SlideShare a Scribd company logo

MrX - ADT: It's not about Faking the Approval

idsecconf, profile picture
idsecconf

This document summarizes a presentation given by MrX at the IDSECCONF2009 conference on Asian digital theft. The presentation covered who engages in digital theft in Asia, such as credit card fraudsters and cybercrime suppliers, and discussed various prevention methods used by companies to combat fraud, including SSL, AVS, 3D Secure, automated fraud detection, and blocking transactions from high-risk countries. It also provided case studies on instances where these prevention methods failed or were bypassed by thieves and concluded that completely secure systems do not exist, manual checks are still needed, and internet fraud will likely continue as a persistent crime.

1 of 21
Downloaded 40 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Asian Digital Thief : It’s not about faking the approval MrX @ IDSECCONF2009
Agenda • Intro • Who are they? • Prevention Methods • Case Studies • Conclusions • Q&A
Intro
Intro • Hi Tech = Lazy • Cyber Crime Increased • Internet Fraud Still Exist
Who are they?
Who are they? • Credit Card Fraudster • Suppliers (crackers/phisers/scammers) • Proxy Providers • Drop Point / Reshippers
Prevention Methods
Prevention Methods • SSL • AVS • 3D Secure • Automate Fraud Detection • Blocking Transaction from High Risk Country • System Hardening
SSL • SSL is good, but it’s not everything.
AVS • Definition • Advantage • Facts – Not globally supported – Still can bypassed – System Abuse • Solution
3D Secure • Definition • Advantage • Facts – Weak Password – Expensive – Still can bypassed – Miss configuration – User vulnerable to phising attack • Solution
Automate Fraud Detection • Definition • Advantage • Facts – Still can bypassed with proxies – Easier for Fraudster • Solution
Blocking Transaction from High Risk Country • Definition • Advantage • Facts – No Manual Check – Drop Point – Jump Shipment • Solution
System Hardening • Definition • Advantage • Facts – OS & Network Hardening – Backdooring Source Code – “Cracked” Web Application • Solution
Case Studies
Case Studies • SSL is not everything • 3D Secure • Security Conference?
Conclusions
Conclusions • 100% Secure System? • Manual Check still needed • Internet Fraud = Never Ending Crime
Q&A
• UAI • Depkominfo • Maxindo Mitra Solusi • Nimhost
kthxbai!!

More Related Content

PDF
The_Hydra - Bagaimana Menulis dan Memaintain Elektronik Hacking Magazine
idsecconf
 
PDF
Turning tl mr 3020 into automate wireless attacker
idsecconf
 
PDF
Desain skema rn4 s1
idsecconf
 
PPTX
Studi dan Implementasi Keamanan User Privacy menggunakan CP-ABE
idsecconf
 
PPTX
How i hack_hacker_facebook - el_rumi
idsecconf
 
PDF
Spying The Wire
Don Anto
 
PDF
The21stcenturybankjob 101014152255-phpapp02
idsecconf
 
PDF
Micro control idsecconf2010
idsecconf
 
The_Hydra - Bagaimana Menulis dan Memaintain Elektronik Hacking Magazine
idsecconf
 
Turning tl mr 3020 into automate wireless attacker
idsecconf
 
Desain skema rn4 s1
idsecconf
 
Studi dan Implementasi Keamanan User Privacy menggunakan CP-ABE
idsecconf
 
How i hack_hacker_facebook - el_rumi
idsecconf
 
Spying The Wire
Don Anto
 
The21stcenturybankjob 101014152255-phpapp02
idsecconf
 
Micro control idsecconf2010
idsecconf
 

Viewers also liked (18)

PDF
How to train your ninja
idsecconf
 
PDF
Turning tl mr 3020 into automate wireless attacker
idsecconf
 
PDF
Mobile security-an-introduction - za
idsecconf
 
PPTX
Reversing blue coat proxysg - wa-
idsecconf
 
PDF
y3dips, mastering the network hackingFU
idsecconf
 
PPTX
Analisa kejahatan menggunakan jaringan gsm
idsecconf
 
PDF
Reksoprodjo cyber warfare stmik bali 2010
idsecconf
 
PDF
indounderground, Carding, carder and why you should avoid it!
idsecconf
 
PDF
Generating the responses
idsecconf
 
PDF
A million little tracking devices - Don Bailey
idsecconf
 
PDF
Keynote - Jim Geovedi - professional-hackers
idsecconf
 
PDF
Linux kernel-rootkit-dev - Wonokaerun
idsecconf
 
PDF
Ctf online idsecconf2012 walkthrough
idsecconf
 
PDF
Mobile Malware defense and possibly Anti-forensics
idsecconf
 
PDF
theday, windows hacking with commandline
idsecconf
 
PDF
y3dips hacking priv8 network
idsecconf
 
PPT
Bruteforce basic presentation_file - linx
idsecconf
 
PDF
oauth-for-credentials-security-in-rest-api-access
idsecconf
 
How to train your ninja
idsecconf
 
Turning tl mr 3020 into automate wireless attacker
idsecconf
 
Mobile security-an-introduction - za
idsecconf
 
Reversing blue coat proxysg - wa-
idsecconf
 
y3dips, mastering the network hackingFU
idsecconf
 
Analisa kejahatan menggunakan jaringan gsm
idsecconf
 
Reksoprodjo cyber warfare stmik bali 2010
idsecconf
 
indounderground, Carding, carder and why you should avoid it!
idsecconf
 
Generating the responses
idsecconf
 
A million little tracking devices - Don Bailey
idsecconf
 
Keynote - Jim Geovedi - professional-hackers
idsecconf
 
Linux kernel-rootkit-dev - Wonokaerun
idsecconf
 
Ctf online idsecconf2012 walkthrough
idsecconf
 
Mobile Malware defense and possibly Anti-forensics
idsecconf
 
theday, windows hacking with commandline
idsecconf
 
y3dips hacking priv8 network
idsecconf
 
Bruteforce basic presentation_file - linx
idsecconf
 
oauth-for-credentials-security-in-rest-api-access
idsecconf
 
Ad

Similar to MrX - ADT: It's not about Faking the Approval (20)

PPTX
Keeping Secrets on the Internet of Things - Mobile Web Application Security
Kelly Robertson
 
PPT
Authentication technologies
Nicholas Davis
 
PPT
Authentication Technologies
Nicholas Davis
 
PDF
CNIT 160 4e Security Program Management (Part 5)
Sam Bowne
 
PPTX
Security is not a feature
Elizabeth Smith
 
PPT
Authenticationtechnologies 120711134100-phpapp01
Hai Nguyen
 
PPT
IWMW 2000: Trusted e-Commerce: What Does it Mean?
IWMW
 
PPTX
E payment Project Demo
Omar Al-Sabek
 
PPT
Oath appsec sf 2015 dem rev. 2
Donald Malloy
 
PPT
Strong Authentication - Open Source
Donald Malloy
 
PDF
Cybersecurity Basics - Aravindr.com
Aravind R
 
PPTX
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
PPT
Security what it means to your business - circa 1999
Chaim Yudkowsky
 
PPTX
NEDMA18 Keynote: Cyber Security – what you need to know, what you need to do
New England Direct Marketing Association, Inc.
 
PDF
Mobile Security
Xavier Mertens
 
PPTX
Understanding Zero Trust Security for IBM i
Precisely
 
PDF
Bsu skills and_careers_in_cybersecurity
Sandra (Sandy) Dunn
 
PDF
Digital Marketing in the "Secure Age"
Alert Logic
 
PDF
The What, Why, and How of DevSecOps
Cprime
 
PDF
Ciso executive forum 2013
Bill Burns
 
Keeping Secrets on the Internet of Things - Mobile Web Application Security
Kelly Robertson
 
Authentication technologies
Nicholas Davis
 
Authentication Technologies
Nicholas Davis
 
CNIT 160 4e Security Program Management (Part 5)
Sam Bowne
 
Security is not a feature
Elizabeth Smith
 
Authenticationtechnologies 120711134100-phpapp01
Hai Nguyen
 
IWMW 2000: Trusted e-Commerce: What Does it Mean?
IWMW
 
E payment Project Demo
Omar Al-Sabek
 
Oath appsec sf 2015 dem rev. 2
Donald Malloy
 
Strong Authentication - Open Source
Donald Malloy
 
Cybersecurity Basics - Aravindr.com
Aravind R
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
Security what it means to your business - circa 1999
Chaim Yudkowsky
 
NEDMA18 Keynote: Cyber Security – what you need to know, what you need to do
New England Direct Marketing Association, Inc.
 
Mobile Security
Xavier Mertens
 
Understanding Zero Trust Security for IBM i
Precisely
 
Bsu skills and_careers_in_cybersecurity
Sandra (Sandy) Dunn
 
Digital Marketing in the "Secure Age"
Alert Logic
 
The What, Why, and How of DevSecOps
Cprime
 
Ciso executive forum 2013
Bill Burns
 
Ad

More from idsecconf (20)

PDF
IDSECCONF2024 Capture The FLag Write up - 3 MAS MAS
idsecconf
 
PDF
IDSECCONF2024 - Rifqi Hilmy Zhafrant - Hunting and Exploiting GraphQL Vulnera...
idsecconf
 
PDF
IDSECCONF2024 - Arief Karfianto - AI-Enhanced Security Analysis in Requiremen...
idsecconf
 
PDF
IDSECCONF2024 - Ryan Fabella, Daniel Dhaniswara - Keamanan Siber Pada Kendara...
idsecconf
 
PDF
IDSECCONF2024 - Angela Oryza - ITS Nabu-Platform Pelatihan Keamanan Siber den...
idsecconf
 
PDF
IDSECCONF2024 - Rama Tri Nanda - MQTT hacking, RCE in Smart Router.pdf
idsecconf
 
PDF
IDSECCONF2024 - Muhammad Dwison - The Implementation Of One Pixel Attack To S...
idsecconf
 
PDF
IDSECCONF2024 - Kang Ali - Local LLM can Simulate Apt Malware With Jailbreak ...
idsecconf
 
PDF
IDSECCONF2024 - Brian Nasywa - Comparison of Quantum Key Distribution Protoco...
idsecconf
 
PDF
idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...
idsecconf
 
PDF
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...
idsecconf
 
PDF
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf
 
PDF
idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf
idsecconf
 
PDF
idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...
idsecconf
 
PDF
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...
idsecconf
 
PDF
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...
idsecconf
 
PDF
Ali - The Journey-Hack Electron App Desktop (MacOS).pdf
idsecconf
 
PDF
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...
idsecconf
 
PDF
Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf
idsecconf
 
PDF
Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...
idsecconf
 
IDSECCONF2024 Capture The FLag Write up - 3 MAS MAS
idsecconf
 
IDSECCONF2024 - Rifqi Hilmy Zhafrant - Hunting and Exploiting GraphQL Vulnera...
idsecconf
 
IDSECCONF2024 - Arief Karfianto - AI-Enhanced Security Analysis in Requiremen...
idsecconf
 
IDSECCONF2024 - Ryan Fabella, Daniel Dhaniswara - Keamanan Siber Pada Kendara...
idsecconf
 
IDSECCONF2024 - Angela Oryza - ITS Nabu-Platform Pelatihan Keamanan Siber den...
idsecconf
 
IDSECCONF2024 - Rama Tri Nanda - MQTT hacking, RCE in Smart Router.pdf
idsecconf
 
IDSECCONF2024 - Muhammad Dwison - The Implementation Of One Pixel Attack To S...
idsecconf
 
IDSECCONF2024 - Kang Ali - Local LLM can Simulate Apt Malware With Jailbreak ...
idsecconf
 
IDSECCONF2024 - Brian Nasywa - Comparison of Quantum Key Distribution Protoco...
idsecconf
 
idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...
idsecconf
 
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...
idsecconf
 
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf
 
idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf
idsecconf
 
idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...
idsecconf
 
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...
idsecconf
 
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...
idsecconf
 
Ali - The Journey-Hack Electron App Desktop (MacOS).pdf
idsecconf
 
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...
idsecconf
 
Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf
idsecconf
 
Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...
idsecconf
 

MrX - ADT: It's not about Faking the Approval