Security News > 2021 > March > Hackers share methods to bypass 3D Secure for payment cards
Cybercriminals are constantly exploring and documenting new ways to go around the 3D Secure protocol used for authorizing online card transactions.
3DS adds a layer of security for online purchases using credit or debit cards.
In a blog post today, analysts at threat intelligence company Gemini Advisory share some of the methods cybercriminals discuss on dark-web forums to make fraudulent purchases at online stores that implemented 3DS. It all starts with full cardholder information, which includes at least the name, phone number, email address, physical address, mother's maiden name, ID number, and driver's license number.
Many stores do not ask for the 3DS code when transactions are below a certain limit, allowing fraudsters to get away with making multiple smaller purchases.
Europe is leading the transition to the more secure standard, while in the U.S. the fraud liability protection for merchants using 3DS 1 expires on October 17, 2021.
Gemini Advisory believes that cybercriminals will also take a stab at the more secure 3DS 2 through social engineering.