A report by security firm Gemini Advisory mentions the detection of multiple malicious campaigns operated from dark web platforms aiming to bypass 3D Secure (3DS), a set of solutions designed to improve the security of online transactions using payment cards. The report refers to 3D Secure 2.0, the latest version of this tool; although experts believe it is a fact that previous versions of 3D Secure are also exposed.

360 Mobile Vision - 360mobilevision.com North & South Carolina Security products and Systems Installations for Commercial and Residential - $55 Hourly Rate. ACCESS CONTROL, INTRUSION ALARM, ACCESS CONTROLLED GATES, INTERCOMS AND CCTV INSTALL OR REPAIR 360 Mobile Vision - 360mobilevision.com is committed to excellence in every aspect of our business. We uphold a standard of integrity bound by fairness, honesty and personal responsibility. Our distinction is the quality of service we bring to our customers. Accurate knowledge of our trade combined with ability is what makes us true professionals. Above all, we are watchful of our customers interests, and make their concerns the basis of our business.

To be precise, 3D Secure is an XML-based protocol designed to operate as an additional layer of security when transacting online with credit and debit cards, including password usage and biometric authentication. 

According to the report, threat actors can use phishing and social engineering tactics to trick attacked users into revealing sensitive payment card information. One of the main problems lies in the use of password for transaction verification, as victims sometimes employ a personal identification number that a malicious hacker could easily obtain.

The most common technique for these hackers is to impersonating bank employees to obtain all kinds of information from their victims, including full names, phone numbers, tax addresses and email addresses, among other data.

About the ways to bypass the security of 3D Secure, experts mention that a hacker could call the victim to report an alleged fraudulent transaction, the cancellation of which will require the victim to hand over their information for identity verification.

Moreover, malicious hackers may also create phishing websites disguised as e-commerce platforms in order to collect sensitive information on a large scale. Threat actors also use malware variants for mobile devices capable of tracking information stored in memory and detecting potential verification codes for 3D Secure and other similar mechanisms. 

Finally, experts mention that threat actors can exploit security flaws in payment operators like PayPal to bypass 3DS security mechanisms. Experts note that in some cases this attack variant might be more effective because PayPal does not always request user confirmation, especially when transactions are less than a previously set amount.

A separate report mentions that earlier versions of 3D Secure, such as v1.0, are also affected by these issues, which poses a great risk considering that these tools are still widely used around the world. Gemini Advisory experts recommend users of this framework to stay alert to any new updates, as well as follow the security recommendations issued by developers.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) website.

The post A dark web forum describes methods for bypassing 3D Secure for bank cards appeared first on Cyber Security News | Exploit One | Hacking News.

By admin