Buyers beware: online payments are not nearly as secure as they make themselves out to be.
Now that it is the holiday season, online shopping is booming. However, buyers are more susceptible to identity fraud and theft nowadays than ever before because credit card companies lack web security and fraud protection.
Researchers from Newcastle University and the University of Kent, England, studied over 400 top-rated sites — think Google, PayPal, Amazon, and iTunes — and utilized an automatic bot that cycled through the payment data fields on each site. Their goal was to find if there were any inconsistencies across the board, and their data was shocking.
According to their findings, published in IEEE Security and Privacy, there are two major security problems with online payment systems. The first is that many websites allow unlimited attempts at entering the correct information, and the second is the lack of consistency with the information needed to make online purchases.
Both make it easier for hackers to access confidential information, but how? For professional hackers, it is simple.
A hacker would start with a credit card number that had already been breached before, and these numbers show up on a criminal list that the hacker can access quite easily. What’s even scarier is that the researchers were able to develop a bot that can determine a credit card number within six seconds.
The hacker can then enter the credit card number an unlimited amount of times until they determine its expiration date. Once that’s determined, they can use a bot to help them figure out the CVV2 number, the three-digit number on the back of the card.
When a hacker has these numbers, they are able to access not only your finances but your confidential information attached to the card.
However, it is important to note that this system only works with Visa Credit Cards, which allow an unlimited amount of attempts. MasterCards, on the other hand, automatically shut down after 100 tries.
For additional protection, financial experts recommend regularly monitoring bank accounts, shopping vigilantly, paying in cash, and shredding credit card statements after 45 days.