Top US banks targeted by Mastercard and Visa scam

Hackers have managed to copy the Verified by Visa and MasterCard SecureCode protection features in order to dupe customers at 15 top US banks, a security firm has warned.

Once a secure online banking session has been started on an infected computer, a Zeus Trojan will inject the credit card security program facsimiles into the customer's browser, Trusteer said.

The user will be asked to enter their social security number, credit card number as well as its expiration date and PIN or Card Security Value code.

The fake security programs will also attempt to trick people by claiming that new Federal Deposit Insurance Corporation rules require them to sign up to the Visa and Mastercard services.

This data is then sent back to the hackers who will use it to carry out card not present' transactions with retailers using the Verified by Visa and MasterCard SecureCode services.

By impersonating victims, the fraudsters are able to avoid detection.

"While some users may become suspicious when prompted to enter their credit/debit card information as part of the online banking login process, this attack uses the familiar Visa and MasterCard online fraud prevention programs to make the request appear legitimate," explained Amit Klein, chief technology officer of Trusteer and head of the company's research organisation.

The Zeus Trojan has been the cause of plenty of security worries in recent times.

One in every 100 computers is infected with Zeus, according to Trusteer, and earlier this year RSA Security warned that almost 90 per cent of Fortune 500 companies in the US could have been affected by the malware.