Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Hackers can guess your bank details in just six seconds

Fear the rise of hackers? You have every right too, new research has suggested you’re a whole lot more vulnerable to attack than you first thought.

Not because of some technical wizardry or intense coding that will unlock secret back doors in your systems though. Instead, it’s simple guesswork you need to worry about.

That’s according to a new study from a team at Newcastle University which has claimed hackers can compromise Visa’a credit-card payment system in “as little as six seconds.” Eep.

Potentially the cause of the recent attack on Tesco Bank, it’s been suggested that high-speed guesswork can unlock a trove of banking information in seconds.

How? According to the team headed up by PhD student Mohammed Ali, it’s all down to a method called “the Distributed Guessing Attack.”


A simple but effective approach, this sees cyber criminals generate random numbers at super high speed to guess everything from your credit-card number to its expiry date and even that 3-digit CVV code hidden on the rear.

Once they’ve stumbled on your details, they can test the combination on multiple online payment services.

As online retailers often request different combinations of the data, they can simply keep guessing until they get it correct, and by targeting multiple sales platforms, they can avoid hitting individual site purchase attempt limits.

According to Ali, “the current online payment system does not detect multiple invalid payment requests from different websites.

“This allows unlimited guesses on each card data field, using up to the allowed number of attempts – typically 10 to 20 guesses – on each website.”

Despite the findings, Visa has been dismissive of the risks and passed the blame elsewhere, telling The Guardian: “We are committed to keeping fraud at low levels, and work closely with card issuers and acquirers to make it very difficult to obtain and use cardholder data illegally.

“There are also steps that merchants and issuers can take to thwart brute force attempts.”

WATCH: Laptop Buying Guide 2016

Are you worried about the latest hacking threat? Let us know in the comments.

Why trust our journalism?

Founded in 2003, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.

Trusted Reviews Logo

Sign up to our newsletter

Get the best of Trusted Reviews delivered right to your inbox.

This is a test error message with some extra words