Top US banks targeted by Mastercard and Visa scam

Bank security

Hackers have managed to copy the Verified by Visa and MasterCard SecureCode protection features in order to dupe customers at 15 top US banks, a security firm has warned.

Once a secure online banking session has been started on an infected computer, a Zeus Trojan will inject the credit card security program facsimiles into the customer's browser, Trusteer said.

The user will be asked to enter their social security number, credit card number as well as its expiration date and PIN or Card Security Value code.

The fake security programs will also attempt to trick people by claiming that new Federal Deposit Insurance Corporation rules require them to sign up to the Visa and Mastercard services.

This data is then sent back to the hackers who will use it to carry out card not present' transactions with retailers using the Verified by Visa and MasterCard SecureCode services.

By impersonating victims, the fraudsters are able to avoid detection.

"While some users may become suspicious when prompted to enter their credit/debit card information as part of the online banking login process, this attack uses the familiar Visa and MasterCard online fraud prevention programs to make the request appear legitimate," explained Amit Klein, chief technology officer of Trusteer and head of the company's research organisation.

The Zeus Trojan has been the cause of plenty of security worries in recent times.

One in every 100 computers is infected with Zeus, according to Trusteer, and earlier this year RSA Security warned that almost 90 per cent of Fortune 500 companies in the US could have been affected by the malware.

Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.