Your Visa card may not be as secure as you might think.
In the video below, the researchers use a tool that tries to guess the CVV—that short number on the back of your card—across multiple websites, allowing it to quickly acquire the correct CVV for a particular card. By spreading the guesses across many different websites, Visa’s security system fails to trigger an alert that would otherwise block this type of fraud attempt.
The technique in the video only works on Visa cards, according to the researchers, because of the way its security system works. However, Visa downplayed the researchers’ findings, telling the Independent that it fails to consider “the multiple layers of fraud prevention that exist within the payments system, each of which must be met in order to make a transaction possible in the real world.”
Regardless, this particular technique appears to have been used in the real-world attack on Tesco Bank, in which 20,000 customers had money stolen from their accounts.
Of course, everything is hackable, and other credit card providers may be equally vulnerable to other types of attacks. If you do shop online, it’s best to use only one credit card—not a debit card, which is linked to your cash—for purchases, and to closely monitor activity on that card so you can catch fraud as soon as it happens.
H/T Next Web