PaymentsJournal
No Result
View All Result
SIGN UP
  • Commercial
  • Credit
  • Debit
  • Digital Assets & Crypto
  • Digital Banking
  • Emerging Payments
  • Fraud & Security
  • Merchant
  • Prepaid
PaymentsJournal
  • Commercial
  • Credit
  • Debit
  • Digital Assets & Crypto
  • Digital Banking
  • Emerging Payments
  • Fraud & Security
  • Merchant
  • Prepaid
No Result
View All Result
PaymentsJournal
No Result
View All Result

Social Engineering Hacks Break Password Protected 3D Secure Implementations

By Tim Sloane
March 5, 2021
in Analysts Coverage, Biometrics, Emerging Payments, Fraud & Security, Security
0
0
SHARES
0
VIEWS
Share on LinkedIn
With Behavioral Biometrics Entersekt Automates Convenient & Strong Authentication For Banks

With Behavioral Biometrics Entersekt Automates Convenient & Strong Authentication For Banks

Research indicates criminals are sharing social engineering ideas to steal static and one-time passwords used with 3D Secure and others. This is one more reason to avoid passwords and use biometrics wherever possible:

“Cyber-criminals are actively sharing tips and advice on how to bypass the 3D Secure (3DS) protocol to commit payment fraud, according to researchers.

A team at threat intelligence firm Gemini Advisory found the discussions on multiple dark web forums, claiming that phishing and social engineering tactics stood a good chance of success in certain situations.

Although version two of the protocol, designed for smartphone users, allows individuals to authenticate payments with hard-to-spoof or steal biometric information, earlier, less secure versions are still widely used, the firm claimed.

Use of a static password to authenticate exposes shoppers to such scams. Fraudsters could buy personal information on a user, call them up impersonating their bank and then provide some of this info to ‘prove’ their legitimacy, before asking for the password, Gemini Advisory said.

The firm’s analysts have also eavesdropped on reputable hackers offering advice on how to make purchases in real-time, bypassing two-factor authentication (2FA) codes. They enter stolen payment card details into an e-commerce site, then call the cardholder spoofing their number to appear as if they’re calling from the bank. When the 2FA code comes through, they request it from the victim.

Mobile malware could also be used to intercept 2FA numbers sent by SD3 v 1 to shoppers, the report noted.” 

Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group

0
SHARES
0
VIEWS
Share on LinkedIn
Tags: 3D SecureBiometricsCybercrimeCybersecurityHackersPasswordSocial Engineering

    Get the Latest News and Insights Delivered Daily

    Subscribe to the PaymentsJournal Newsletter for exclusive insight and data from Javelin Strategy & Research analysts and industry professionals.

    Must Reads

    credit union data, credit union technology

    Inside the Tech Shift Redefining How Credit Unions Operate

    July 9, 2026
    embedded payments

    What Embedded Payments Can Solve for Small Businesses

    July 8, 2026
    apple tap to pay

    Build Momentum Behind Zelle for Business

    July 7, 2026
    Accredited Payments Risk Professional

    The Growing Importance of Payments Risk Expertise

    July 6, 2026
    account aggregation

    The Dilemma Facing Financial Institutions: Aggregate or Be Aggregated

    July 2, 2026
    contactless payments

    Wherever There’s Friction, Contactless Payments Can Help

    July 1, 2026
    gift card strategy, gift card trends

    How Cautionary Spending Is Fueling Gift Card Purchases

    June 30, 2026
    Know Your Agent

    Trust but Verify: Security in the Age of Agentic AI

    June 29, 2026

    Linkedin-in X-twitter
    • Commercial
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Digital Banking
    • Commercial
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Digital Banking
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    • About Us
    • Advertise With Us
    • Sign Up for Our Newsletter
    • About Us
    • Advertise With Us
    • Sign Up for Our Newsletter

    ©2026 PaymentsJournal.com |  Terms of Use | Privacy Policy

    • Commercial Payments
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    No Result
    View All Result