Feeds

Oh no! Here come the statisticians

What are the odds of hundreds of replies to a simple question?

  • alert
  • submit to reddit

Reducing the cost and complexity of web vulnerability management

[Lucy wrote about a man who claimed to have random pressed buttons on a remote control and suddenly been able to order pizzas and limos on someone else's credit card. Hmmm. Anyway, she asked what the odds were that you could randomly get a credit card number and expiry date right. All those budding mathematicians out there saw your chance]

Digital shopping fraud was a fluke, claims crook



With reference to your story about the alleged on-line credit card fraud, you asked for any calculations of the probability of the random number entry resulting in one correct sequence.



Assuming that all the numbers in a credit card sequence after the 4 digit card type id at the start are equi-probable, just working on the card number and ignoring the expriry date results in a probability of 0.1^12, or one in a billion.

Some of the assumptions may be wrong, but he would have had to enter 12 numbers in a row with a probability of getting each one correct as one in ten.

If you include the first 4 digits and the date, then the likelihood of success drops by a tenth for each number.

Not exactly a watertight defence.

Ed Doxat



Assuming a 10 digit credit card, and a 4 digit date (mmyy), the odds are:



10^10 * 12 * 4 (assuming that the cracker will only use the next 4 years as a credit-card expiration).

What this gives us is: 480,000,000,000 to one.

Approximately, of course.

JBB



Assuming a credit card number has the form: xxxx-xxx-xxx-xxx, this gives 10^13 possible credit card numbers; the expiry date has the form: MM / YY



Assuming a card is valid for ~5 years, and given there are 12 months / year, this gives at maximum 60 possible expiry dates; therefore the odds of getting the right combination of credit card number and expiry date, purely by luck, are in the region of 1 in 60 * 10^13, or, if you like, 1 in 600,000,000,000,000.

To put it another way, you're over a million times more likely to win the lottery...

James Nichols



Just a first approximation, but assuming there are about 200 million Visa users in the world:


200E+6 / (10^15) (12) (6)


^15 digits ^12 months ^six years of dates


= 2.78E-9 or about 1 in 360 million



Looks like our friend should have put his money into the lotto, he'd have better odds.

Larry Bernstone



1 in 100,000,000,000,000,000,000



Useless statistic: at a rate of one attempt every thirty seconds, it would take on average 47,564,687,975,646 years to come up with the first valid combination.

Andy Crawford



Assuming a 16 digit credit card number, and one of the next 48 months as a possible expiration date, and one valid credit card number for each man, woman and child on earth (6 billion), the odds are 80 million to one that you would get make a valid, random entry on the first try.



Joe Fitzgerald



Basically to guess a number between 0 and 9 you have a one in ten chance, to guess two numbers correctly you have a one in hundred chance (1/10 * 1/10). So the chance of getting all 16 numbers correct is about 1 in 10000000000000000. It is about a 1 in 1000 odds to get the corresponding expiry date so in total the odds of this rather sad man doing what he said is:



1 in 1000000000000000000

This will probably be proved wrong by someone with more maths sense than me, but what the hey, it looks OK...

Johnny Malcolm



[That's enough. Sorry to all those that didn't make it. This was a completely random selection]

Beginner's guide to SSL certificates

More from The Register

next story
WRISTJOB LOVE BONANZA: justWatch sex app promises blind date hookups
Mankind shuffles into the future, five fingers at a time
Every billionaire needs a PANZER TANK, right? STOP THERE, Paul Allen
Angry Microsoftie hauls auctioneers to court over stalled Pzkw. IV 'deal'
Apple's Mr Havisham: Tim Cook says dead Steve Jobs' office has remained untouched
'I literally think about him every day' says biz baron's old friend
Flaming drone batteries ground commercial flight before takeoff
Passenger had Something To Declare, instead fiddled while plane burned
Cops apologise for leaving EXPLOSIVES in suitcase at airport
'Canine training exercise' SNAFU sees woman take home booming baggage
Oi, London thief. We KNOW what you're doing - our PRECRIME system warned us
Italian boffins' Minority Report style system sees the future
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.