All online payments could be in danger of being hacked

Technology can only go so far to protect users as 3DSecure system comes under attack

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Researchers have detected discussions on the dark web between cybercriminals concerning methids ways to bypass the most common security measures for online card-based transactions.

Experts from Gemini Advisory found that threat actors have adopted a strategy of using a combination of social engineering andphishingattacks to circumvent the 3D Secure (3DS) security measure.

While there are two versions of 3DS on offer, with the latter one being more technically resilient, the report notes that “phishing and social engineering schemes often transcend technical upgrades.”

Social engineering attacks

The 3DS protocol is a popular fraud prevention mechanism that adds an additional layer of verification to ensure the authenticity of online card-based transactions. 3DS 2 is the latest version of the protocol that’s designed to accommodate smartphones.

According to reports however, the original 3DS version is still widely used, which makes it easier for attackers to circumvent the security measures.

What makes 3DS 2 more resistant to fraud, according to Gemini, is that it makes use of over a hundred key data points, including relevant contextual data from the merchant to validate the nature of the transactions.

Worryingly however, the researchers note that “while 3DS 2 is more difficult for cybercriminals to bypass, it is not impervious to well-honed social engineering skills.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

So instead of directly brute-forcing their way through its security safeguards, cybercriminals instead work around them by crafting the right kind of social engineering campaign.

“Gemini Advisory assesses with moderate confidence that cybercriminals will likely continue to rely on social engineering and phishing to bypass 3DS security measures,” conclude the researchers, in a way hinting that in the end it’s up to the users to make sure they don’t fall prey to a well-designed social engineering scheme.

Via:BleepingComputer

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Arcane season 2 finally gave us the huge Caitlyn and Vi moment we’ve been waiting for – and its creators say ‘we couldn’t have done it in season one’