A team of academics claims an unsophisticated type of cyber attack that exploits “flaws” in the Visa card payment system was probably used to defraud Tesco Bank customers of £2.5m last month.
He added: “The next step is the expiry date. Banks typically issue cards that are valid for 60 months, so guessing the date takes at most 60 attempts. The CVV is your last barrier and theoretically only the cardholder has that piece of information – it isn’t stored anywhere else. But guessing this three-digit number takes fewer than 1,000 attempts. Spread this out over 1,000 websites and one will come back verified within a couple of seconds. And there you have it: all the data you need to hack the account.”