Hacking a card takes six seconds
Researchers estimate that an average payment card can be cracked in just six seconds.
A study released by NordVPN analysing four million payment cards from 140 countries finds that the most common method to hack a payment card is brute forcing. This type of attack is incredibly quick and can be executed in a matter of seconds.
The only way such a huge number of payment cards could appear on the dark web is through brute forcing. That means that criminals basically try to guess the card number and CVV. The first six to eight numbers are the card issuer’s ID number.
That leaves hackers with seven to nine numbers to guess because the 16th digit is a checksum and is used only to determine whether any mistakes were made when entering the number. Using a computer, an attack like this can take only six seconds.
How do brute-force attacks work?
A hacker uses a rapid trial-and-error approach to guess the correct password, PIN, or in this case payment card number. However, the attack does require some resources – time, computing power, and a special type of software used by criminals.
To guess the nine digits that are needed to have a full card number, a computer has to go through a billion combinations. And it will only take one minute for a typical computer, which can try around 25 billion combinations per hour.
However, depending on the card issuer, a criminal may need only seven digits to make a correct guess. In this case, six seconds would be enough.
Can you do anything to protect yourself?
There is little users can do to protect themselves from this threat, short of abstaining from card use entirely. The most important thing is to stay vigilant.
Review your monthly statement for suspicious activity and respond quickly and seriously to any notifications from your bank that your card may have been used in an unauthorised manner.
Another recommendation is to have a separate bank account for different purposes and only keep small amounts of money in the one your payment cards are connected to. Some banks also offer temporary virtual cards you can use while shopping online.