Asian Digital Thief : It’s not about faking the approvalAsian Digital Thief : It’s not about faking the approvalMrX @ IDSECCONF2009MrX @ IDSECCONF2009

AgendaAgenda

• Intro• Who are they?• Prevention Methods• Case Studies• Conclusions• Q&A

Intro

IntroIntro

• Hi Tech = Lazy• Cyber Crime Increased• Internet Fraud Still Exist

Who are they?

Who are they?Who are they?

• Credit Card Fraudster• Suppliers (crackers/phisers/scammers)• Proxy Providers• Drop Point / Reshippers

Prevention Methods

Prevention MethodsPrevention Methods

• SSL• AVS• 3D Secure• Automate Fraud Detection• Blocking Transaction from High Risk Country• System Hardening

SSLSSL

• SSL is good, but it’s not everything.

AVSAVS

• Definition• Advantage• Facts

– Not globally supported– Still can bypassed– System Abuse

• Solution

3D Secure3D Secure

• Definition• Advantage• Facts

– Weak Password– Expensive– Still can bypassed– Miss configuration– User vulnerable to phising attack

• Solution

Automate Fraud DetectionAutomate Fraud Detection

• Definition• Advantage• Facts

– Still can bypassed with proxies– Easier for Fraudster

• Solution

Blocking Transaction from High Risk Country Blocking Transaction from High Risk Country

• Definition• Advantage• Facts

– No Manual Check– Drop Point– Jump Shipment

• Solution

System HardeningSystem Hardening

• Definition• Advantage• Facts

– OS & Network Hardening– Backdooring Source Code– “Cracked” Web Application

• Solution

Case Studies

Case StudiesCase Studies

• SSL is not everything• 3D Secure• Security Conference?

Conclusions

ConclusionsConclusions

• 100% Secure System?• Manual Check still needed• Internet Fraud = Never Ending Crime

Q&A

• UAI• Depkominfo• Maxindo Mitra Solusi• Nimhost

kthxbai!!