Tuesday, December 3, 2024
HomeComputer SecurityDigital Wallets Bypassed To Allow Purchase With Stolen Cards

Digital Wallets Bypassed To Allow Purchase With Stolen Cards

Published on

SIEM as a Service

Digital wallets enable users to securely store their financial information on smart devices and perform financial transactions without any hassle.

These wallets offer enhanced security compared to traditional payment methods, as these wallets encrypt payment data.

Since smartphone adoption has grown significantly, digital wallets are becoming increasingly popular for their convenience.

- Advertisement - SIEM as a Service

Cybersecurity analysts at Usenix recently discovered that digital wallets were bypassed to allow purchases with stolen cards.

Free Webinar on Detecting & Blocking Supply Chain Attack -> Book your Spot

Digital Wallets Bypassed

Vulnerabilities are introduced by decentralized authority delegation in the digital payment ecosystem.

Adding victims’ wallet bank cards to their own wallets, bypassing payment authorization with implicit trust between wallets and banks, and using different payment types to get round access controls.

Such security flaws in system design and trust relationships open up several possibilities for fraud and unauthorized acts.

Threat actors exploit vulnerabilities in payment systems by creating backdoors across various transaction types, circumventing established access control policies. 

This sophisticated attack enables unauthorized users to make purchases of any amount using victims’ bank cards, even when those cards have been reported stolen and locked by their owners. 

The severity of this exploit lies in its ability to override standard security protocols, potentially leading to significant financial losses for victims and undermining trust in banking systems.

Researchers have conducted a thorough study that confirms serious security lapses in major US financial institutions and digital payment platforms.

Researchers focused on discovering and testing vulnerabilities in big banks such as Chase, American Express, and Bank of America, as well as widely used e-wallet applications such as Apple Pay, Google Pay, and PayPal.

These discoveries show how risky the current fintech systems may be. Due to this, they have shared their findings with all affected persons following responsible disclosure practices.

Additionally, security analysts have designed and advocated for a number of specific mitigation plans aimed at addressing these security flaws.

While as a recommendation they urged users to not only seek to fix security flaws identified but also to strengthen the system from such potential attacks in the future which will result in increased financial safety for millions of users.

Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Acces

Tushar Subhra
Tushar Subhra
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

PEFT-As-An-Attack, Jailbreaking Language Models For Malicious Prompts

Federated Parameter-Efficient Fine-Tuning (FedPEFT) is a technique that combines parameter-efficient fine-tuning (PEFT) with federated...

Hackers Cloning Websites, Exploiting RCE Flaws To Gain Access To Shopping Platforms

Cybercriminals are leveraging AI-powered phishing attacks, website cloning tools, and RCE exploits to target...

Hackers Exploited Windows Event Logs Tool log Manipulation, And Data Exfiltration

wevtutil.exe, a Windows Event Log management tool, can be abused for LOLBAS attacks. By...

Threat Actors Allegedly Claims Breach of EazyDiner Reservation Platform

Reports have emerged of a potential data breach involving EazyDiner, a leading restaurant reservation...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

PEFT-As-An-Attack, Jailbreaking Language Models For Malicious Prompts

Federated Parameter-Efficient Fine-Tuning (FedPEFT) is a technique that combines parameter-efficient fine-tuning (PEFT) with federated...

Hackers Cloning Websites, Exploiting RCE Flaws To Gain Access To Shopping Platforms

Cybercriminals are leveraging AI-powered phishing attacks, website cloning tools, and RCE exploits to target...

Hackers Exploited Windows Event Logs Tool log Manipulation, And Data Exfiltration

wevtutil.exe, a Windows Event Log management tool, can be abused for LOLBAS attacks. By...