Card cracking is a botnet attack whereby the hacker tries guessing the missing credit card data like the expiry date and security code. The hacker already has the primary account number, so all they need are the other missing numbers. It’s considered a brute force attack as many different values are tried repeatedly until it works.
Alternate Names and Examples:
Brute forcing credit card information
Card brute forcing
Credit card cracking
POTENTIAL SYMPTOMS:
• An increase in shopping cart abandonment
• An increase in failed payment authorizations
• Lower usage of the payment step in the purchase process
• Reduction in average shopping cart value
• Higher number of card chargebacks
Where does card cracking happen?
The simple answer is any website that accepts credit cards for payment. Typically the hackers will have purchased a large list of credit card numbers. However, the list is missing some of the other required numbers such as the expiration date and security code. These fields are guessed by the hacker by running through thousands and thousands of options. This is relatively easy especially if they are only need to guess the expiration date. There are only so many options to run through as all they need is a month and year combination.