The University of Newcastle has conducted research to prove that there is a big hole in credit card security that makes it hackable and puts sensitive information in jeopardy.
According to the research, if guesses for the card's CVC number are spread out between several websites, the security systems for the card will not be triggered and the owner will not be notified that a fraudulent activity might be taking place.
By building up data gathered from simple guesses made on different websites, the software made by the University of New Castle was able to compile the information that is needed to make online transactions, such as the card's expiry date, the card owner's address or postal code and even the CVC. This technique is rumored to have been used in an incident earlier this month that involved 20,000 Tesco Bank accounts drained of their money.
However, at the moment, only Visa cards are susceptible to this security flaw, as other card issuers such as MasterCard, are able to track hacker's guessing efforts across different websites.
The University of Newcastle notified Visa before publishing their findings in a paper published in IEEE Security & Privacy 2017, unfortunately, the people at Visa did not to take the findings too seriously, citing that "the research does not take into account the multiple layers of fraud prevention that exist within the payments system, each of which must be met in order to make a transaction possible in the real world," the Independent reported.
Credit cards are one of the old technology that is still being used widely in the modern world. The world is slowly moving towards a cardless society. There are frontrunners such as Apple Pay and Android Wallet but they are not available globally yet and it would seemingly take some time before the technology becomes available to everyone.
As long as our society continues to rely on the credit card system, it is likely that there will still be efforts at security breaches like the one at Tesco Bank.