Security News > 2021 > March > Cybercriminals Finding Ways to Bypass '3D Secure' Fraud Prevention System
Security researchers with threat intelligence firm Gemini Advisory say they have observed dark web activities related to bypassing 3D Secure, which is designed to improve the security of online credit and debit card transactions.
Gemini's security researchers say that vulnerabilities in earlier versions of 3DS could have been exploited to bypass security.
One method recommended by some cybercriminals for bypassing 3DS involves calling up the victim from a phone number that spoofs the number on the back of the payment card, and tricking them into verifying a transaction currently being made by the fraudster by claiming it is needed for identity verification purposes.
The use of phishing sites that mimic legitimate online shops can also allow hackers to harvest the victims' card information and trick them into authorizing a payment via 3DS. In some cases, the attackers may use malware to target users' smartphones and retrieve 3DS verification codes.
The use of PayPal also allows attackers to bypass 3DS. For that, they add stolen payment card information to a PayPal account, and then make purchases using the PayPal payment method.
"The older versions of 3DS, such as version 1.0, are susceptible to hackers who find ways to bypass their security features. [] Gemini Advisory assesses with moderate confidence that cybercriminals will likely continue to rely on social engineering and phishing to bypass 3DS security measures," Gemini concludes.