Related Links

  • Trusteer
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Top 5 Stories


Financial hackers attacking Visa/MasterCard users with fake 3-D Secure logins

15 July 2010

Criminal hackers are using more advanced methods of trying to extract users card credentials, the latest attack vector being malware that launches a fake Visa/MasterCard 3-DSecure screen.

3-DSecure - branded as Verified by Visa and MasterCard SecureCode - is widely used as a means of authenticating online purchases using a pre-determined passphrase known only to the cardholder.

As users move to the transaction page with an online merchant, the merchant's payment provider opens an extensible code window to the card issuer's systems to request the 3-DSecure passphrase from the cardholder.

To use the service, online card users are asked to enroll in the programme, typically when they have made three online purchases with their new card.

And a fake version of this enrolment window is what the malware - actually a variant of the Zeus family - generates to the user, illegally requesting their credentials.

According to Trusteer, the secure browsing specialist, after users have initiated a secure online banking session, the Zeus Trojan injects a fake enrolment screen into the browser, illegally requesting credentials from the user.

The information gathered by Zeus is then used by fraudsters to commit `card not present' transactions with retailers that employ Verified by Visa and SecureCode protection.

This stolen data, says Trusteer, allows criminals to impersonate their victims and register with these programs to ensure fraudulent transactions escape normal fraud detection systems.

Amit Klein, the firm's CTO and head of research, said that this attack uses the familiar Visa and MasterCard online fraud prevention programs to make the request appear legitimate.

"Fortunately, online banking customers protected by Trusteer Rapport are not vulnerable to this attack since it blocks HTML injection and prevents Zeus from presenting the fraudulent enrolment request", he said.

The Rapport web browser plug-in, Infosecurity notes, is available as a free download for e-banking customers of several UK banks, notably HSBC, NatWest, RBS and Santander.

This article is featured in:
Data Loss  •  Internet and Network Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×