Security News > 2022 > September > Credit Card Fraud That Bypasses 2FA

Phones, of course, can be made inaccessible with the use of passwords and face or fingerprint unlocking.

Once they have the phone and the card, they register the card on the relevant bank's app on their own phone or computer.

Since it is the first time that card will have been used on the new device, a one-off security passcode is demanded.

That verification passcode is sent by the bank to the stolen phone.

The code flashes up on the locked screen of the stolen phone, leaving the thief to tap it into their own device.

Once accepted, they have control of the bank account.

News URL

https://www.schneier.com/blog/archives/2022/09/credit-card-fraud-that-bypasses-2fa.html