A report by security firm Gemini Advisory mentions the detection of multiple malicious campaigns operated from dark web platforms aiming to bypass 3D Secure (3DS), a set of solutions designed to improve the security of online transactions using payment cards. The report refers to 3D Secure 2.0, the latest version of this tool; although experts believe it is a fact that previous versions of 3D Secure are also exposed.
To be precise, 3D Secure is an XML-based protocol designed to operate as an additional layer of security when transacting online with credit and debit cards, including password usage and biometric authentication.
According to the report, threat actors can use phishing and social engineering tactics to trick attacked users into revealing sensitive payment card information. One of the main problems lies in the use of password for transaction verification, as victims sometimes employ a personal identification number that a malicious hacker could easily obtain.
The most common technique for these hackers is to impersonating bank employees to obtain all kinds of information from their victims, including full names, phone numbers, tax addresses and email addresses, among other data.
About the ways to bypass the security of 3D Secure, experts mention that a hacker could call the victim to report an alleged fraudulent transaction, the cancellation of which will require the victim to hand over their information for identity verification.
Moreover, malicious hackers may also create phishing websites disguised as e-commerce platforms in order to collect sensitive information on a large scale. Threat actors also use malware variants for mobile devices capable of tracking information stored in memory and detecting potential verification codes for 3D Secure and other similar mechanisms.
Finally, experts mention that threat actors can exploit security flaws in payment operators like PayPal to bypass 3DS security mechanisms. Experts note that in some cases this attack variant might be more effective because PayPal does not always request user confirmation, especially when transactions are less than a previously set amount.
A separate report mentions that earlier versions of 3D Secure, such as v1.0, are also affected by these issues, which poses a great risk considering that these tools are still widely used around the world. Gemini Advisory experts recommend users of this framework to stay alert to any new updates, as well as follow the security recommendations issued by developers.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) website.