Oh no! Here come the statisticians

What are the odds of hundreds of replies to a simple question?

  • alert
  • submit to reddit

High performance access to file storage

[Lucy wrote about a man who claimed to have random pressed buttons on a remote control and suddenly been able to order pizzas and limos on someone else's credit card. Hmmm. Anyway, she asked what the odds were that you could randomly get a credit card number and expiry date right. All those budding mathematicians out there saw your chance]

Digital shopping fraud was a fluke, claims crook

With reference to your story about the alleged on-line credit card fraud, you asked for any calculations of the probability of the random number entry resulting in one correct sequence.

Assuming that all the numbers in a credit card sequence after the 4 digit card type id at the start are equi-probable, just working on the card number and ignoring the expriry date results in a probability of 0.1^12, or one in a billion.

Some of the assumptions may be wrong, but he would have had to enter 12 numbers in a row with a probability of getting each one correct as one in ten.

If you include the first 4 digits and the date, then the likelihood of success drops by a tenth for each number.

Not exactly a watertight defence.

Ed Doxat

Assuming a 10 digit credit card, and a 4 digit date (mmyy), the odds are:

10^10 * 12 * 4 (assuming that the cracker will only use the next 4 years as a credit-card expiration).

What this gives us is: 480,000,000,000 to one.

Approximately, of course.


Assuming a credit card number has the form: xxxx-xxx-xxx-xxx, this gives 10^13 possible credit card numbers; the expiry date has the form: MM / YY

Assuming a card is valid for ~5 years, and given there are 12 months / year, this gives at maximum 60 possible expiry dates; therefore the odds of getting the right combination of credit card number and expiry date, purely by luck, are in the region of 1 in 60 * 10^13, or, if you like, 1 in 600,000,000,000,000.

To put it another way, you're over a million times more likely to win the lottery...

James Nichols

Just a first approximation, but assuming there are about 200 million Visa users in the world:

200E+6 / (10^15) (12) (6)

^15 digits ^12 months ^six years of dates

= 2.78E-9 or about 1 in 360 million

Looks like our friend should have put his money into the lotto, he'd have better odds.

Larry Bernstone

1 in 100,000,000,000,000,000,000

Useless statistic: at a rate of one attempt every thirty seconds, it would take on average 47,564,687,975,646 years to come up with the first valid combination.

Andy Crawford

Assuming a 16 digit credit card number, and one of the next 48 months as a possible expiration date, and one valid credit card number for each man, woman and child on earth (6 billion), the odds are 80 million to one that you would get make a valid, random entry on the first try.

Joe Fitzgerald

Basically to guess a number between 0 and 9 you have a one in ten chance, to guess two numbers correctly you have a one in hundred chance (1/10 * 1/10). So the chance of getting all 16 numbers correct is about 1 in 10000000000000000. It is about a 1 in 1000 odds to get the corresponding expiry date so in total the odds of this rather sad man doing what he said is:

1 in 1000000000000000000

This will probably be proved wrong by someone with more maths sense than me, but what the hey, it looks OK...

Johnny Malcolm

[That's enough. Sorry to all those that didn't make it. This was a completely random selection]

High performance access to file storage

More from The Register

next story
Forget the beach 'n' boardwalk, check out the Santa Cruz STEVE JOBS FOUNTAIN
Reg reader snaps shot of touching tribute to Apple icon
Oz bank in comedy Heartbleed blog FAIL
Bank: 'We are now safely patched.' Customers: 'You were using OpenSSL?'
Happy 40th Playmobil: Reg looks back at small, rude world of our favourite tiny toys
Little men straddle LOHAN, attend tiny G20 Summit... ah, sweet memories...
Spanish village called 'Kill the Jews' mulls rebranding exercise
Not exactly attractive to the Israeli tourist demographic
Lego is the TOOL OF SATAN, thunders Polish priest
New minifigs like Monster Fighters are turning kids to the dark side
Dark SITH LORD 'Darth Vader' joins battle to rule, er, Ukraine
Only I can 'make an empire out of a republic' intones presidential candidate
Chinese company counters pollution by importing fresh air
Citizens line up for bags of that sweet, sweet mountain air
Google asks April Fools: Want a job? Be our 'Pokemon Master'
Mountain View is prankin' like it's 1999...
prev story


Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.