Skip to main content
  1. Home
  2. Computing
  3. News

Researchers identify ‘brute force’ method of stealing credit card information

By

A hand on a laptop in a dark surrounding.
Image used with permission by copyright holder
We all know it’s important to be vigilant while shopping online, so that our information isn’t captured for illicit purposes. However, the user’s due diligence is worthless if the retail platform itself has a security flaw — and new research suggests there might be a glaring issue with the way online stores take payment information.

A group of researchers from Newcastle University in the United Kingdom has published a paper that suggests online criminals can use online payment systems from a variety of different sites to figure out a target’s banking information by “brute force.” The researchers suggest that this methodology may have been used to facilitate last month’s attack on Tesco Bank customers.

Recommended Videos

Typically, a website will only allow a user 10 or 20 guesses at any individual field on a payment form, which is enough to prevent attackers from guessing a 16-digit account number. However, different retailers use different systems, meaning that a criminal could cross-reference data from several sites to find out that information, without ever exceeding the number of guesses that would prompt detection.

Please enable Javascript to view this content

MasterCard is apparently immune to this kind of attack, because the company detects guesses even when they’re carried out across different websites, according a to a report from security expert Bruce Schneier. However, Visa does not implement the same system.

Related

It’s thought that criminals only need the first six digits of a card number to facilitate this kind of attack — which is worrying, given that those numbers only refer to the bank and card type. With this information in hand, the card’s full number, its expiration date, and its CCV code can apparently be learned in as little as six seconds, giving the culprit everything needed to make fraudulent online purchases.

Editors’ Recommendations

Topics
Brad Jones
Brad Jones
Former Digital Trends Contributor
Brad is an English-born writer currently splitting his time between Edinburgh and Pennsylvania. You can find him on Twitter…
You’ll never guess what Google’s ‘biggest focus’ will be in 2025
Sundar Pichai stands in front of a screen showing the Google logo.

Google plans to prioritize scaling its Gemini AI for consumers in the new year, CEO Sundar Pichai told employees during a strategy meeting held earlier this month. The company is facing increased competition from rivals like Perplexity and OpenAI as emerging AI technologies reinvent web search. The company has come under added scrutiny from federal regulators as well this year.

“I think 2025 will be critical,” Pichai remarked to employees assembled at Google’s headquarters in Mountain View, California, as well as those attending virtually. “I think it’s really important we internalize the urgency of this moment, and need to move faster as a company. The stakes are high. These are disruptive moments. In 2025, we need to be relentlessly focused on unlocking the benefits of this technology and solve real user problems.”

Read more
LG’s new Gram Pro finally looks like a serious MacBook Pro rival
An LG Gram laptop on a table.

Just ahead of CES, LG has announced a refresh to its Gram Pro lineup, as well as launched a budget-friendly Gram Book. The tweaked Gram Pro laptops are the most exciting, though, with the the LG Gram Pro 17 catching my eye.

First off, it's been thinned out a bit, dropping down to 0.62 inches thick, which is almost the same thickness as the 16-inch MacBook Pro. The LG Gram Pro 17 is also a full pound and a half lighter than the MacBook Pro, both of which are striving to be one of the best laptops you can buy.

Read more
Nvidia’s new GPUs show up in prebuilts, but the RTX 5090 is missing
iBUYPOWER RTX for AI PCs side view of pre-built on sale hero

Nvidia's upcoming RTX 5080 and RTX 5070 Ti just appeared in several iBUYPOWER gaming PCs. This is the first U.S. retailer to list Nvidia's RTX 50-series in prebuilt systems. The listings are interesting, with performance figures that really don't add up. Still, the biggest question is: Where's the GPU that's bound to beat all the current best graphics cards? Yes, we're talking about RTX 5090.

The listings have already been taken down, but they were preserved by VideoCardz. A total of five systems were listed by iBUYPOWER, but they all contained the same two GPUs -- either the RTX 5080 or the RTX 5070 Ti. Both cards are said to come with 16GB of memory, and we expect them to be announced on January 6 during the CES 2025 keynote held by Nvidia's CEO, Jensen Huang.

Read more