Fraudsters are constantly finding new ways to exploit vulnerabilities in the banking system, and one of the latest tactics involves stealing credit card information via mobile banking apps.
This type of attack has been seen in different variations in Spain and North America and was reported for the first time at the beginning of 2023. As fraudsters use stolen credentials to commit e-commerce fraud, here’s what banks and customers must keep in mind to stay safe.
The Modus Operandi
Step 1: Stealing credentials
Fraudsters start by stealing the login credentials and the phone number of banking customers. They typically accomplish this through phishing or smishing.
Step 2: Enrolling a phone
Equipped with the stolen credentials and the victim’s phone number, fraudsters enroll their own phone to receive future one-time passwords (OTPs) and push notifications. This is done by logging into the mobile banking app and following the enrollment process. To authenticate this action, they impersonate a banking employee and call the victim under a pretext to receive the OTP.
Step 3: Opening a neobank account
Next, fraudsters open an account with a neobank, where they automatically receive a prepaid card. This can be done quickly and easily because of lax controls in identity verification and background checks.
Step 4: Charging the prepaid card
Fraudsters then charge the prepaid card with a simple credit card transaction. They can access the victim’s credit card details via the banking app and generate a dynamic CVV. To approve this transaction, they receive a push notification to the phone that they enrolled in earlier.
Case Study: Spanish Retail Bank
In February 2023, a Spanish retail bank re ..
Support the originator by clicking the read the rest link below.
