thousands of attempts per second. And even if some systems limit the number of attempts in a short time to avoid these kinds of attacks, there are ways around them. Because an online payment system that only allows a certain number of attempts from one site does not always detect multiple invalid payment requests from different sites. It is also not necessary to guess all the numbers, as some are easily predictable: the first 6 digits indicate the bank and card type, so they are the same for every card from the same provider. The 16th digit is just a check for errors when entering a number. Thus, it remains to guess only 9 numbers. In terms of validity, banks usually issue cards with a validity of 60 months: therefore, it takes a maximum of 60 attempts to guess the date.
The “brute force attack” method is most commonly seen in the NordVPN study, “for the simple reason that it does not require special skills or complex algorithms: it is just a guessing game that requires only certain resources: time, computing power and a certain type of software used by criminals.”
Visa cards are especially vulnerable
Of the 4 million cards sold on the dark web and analyzed by NordVPN, more than half are Visa cards (2.4 million), followed by MasterCard (1.6 million) and American Express. The difference in vulnerability is explained by the number of authorized card activation attempts: 30 to 40 for Visa cards, making them especially vulnerable, versus about ten for MasterCard and even fewer for American Express. According to a NordVPN spokesperson, “Ideally, all banks should use the American Express card method for all card types.”
There are other ways to guess your credit card number. SQL adoption is aimed at both individuals and businesses. Hackers manipulate databases by breaking into SQL (Structured Query Language) code to gain access to potentially sensitive information. Companies are ideal targets because their databases are gold mines for cybercriminals for the financial information they contain. For individuals, Daniel Markuson, cybersecurity expert at NordVPN, recommends “use one-time virtual cards” and “never save your bank details on merchant sites” to avoid finding your phone number on a card on the dark web. In general, it is always a good idea to check your accounts regularly and report any abnormal transactions immediately.
Cyber Shield: Government pledges €30M to protect SMEs and communities
Contactless payments also open the door to many hacks. In the absence of a secret code, “digital pickpockets” can easily hack into your card while it’s in your bag or intercept the air to access your data. Daniel Markuson recommends that users “place their card in a metal case that protects the magnetic tracks of a bank card.” “The user must take responsibility,” adds a NordVPN spokesperson. Contactless payment on the phone is more secure, as it requires payment confirmation (phone unlock, face or fingerprint recognition). NordVPN Approved Payment Processor: “With apps like Apple Pay or Google Pay, you can leave your bank card at home and avoid traffic scams with contactless payment.”
Another ploy, the “phishing” technique, aims to trick the Internet user into recovering their personal data by sending emails or SMS. Unfortunately, many users save their bank details in insecure files. Sending links that can infect a computer or smartphone open the way for scammers. Some cybercriminals do not hesitate to pose as banking advisors to extort credit card numbers. “No one is safe,” NordVPN’s expert warns, “beware of all the emails you receive.” The best way to protect yourself from it, he says, is to remain vigilant, install security software, and use strong encryption for files containing banking and sensitive data.
Finally, it is worth remembering that buying from an internet site is not without risk. Cybercriminals can exploit flaws in some merchant sites to obtain your bank details by using viruses that infect a computer, internet line or server.
Beware of this credit card scam when you exit Parisian shops.
Get our latest news every morning, main news CAPITAL.