Trial and error suspected in Visa scam
Scammers are ringing up charges on people’s Visa cards by trying out card numbers and expiry dates through ‘‘trial and error’’, according to information given to Massey University professor Cory Matthew.
Researchers at Newcastle University in Britain caused alarm internationally in December when they disclosed the theoretical possibility of such so-called ‘‘brute force’’ attacks on Visa card accounts.
Britain’s Telegraph newspaper said the researchers had shown it was possible to ‘‘guess’’ valid card details in less than six seconds and speculated the technique could have been behind a fraud affecting 9000 customers of British retailer Tesco.
Matthew said $940 was run up on his Visa card on bus passes in Rio de Janeiro, which he has never visited, before he spotted the charges and put a stop on his card.
‘‘[Visa] told my bank that ‘hackers’ have figured out a way to experiment with the system by trial and error to find a card number and expiry date that works and then put charges through.’’
Matthew said his bank had told him 1500 Visa accounts had been defrauded in a similar way, but he did not want to name the bank as it had been ‘‘extremely good to him’’ and the frauds were a Visa issue.
If confirmed, the frauds reported by Matthew could have implications for Visa customers around the world.
Credit card fraud can usually be traced back to people letting cards out of their sight when paying for items at the likes of bars and restaurants, or from cards being stolen or their details being compromised online.
But customers could see charges rung up on their accounts even if they had never shopped on the internet or taken their card out of their wallet, if the explanation given to Matthew by his bank is correct.
‘‘They tell me I will be refunded but not until after an investigation has been concluded, which can take up to 120 days – but hopefully less.’’
Visa said experts were looking into the matter but has not so far confirmed that the fraud was the result of a bruteforce attack.