According to former Washington Post security researcher Brian Krebs, a dashboard panel in a cracking utility he accessed online has a tab labelled `Arcot.'
"Arcot Systems is the company whose software powers the authentication system used by MasterCard’s SecureCode and Visa's Verified by Visa programs", he says in his latest security blog.
"What's interesting is that the thieves could defeat these security systems by gathering personal data on victim card holders, which they appear to have done here", he adds.
Krebs goes on to note that the panel, like others used in tandem with Zeus - for example, Jabberzeus - is also is set up to alert the botmaster via Jabber instant message when a new set of credentials is stolen.
Infosecurity notes that this is a potentially serious development, as the 3-D Secure passphrase system was developed to authenticate online users' payment card transactions.
If the technology has been subverted by hackers in an automated package/service in this way, there could be serious consequences for online card security.