All it takes is six seconds to hack your credit card!
Happy with the amount you saved in the last online sale? Good, because recent research will give you second thoughts about shopping online. PhD student, Mohammed Ali, from Newcastle University, UK, along with four other members, wrote the paper How to crack a credit card in six seconds — proving that your worst nightmare of your bank account getting hacked, can indeed come true. Just six seconds though? “It takes two seconds for VISA to get back to us after we click on the checkout page and a normal debit card is valid for five years. The hacker creates fake websites, and needs just 60 attempts to get the expiry date right. He will distribute these attempts over various websites,” and before you know it, your account has been hacked.
The 26-year-old begins by telling us one of the flaws of the e-commerce industry. Essentially, there are three groups of websites as there are variations in the fields required like card number, expiry date, CVV and then OTP. “While some sites require OTP, others require only card number and expiry date - all for the sake of speeding up the process,” Ali points out. Couple this with the unlimited attempts websites offer to get the fields right, hackers can go to a website that requires only card number and expiry date, and get them right through trial and error. Then they use this information to proceed to the next group of websites, eventually hacking your card.
With a lot of hackers and phishing software constantly in the mix, things can get a little unsafe for the average online shopper when they’re chilling. But this is hardly the worst, “If the hacker gets hold of all your card details and attempts the OTP three times, your card will be blocked and then you, even as a valid customer, cannot use it,” says Ali. He tells us, “Sometimes we can’t differentiate between original and dubious websites. Amazon.org will look exactly like Amazon.in. Always check if you are on the correct website. Also, keep an eye on your bank statements. If you find anything fishy, inform the banks immediately,” advises Ali.