Visa Hack in seconds: Computer, internet connection, and special software

To decrypt Visa credit card data, hackers only need a computer with an internet connection and special software to guess the sensitive numbers. For true experts, this security flaw combined with programs that can guess card numbers, expiration dates, or security codes is sufficient. But what does this mean for customers?

IT security experts at Newcastle University demonstrated how poorly secured Visa cards are, sparking a new discussion on credit card fraud. The term "Distributed Guessing Attack" is central to this discussion. Using this method, researchers managed to guess the correct card data of any card in just six seconds.

Hackers exploit several security loopholes to hack credit card data. Experts use special software to try different number combinations ten to twenty times on several e-commerce websites. Since different online shops often request different data, hackers can guess individual parts of the credit card data at the push of a button within seconds. Thus, attackers can piece together the correct data like a puzzle. The result is not a picturesque puzzle image of a landscape or pet but the sensitive data of numerous credit card users.

A simplified example: To guess the security code—the three-digit verification number always on the back of the credit card—one would need to test countless combinations. According to researchers at Newcastle University, the trick is to distribute these attempts across 1000 websites. This way, one gets the desired number in just a few seconds.

The question now arises how credit card users can protect themselves from fraud and data theft. According to Martin Emms, co-author of the IEEE Security & Privacy article, there is no one-size-fits-all solution for Visa customers and other credit card holders against current fraud methods. By following a few tips, you can limit the damage and prevent nasty surprises. For example, it is recommended to use only one credit card for online purchases. Additionally, the transaction limit should be kept low. Regularly checking the credit card statement is always advisable to monitor for suspicious charges.

A statement from the credit card company regarding the possible hack was quick to follow. Newcastle University’s research did not consider the multiple layers of fraud prevention that exist within the payment system. The company also points to the Verified by Visa security system, which makes all online transactions safer and prevents fraud. Critics argue that Verified by Visa has some issues, especially with privacy-optimized browser settings.