mrx - adt: it's not about faking the approval
TRANSCRIPT
Asian Digital Thief : It’s not about faking the approvalAsian Digital Thief : It’s not about faking the approvalMrX @ IDSECCONF2009MrX @ IDSECCONF2009
AgendaAgenda
• Intro• Who are they?• Prevention Methods• Case Studies• Conclusions• Q&A
Intro
IntroIntro
• Hi Tech = Lazy• Cyber Crime Increased• Internet Fraud Still Exist
Who are they?
Who are they?Who are they?
• Credit Card Fraudster• Suppliers (crackers/phisers/scammers)• Proxy Providers• Drop Point / Reshippers
Prevention Methods
Prevention MethodsPrevention Methods
• SSL• AVS• 3D Secure• Automate Fraud Detection• Blocking Transaction from High Risk Country• System Hardening
SSLSSL
• SSL is good, but it’s not everything.
AVSAVS
• Definition• Advantage• Facts
– Not globally supported– Still can bypassed– System Abuse
• Solution
3D Secure3D Secure
• Definition• Advantage• Facts
– Weak Password– Expensive– Still can bypassed– Miss configuration– User vulnerable to phising attack
• Solution
Automate Fraud DetectionAutomate Fraud Detection
• Definition• Advantage• Facts
– Still can bypassed with proxies– Easier for Fraudster
• Solution
Blocking Transaction from High Risk Country Blocking Transaction from High Risk Country
• Definition• Advantage• Facts
– No Manual Check– Drop Point– Jump Shipment
• Solution
System HardeningSystem Hardening
• Definition• Advantage• Facts
– OS & Network Hardening– Backdooring Source Code– “Cracked” Web Application
• Solution
Case Studies
Case StudiesCase Studies
• SSL is not everything• 3D Secure• Security Conference?
Conclusions
ConclusionsConclusions
• 100% Secure System?• Manual Check still needed• Internet Fraud = Never Ending Crime
Q&A
• UAI• Depkominfo• Maxindo Mitra Solusi• Nimhost
kthxbai!!