Photo: stevepb/Pixabay

This tool can crack credit card numbers in just 6 seconds

Bradley Wint
By - Founder/Executive Editor
Dec 12, 2016 10:23pm AST
Photo: stevepb/Pixabay
Get the latest news stories of the day delivered to your inbox

If you didn’t know by now, credit card numbers are actually based on a mathematical equation. Many websites can validate a credit card number using the The Luhn or mod 10 algorithm.

Researchers have come up with a program that uses this formula to generate hundreds of permutations along with bank location details, expiry dates, and CVV numbers. The numbers are then plugged into various e-commerce websites to validate the authenticity of the card numbers.

The program could then be used to guess CVV numbers, expiry dates, ZIP codes, and even street locations, which could then be used to make illegal purchases.

Fundamentally, much of the problem with card payment stems from the fact that the identity of the payer needs to be established in the ‘card-not-present’ mode. This is inherently problematic since it is at odds with the original use of cards (where the card and cardholder are present at the moment of purchase). It also implies that, for instance, Chip-and-PIN is not available to establish the identity of the payer. This is exacerbated by the fact that the Internet facilitates distribution of guesses for data fields over many merchant sites.

Luckily for Mastercard holders, this brute force method MAY not be effective as the credit card would be instantly frozen if unsuccessfully queried more than 100 times. Unfortunately VISA card holders do not enjoy this privilege and stand a higher chance of being found out.

Unfortunately, the issue does not seem easily correctable as the researchers suggest that online payment gateways be standardized and centralized to mitigate the risk of card brute force attempts.

To prevent the attack, either standardisation or centralisation can be pursued (some card payment networks already provide this). Standardisation would imply that all merchants need to offer the same payment interface, that is, the same number of fields. Then the attack does not scale anymore. Centralisation can be achieved by payment gateways or card payment networks possessing a full view over all payment attempts associated with its network. Neither standardisation nor centralisation naturally fit the flexibility and freedom of choice one associates with the Internet or successful commercial activity, but they will provide the required protection. It is up to the various stakeholders to determine the case for and timing of such solutions.

Here is the program in action.

Have your say

Leave a Reply

Your email address will not be published. Required fields are marked *

Read more

Don’t waste your time trying to be a full time YouTuber. 96% make less than 12k a year

Social Media - With internet stars like PewDiePie, Logan Paul, Casey Neistat, and Mo Vlogs making a decent living from YouTube, more and…

By - Mar 11, 2018 8:04pm AST

Lab-grown meat could be on our dinner menus by the end of 2018

Featured - Lab-grown meat could eventually make its way to our restaurant tables and grocery stores sooner than we think. Lab-grown meat…

By - Mar 4, 2018 11:42pm AST

iPhone X beats Samsung Galaxy S9 in most benchmark tests

Mobile - With the announcement of the new Galaxy S9 and S9+, PhoneArena was able to run a few benchmarks to see…

By - Mar 1, 2018 11:45pm AST

California to allow driverless cars without a driver behind the wheel

Transportation - It’s official. The California Department of Motor Vehicles (DMV) announced that it has amended the “Testing of Autonomous Vehicles” Act…

By - Mar 1, 2018 5:46am AST

Apple set to release three new iPhones this year, one for every budget

Mobile - Even though the iPhone X notch seems to be the butt of every mobile phone joke, there’s no doubt that…

By - Feb 27, 2018 12:08am AST

Samsung unveils Galaxy S9 and S9+

Featured - The day is finally here. At this point it’s safe to say we knew at least 90% of what to…

By - Feb 25, 2018 2:20pm AST

Xbox One keyboard and mouse support will remain; up to game devs to implement it

Gaming - Microsoft Xbox’s division currently does not offer out-of-the-box support for keyboard and mouse devices for its Xbox One units, but…

By - Feb 21, 2018 11:22pm AST

Samsung unveils world’s largest SSD drive with 30TB in just 2.5-inch storage device

Hardware - Samsung has announced the world’s largest production SSD drive to date with a storage capacity of 30.72 terabytes jammed into…

By - Feb 20, 2018 11:57pm AST

FBI director advises against using Huawei and ZTE phones

Featured - FBI director Christopher Wray announced earlier this week that he is “deeply concerned” about the threat that two Chinese mobile…

By - Feb 19, 2018 12:03am AST

Why did Florida school shooting Google Search results pre-date incident?

Web - On February 14, 2018, 14 students and 3 staff members were killed by Nikolas Cruz at the Marjory Stoneman Douglas High…

By - Feb 18, 2018 2:24am AST