Even with 3DS challenges, people are persuaded out of their one-time passcodes by phishing, using an increasingly elaborate series of text-message and voice-call based deceptions. I hate the term, but search for “smishing” and there’s a bunch of material explaining the exploits.
Depending on the region, only a small fraction of payments are enrolled in the framework to do that validation / challenge anyway, it’s been expensive to adopt and a lot of card acceptors are still nervous about abandoned carts and lost revenue.
Aaaand that’s not to mention good old fashioned stolen cards, counterfeiting and at the other end, full-scale identity takeovers.
Many security features are still bypassable by using the legacy system that should have been supplanted by now. It is a constantly-evolving (and frustrating) field.
Yeah but why would anyone bother with with all the hassle and some porn. Other than few people for the lulz, I can’t imagine this being serious problem (when 3ds works)
Depending on the region, only a small fraction of payments are enrolled in the framework to do that validation / challenge anyway, it’s been expensive to adopt and a lot of card acceptors are still nervous about abandoned carts and lost revenue.
Aaaand that’s not to mention good old fashioned stolen cards, counterfeiting and at the other end, full-scale identity takeovers. Many security features are still bypassable by using the legacy system that should have been supplanted by now. It is a constantly-evolving (and frustrating) field.