MrX - ADT: It's not about Faking the Approval
Transcript of MrX - ADT: It's not about Faking the Approval
![Page 1: MrX - ADT: It's not about Faking the Approval](https://reader038.fdocuments.us/reader038/viewer/2022110310/5599b3081a28abde0b8b4607/html5/thumbnails/1.jpg)
Asian Digital Thief : It’s not about faking the approvalAsian Digital Thief : It’s not about faking the approvalMrX @ IDSECCONF2009MrX @ IDSECCONF2009
![Page 2: MrX - ADT: It's not about Faking the Approval](https://reader038.fdocuments.us/reader038/viewer/2022110310/5599b3081a28abde0b8b4607/html5/thumbnails/2.jpg)
AgendaAgenda
• Intro• Who are they?• Prevention Methods• Case Studies• Conclusions• Q&A
![Page 3: MrX - ADT: It's not about Faking the Approval](https://reader038.fdocuments.us/reader038/viewer/2022110310/5599b3081a28abde0b8b4607/html5/thumbnails/3.jpg)
Intro
![Page 4: MrX - ADT: It's not about Faking the Approval](https://reader038.fdocuments.us/reader038/viewer/2022110310/5599b3081a28abde0b8b4607/html5/thumbnails/4.jpg)
IntroIntro
• Hi Tech = Lazy• Cyber Crime Increased• Internet Fraud Still Exist
![Page 5: MrX - ADT: It's not about Faking the Approval](https://reader038.fdocuments.us/reader038/viewer/2022110310/5599b3081a28abde0b8b4607/html5/thumbnails/5.jpg)
Who are they?
![Page 6: MrX - ADT: It's not about Faking the Approval](https://reader038.fdocuments.us/reader038/viewer/2022110310/5599b3081a28abde0b8b4607/html5/thumbnails/6.jpg)
Who are they?Who are they?
• Credit Card Fraudster• Suppliers (crackers/phisers/scammers)• Proxy Providers• Drop Point / Reshippers
![Page 7: MrX - ADT: It's not about Faking the Approval](https://reader038.fdocuments.us/reader038/viewer/2022110310/5599b3081a28abde0b8b4607/html5/thumbnails/7.jpg)
Prevention Methods
![Page 8: MrX - ADT: It's not about Faking the Approval](https://reader038.fdocuments.us/reader038/viewer/2022110310/5599b3081a28abde0b8b4607/html5/thumbnails/8.jpg)
Prevention MethodsPrevention Methods
• SSL• AVS• 3D Secure• Automate Fraud Detection• Blocking Transaction from High Risk Country• System Hardening
![Page 9: MrX - ADT: It's not about Faking the Approval](https://reader038.fdocuments.us/reader038/viewer/2022110310/5599b3081a28abde0b8b4607/html5/thumbnails/9.jpg)
SSLSSL
• SSL is good, but it’s not everything.
![Page 10: MrX - ADT: It's not about Faking the Approval](https://reader038.fdocuments.us/reader038/viewer/2022110310/5599b3081a28abde0b8b4607/html5/thumbnails/10.jpg)
AVSAVS
• Definition• Advantage• Facts
– Not globally supported– Still can bypassed– System Abuse
• Solution
![Page 11: MrX - ADT: It's not about Faking the Approval](https://reader038.fdocuments.us/reader038/viewer/2022110310/5599b3081a28abde0b8b4607/html5/thumbnails/11.jpg)
3D Secure3D Secure
• Definition• Advantage• Facts
– Weak Password– Expensive– Still can bypassed– Miss configuration– User vulnerable to phising attack
• Solution
![Page 12: MrX - ADT: It's not about Faking the Approval](https://reader038.fdocuments.us/reader038/viewer/2022110310/5599b3081a28abde0b8b4607/html5/thumbnails/12.jpg)
Automate Fraud DetectionAutomate Fraud Detection
• Definition• Advantage• Facts
– Still can bypassed with proxies– Easier for Fraudster
• Solution
![Page 13: MrX - ADT: It's not about Faking the Approval](https://reader038.fdocuments.us/reader038/viewer/2022110310/5599b3081a28abde0b8b4607/html5/thumbnails/13.jpg)
Blocking Transaction from High Risk Country Blocking Transaction from High Risk Country
• Definition• Advantage• Facts
– No Manual Check– Drop Point– Jump Shipment
• Solution
![Page 14: MrX - ADT: It's not about Faking the Approval](https://reader038.fdocuments.us/reader038/viewer/2022110310/5599b3081a28abde0b8b4607/html5/thumbnails/14.jpg)
System HardeningSystem Hardening
• Definition• Advantage• Facts
– OS & Network Hardening– Backdooring Source Code– “Cracked” Web Application
• Solution
![Page 15: MrX - ADT: It's not about Faking the Approval](https://reader038.fdocuments.us/reader038/viewer/2022110310/5599b3081a28abde0b8b4607/html5/thumbnails/15.jpg)
Case Studies
![Page 16: MrX - ADT: It's not about Faking the Approval](https://reader038.fdocuments.us/reader038/viewer/2022110310/5599b3081a28abde0b8b4607/html5/thumbnails/16.jpg)
Case StudiesCase Studies
• SSL is not everything• 3D Secure• Security Conference?
![Page 17: MrX - ADT: It's not about Faking the Approval](https://reader038.fdocuments.us/reader038/viewer/2022110310/5599b3081a28abde0b8b4607/html5/thumbnails/17.jpg)
Conclusions
![Page 18: MrX - ADT: It's not about Faking the Approval](https://reader038.fdocuments.us/reader038/viewer/2022110310/5599b3081a28abde0b8b4607/html5/thumbnails/18.jpg)
ConclusionsConclusions
• 100% Secure System?• Manual Check still needed• Internet Fraud = Never Ending Crime
![Page 19: MrX - ADT: It's not about Faking the Approval](https://reader038.fdocuments.us/reader038/viewer/2022110310/5599b3081a28abde0b8b4607/html5/thumbnails/19.jpg)
Q&A
![Page 20: MrX - ADT: It's not about Faking the Approval](https://reader038.fdocuments.us/reader038/viewer/2022110310/5599b3081a28abde0b8b4607/html5/thumbnails/20.jpg)
• UAI• Depkominfo• Maxindo Mitra Solusi• Nimhost
![Page 21: MrX - ADT: It's not about Faking the Approval](https://reader038.fdocuments.us/reader038/viewer/2022110310/5599b3081a28abde0b8b4607/html5/thumbnails/21.jpg)
kthxbai!!