Hackers have managed to copy the Verified by Visa and MasterCard SecureCode protection features in order to dupe customers at 15 top US banks, a security firm has warned.
Once a secure online banking session has been started on an infected computer, a Zeus Trojan will inject the credit card security program facsimiles into the customer's browser, Trusteer said.
The user will be asked to enter their social security number, credit card number as well as its expiration date and PIN or Card Security Value code.
The fake security programs will also attempt to trick people by claiming that new Federal Deposit Insurance Corporation rules require them to sign up to the Visa and Mastercard services.
This data is then sent back to the hackers who will use it to carry out card not present' transactions with retailers using the Verified by Visa and MasterCard SecureCode services.
By impersonating victims, the fraudsters are able to avoid detection.
"While some users may become suspicious when prompted to enter their credit/debit card information as part of the online banking login process, this attack uses the familiar Visa and MasterCard online fraud prevention programs to make the request appear legitimate," explained Amit Klein, chief technology officer of Trusteer and head of the company's research organisation.
The Zeus Trojan has been the cause of plenty of security worries in recent times.
One in every 100 computers is infected with Zeus, according to Trusteer, and earlier this year RSA Security warned that almost 90 per cent of Fortune 500 companies in the US could have been affected by the malware.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
Mastercard scraps passwords in online security driveNews Visa will also work with Mastercard to roll out an innovative way of securing online payments
-
Hacker comes clean over Visa-Mastercard data breach claimsNews Computer hacker claims leaked contact details came from banks, not credit card companies as first suggested.
-
Visa and Mastercard at centre of alleged data breach
News Hacker claims to have leaked firms' customer details.
-
Mastercard drops Global Payments from PCI approved vendors listNews Credit card company follows Visa's lead by axing support for Global Payments over data breach.
-
IBM Impact 2012: MasterCard fights fraud with IBM techNews A partnership with IBM has helped MasterCard bring new products to market quickly, including those to meet regulatory requirements and help fight fraud.
-
Visa drops Global Payments from PCI compliant listNews Visa has droped Global Payments from its PCI compliant list, following the exposure of 1.5 million credit card numbers.
-
Visa and MasterCard WikiLeaks donations reopenedNews Julian Assange will be happy to see Visa and MasterCard donations can now be made via WikiLeaks partner DataCell.
-
Visa tech claims $1.5 billion fraud savingsNews Visa believes its updated fraud detection technology will provide some big returns.
