02 Dec 2016
A team of academics claims an unsophisticated type of cyber attack that exploits “flaws” in the Visa card payment system was probably used to defraud Tesco Bank customers of £2.5m last month.
In an academic paper, the team at Newcastle University claimed that working out the card number, expiry date and security code of any Visa credit or debit card could take a criminal “as little as six seconds” and involved nothing more than guesswork.
They said the so-called “distributed guessing attack” method they had identified was able to circumvent all the security features put in place to protect online payments from fraud, and exploited vulnerabilities at Visa – which has more than 500m cards in circulation in Europe alone – and hundreds of the world’s biggest and most popular retail websites. Some sites have changed their online security settings in response to the findings.
Visa said the research did not take into account the multiple layers of fraud prevention that exists within the payments system, “each of which must be met in order to make a transaction possible in the real world”.
Count this content towards your CPD minutes, by signing up to our CPD WalletFREE CPD Wallet