1. What is the vulnerability being exploited?
The vulnerability exploited is the credit card security chip used to make instant payments on payment
platforms.
2. What information, data, or control can be gained by a hacker exploiting this vulnerability?
By scanning the victim’s credit card (Karp, 2023), the hacker gets access to the credit card number, expiration
date, and their security code. Acquiring this information ensures the hacker has control over the credit card
and they can make purchases with the victim’s card online without the card itself.
3. How is the hack performed?
Using a scanner programmed to pick up user data and information, the hacker only needs to get close to the
victim and scan their security chip which stores the card information. It’s a tap mechanism where the scanner
just needs to be close to the card. After scanning the card, the victim’s information is displayed on a computer
screen and the hacker can use this to steal money or sell the victim’s information on the dark web.
4. What about this particular hack interested you specifically?
Because the security chip on credit cards was added for security, I’m surprised it is also the cause of
exploitation from hackers. I was interested in learning how someone can use your money without even having your
card. All they need is to get closer to me, either bumping into me or then scan my bank card. This goes on to
show that some of the best security measures are also the most vulnerable. It only takes a smart hacker to
expose the vulnerability and a lot of people will incur losses.
5. How do you think this particular hack could be mitigated?
Whether using wallets made from reflective material which prevent interference like
aluminum, or getting rid of
the security chip altogether, there is still more that needs to be done. Since this method might only work with
online payments, the best way to mitigate this is activating multi-factor authentication (Karp, 2023) so that
even if the hacker has the user details, they need a code to successfully make purchases. Also, the use of
biometric authentication (Onelogin, 2024) is the most secure since no one person is the same as another. This
way it ensures that even with the victim’s information, the hackers cannot access their funds. Online platforms
and stores should also be able to track the location where the purchase was made so that in the case of losing
your information, the police and insurance companies can then track the hackers and stop them before they do any
more damage. Finally, regulation and policies (Pfefferkorn, 2021) that heavily punish those who violate the
privacy and security of others should help deter hackers and make them think twice before they commit such
crimes.
Karp, G. (2023, May 31). How to Prevent Credit Card Fraud. Retrieved from Nerdwallet:
https://www.nerdwallet.com/article/credit-cards/protect-against-credit-card-fraud
Onelogin. (2024). Biometric Authentication, the Good, the Bad, and the Ugly. Retrieved from Onelogin:
https://www.onelogin.com/learn/biometric-authentication
Pfefferkorn, R. (2021, September 7). America’s anti-hacking laws pose a risk to national security. Retrieved
from https://www.brookings.edu/articles/americas-anti-hacking-laws-pose-a-risk-to-national-security/
TEDx. (2013). Top hacker shows us how it's done | Pablos Holman | TEDxMidwest. Retrieved from Youtube:
https://www.youtube.com/watch?v=hqKafI7Amd8