EVGA

Hackers are brute-force guessing payment card numbers, and there's nothing you can do

Author
Flint 1760
CLASSIFIED ULTRA Member
  • Total Posts : 6915
  • Reward points : 0
  • Joined: 2009/04/26 15:44:26
  • Status: offline
  • Ribbons : 31
2021/12/03 08:12:34 (permalink)
TechSpot - Hackers are brute-force guessing payment card numbers, and there's nothing you can do about it
 
“Facepalm: Criminals have several ways of getting their hands on credit and debit card information, but one attack method is particularly alarming as victims are virtually defenseless. Even if you do everything by the book and adhere to all safety precautions, there's still a chance that someone could outright guess your account details using brute force.
 
NordVPN recently partnered with independent cybersecurity researchers to analyze a database of nearly 4.5 million payment cards for sale on the dark web.
 
The VPN service provider found that the majority of cards – 1,561,739, to be exact – were from the US. In this region, Visa cards were the most common, followed by Mastercard and American Express. Worse yet, the average cost to buy the details of a US-based card was just $5.81.
 
Globally, debit cards were more common on the dark web than credit cards in the data the researchers surveyed. According to NordVPN, this is because hacked debit cards tend to have fewer protections in place to protect victims compared to credit cards.
 
Arguably even more alarming is how hackers are obtaining card details. Database breaches are still a viable route, but hackers are now able to brute force – or guess – payment card details. NordVPN notes that most systems limit the number of guesses that can be made in a short period of time, but adds that savvy hackers can get around this.
 
Most major payment cards have 16 digits, which may seem pretty secure length-wise. What you may not know is that there are standards for account numbers, and several digits on your card are identifiers that aren’t unique to your individual account. This means hackers have even fewer numbers they need to guess to find a “winning” combination.
 
Unfortunately, there’s not a whole lot consumers can do to protect themselves from a brute-force attack like this short of abstaining from card use entirely. NordVPN says your best line of defense is to remain vigilant and check your monthly statement for suspicious activity.”
 
My thoughts:  As always, payment (credit and debit) card fraud is expensive.  The US accounted for $266M in 2020 and worldwide the total was $28.65B in 2019.
 
Of course, we, the consumers, pay the bill for this.


#1

12 Replies Related Threads

    Cool GTX
    EVGA Forum Moderator
    • Total Posts : 27314
    • Reward points : 0
    • Joined: 2010/12/12 14:22:25
    • Location: Folding for the Greater Good
    • Status: offline
    • Ribbons : 119
    Re: Hackers are brute-force guessing payment card numbers, and there's nothing you can do 2021/12/03 08:59:18 (permalink)
    (excerpt)
    "best line of defense is to remain vigilant and check your monthly statement for suspicious activity.” 
     
    Best defense is active monitoring & requiring your approval by Text for any transactions

    RTX Project EVGA X99 FTWK 2xEVGA2080Ti EVGA1200P2  Nibbler EVGA X99 Classified 3-GPU Water cooled 1600P2 AIO Folding  X99 2x1080Ti FTW3 Hybrid, 1200P Thank you for your support I am a Volunteer Moderator - not an EVGA employee
    #2
    Qjimbo
    New Member
    • Total Posts : 12
    • Reward points : 0
    • Joined: 2021/11/30 11:50:28
    • Status: offline
    • Ribbons : 0
    Re: Hackers are brute-force guessing payment card numbers, and there's nothing you can do 2021/12/03 09:51:17 (permalink)
    I had a BIN attack like this happen multiple times on one of my credit cards, first time was a fraudulent charge that went though, then they got the number but not the expiry date so it showed up as "declined" on my online banking. Had to cancel the card and get a new one each time, pretty irritating. Thankfully the card company now sends texts for anything unusual.
    #3
    donta1979
    Primarch
    • Total Posts : 15079
    • Reward points : 0
    • Joined: 2007/02/11 19:27:15
    • Location: In the land of Florida Man!
    • Status: offline
    • Ribbons : 66
    Re: Hackers are brute-force guessing payment card numbers, and there's nothing you can do 2021/12/10 11:04:58 (permalink)
    Check your bank account daily, is about all you can do. Sadly this kind of shenanigans is why I like cash and is what will force things like chips on cards to be used at all times maybe even at your computer, to even biometrics to become more popular is the sad truth...

     
    Heatware   My Old School Drivers Updating/Installing Guide 
    My Affiliate Code: 1YXDGWSWU7 
    Associate Code: ZHHBRVZYGOXUIIZ

    Retired from the AAA Industry at 40 Living the Dream or at least trying to. Haha
    USAF, USANG, US ARMY Combat Veteran

    #4
    rjohnson11
    EVGA Forum Moderator
    • Total Posts : 88504
    • Reward points : 0
    • Joined: 2004/10/05 12:44:35
    • Location: Belgium
    • Status: offline
    • Ribbons : 76
    Re: Hackers are brute-force guessing payment card numbers, and there's nothing you can do 2021/12/10 13:40:14 (permalink)
    I agree with Donta1979. Check your accounts as often as possible. 

    AMD Ryzen 9 5950X,  Corsair Mp600 Pro M.2, 128GB DDR4  Crosshair VIII Hero, RX 6900 XT Associate Code: H5U80QBH6BH0AXF. I am NOT an employee of EVGA

    #5
    XrayMan
    EVGA Forum Moderator
    • Total Posts : 70982
    • Reward points : 0
    • Joined: 2006/12/14 22:10:06
    • Location: Santa Clarita, Ca.
    • Status: offline
    • Ribbons : 111
    Re: Hackers are brute-force guessing payment card numbers, and there's nothing you can do 2021/12/10 20:01:55 (permalink)
     
    Can never be too safe.

                My Affiliate Code: 8WEQVXMCJL
     
            Associate Code: VHKH33QN4W77V6A
     
                 
     
     
                      
     
     
     
              
     
       
     
               
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     



     
     
     
     
     
     &nbsp
    #6
    Beowulfcav
    New Member
    • Total Posts : 30
    • Reward points : 0
    • Joined: 2021/11/24 11:26:58
    • Status: offline
    • Ribbons : 0
    Re: Hackers are brute-force guessing payment card numbers, and there's nothing you can do 2021/12/17 18:46:30 (permalink)
    Imagine when quantum computing becomes a thing, how would they stop brute forcing then? 
    #7
    ty_ger07
    Insert Custom Title Here
    • Total Posts : 19251
    • Reward points : 0
    • Joined: 2008/04/10 23:48:15
    • Location: traveler
    • Status: online
    • Ribbons : 231
    Re: Hackers are brute-force guessing payment card numbers, and there's nothing you can do 2021/12/17 20:06:40 (permalink)
    Beowulfcav
    Imagine when quantum computing becomes a thing, how would they stop brute forcing then? 

    That's the thing...
    If a true quantum computer is ever made, Shor's algorithm will break all of our existing encryption wide open. Until new ways to encrypt and validate data were discovered, a true quantum computer running Shor's algorithm would be a weapon of mass destruction and would become highly regulated; either by agreement or by force.
    If Shor's algorithm running on a true quantum computer breaks encryption, they won't need to guess card numbers. They could log into any account of anyone's and do whatever they wanted, directly.
    post edited by ty_ger07 - 2021/12/17 20:10:27

    ASRock Z77 • Intel Core i7 3770K • EVGA GTX 1080 • Samsung 850 Pro • Seasonic PRIME 600W Titanium
    My EVGA Score: 1397 • All from Blue Ribbons • Zero Associates Points • I don't shill
    #8
    rjohnson11
    EVGA Forum Moderator
    • Total Posts : 88504
    • Reward points : 0
    • Joined: 2004/10/05 12:44:35
    • Location: Belgium
    • Status: offline
    • Ribbons : 76
    Re: Hackers are brute-force guessing payment card numbers, and there's nothing you can do 2021/12/18 00:04:21 (permalink)
    ty_ger07
    Beowulfcav
    Imagine when quantum computing becomes a thing, how would they stop brute forcing then? 

    That's the thing...
    If a true quantum computer is ever made, Shor's algorithm will break all of our existing encryption wide open. Until new ways to encrypt and validate data were discovered, a true quantum computer running Shor's algorithm would be a weapon of mass destruction and would become highly regulated; either by agreement or by force.
    If Shor's algorithm running on a true quantum computer breaks encryption, they won't need to guess card numbers. They could log into any account of anyone's and do whatever they wanted, directly.

    Banks are changing encryption methods quite regularly

    AMD Ryzen 9 5950X,  Corsair Mp600 Pro M.2, 128GB DDR4  Crosshair VIII Hero, RX 6900 XT Associate Code: H5U80QBH6BH0AXF. I am NOT an employee of EVGA

    #9
    Hoggle
    EVGA Forum Moderator
    • Total Posts : 7974
    • Reward points : 0
    • Joined: 2003/10/13 22:10:45
    • Location: Eugene, OR
    • Status: offline
    • Ribbons : 4
    Re: Hackers are brute-force guessing payment card numbers, and there's nothing you can do 2021/12/18 02:43:59 (permalink)
    Cool GTX
    (excerpt)
    "best line of defense is to remain vigilant and check your monthly statement for suspicious activity.” 
     
    Best defense is active monitoring & requiring your approval by Text for any transactions




    I would agree about the texts but it would also be annoying to stop for gas and have to pull out a phone to accept the transaction every time you fill up or get a cup of coffee. Then if they put a limit before the text is sent then hackers figure the limit out and bypass it by spending slightly less then it.
     
    As for banks I think if we ever get a quantum computer working the government would work with banks for a secure encryption. The biggest target would be non-government backed like crypto that would be the biggest target. Billions could just be stolen or sealed off from access.

    Use an Associates Code & SAVE 5% - 10% on your purchase. Just click on the associates banner to save, or enter the associates code at checkout on your next purchase. If you choose to use my code I want to personally say "Thank You" for using it. 
     
     
    #10
    ty_ger07
    Insert Custom Title Here
    • Total Posts : 19251
    • Reward points : 0
    • Joined: 2008/04/10 23:48:15
    • Location: traveler
    • Status: online
    • Ribbons : 231
    Re: Hackers are brute-force guessing payment card numbers, and there's nothing you can do 2021/12/18 06:15:26 (permalink)
    rjohnson11
    ty_ger07
    Beowulfcav
    Imagine when quantum computing becomes a thing, how would they stop brute forcing then? 

    That's the thing...
    If a true quantum computer is ever made, Shor's algorithm will break all of our existing encryption wide open. Until new ways to encrypt and validate data were discovered, a true quantum computer running Shor's algorithm would be a weapon of mass destruction and would become highly regulated; either by agreement or by force.
    If Shor's algorithm running on a true quantum computer breaks encryption, they won't need to guess card numbers. They could log into any account of anyone's and do whatever they wanted, directly.

    Banks are changing encryption methods quite regularly

    Everything we have is based on factoring prime numbers. They aren't changing away from that. We don't know anything better at the moment. All they are changing is how they do it and the size of the numbers they use; the underlying way encryption is performed and the way the internet works would need a revolutionary change.

    Hoggle
    As for banks I think if we ever get a quantum computer working the government would work with banks for a secure encryption. The biggest target would be non-government backed like crypto that would be the biggest target. Billions could just be stolen or sealed off from access.

    You're crazy. The biggest target would be the internet as a whole. Every httpS:// transaction we perform is protected by math which would be blown wide open. I don't think they would limit themselves to just cryptocurrency. Breaking every website, every account, every email, and knowing everything about everyone is way more valuable to a lot more people.
    post edited by ty_ger07 - 2021/12/18 06:29:17

    ASRock Z77 • Intel Core i7 3770K • EVGA GTX 1080 • Samsung 850 Pro • Seasonic PRIME 600W Titanium
    My EVGA Score: 1397 • All from Blue Ribbons • Zero Associates Points • I don't shill
    #11
    transdogmifier
    CLASSIFIED ULTRA Member
    • Total Posts : 5596
    • Reward points : 0
    • Joined: 2003/09/05 14:26:21
    • Location: Orlando, Fl
    • Status: offline
    • Ribbons : 14
    Re: Hackers are brute-force guessing payment card numbers, and there's nothing you can do 2021/12/18 11:49:30 (permalink)
    ty_ger07
    Hoggle
    As for banks I think if we ever get a quantum computer working the government would work with banks for a secure encryption. The biggest target would be non-government backed like crypto that would be the biggest target. Billions could just be stolen or sealed off from access.

    You're crazy. The biggest target would be the internet as a whole. Every httpS:// transaction we perform is protected by math which would be blown wide open. I don't think they would limit themselves to just cryptocurrency. Breaking every website, every account, every email, and knowing everything about everyone is way more valuable to a lot more people.




    I agree with this. I don't want the government doing anything of the sort.
     

    AMD Ryzen 5950x
    Coolermaster ML360R RGB
    Asus ROG Crosshair VIII Dark Hero
    eVGA GeForce RTX 3090 FTW3 Ultra Gaming (Hybrid kit on it)
    Asus ROG Swift PG43UQ 4k Monitor
    eVGA 1600W Supernova T2 PSU
    32GB G.Skill 3600 DDR4 (2x16GB) Trident Z Neo
    Corsair MP600 Pro 2TB (Boot)
    Corsair MP600 2TB (Games/Data)
    Phanteks P500A Case
     
    Associate Code: J4T7H4SOBIGFO8F
    #12
    z999z3mystorys
    CLASSIFIED Member
    • Total Posts : 4461
    • Reward points : 0
    • Joined: 2008/11/29 06:46:22
    • Location: at my current location
    • Status: offline
    • Ribbons : 23
    Re: Hackers are brute-force guessing payment card numbers, and there's nothing you can do 2021/12/18 12:16:02 (permalink)
    Passwords need an upper and lower case letter, and at least one special character, to make the number of guesses (ideally) extremely high, credit and debit cards just use numbers, so far fewer possible options, even with a longer number. Maybe they really need to push stuff like merchant ID card numbers, and chips in the physicals cards, and phase out regular numbers that work everywhere. No doubt a few other options that can be done as well, too.

     
     
    #13
    Jump to:
  • Back to Mobile