digital skimming...dansk politi 1998-2014 danske bank 2014-2019 nets a/s 2019-msc counter fraud...
TRANSCRIPT
![Page 1: Digital skimming...Dansk Politi 1998-2014 Danske Bank 2014-2019 Nets A/S 2019-MSc Counter Fraud & Counter Corruption @paranoiapusher Sune Gabelgård Head of Digital Fraud, Intelligence](https://reader033.vdocuments.net/reader033/viewer/2022041803/5e52dc8e731cf547fb21fb69/html5/thumbnails/1.jpg)
1
Digital skimming
![Page 2: Digital skimming...Dansk Politi 1998-2014 Danske Bank 2014-2019 Nets A/S 2019-MSc Counter Fraud & Counter Corruption @paranoiapusher Sune Gabelgård Head of Digital Fraud, Intelligence](https://reader033.vdocuments.net/reader033/viewer/2022041803/5e52dc8e731cf547fb21fb69/html5/thumbnails/2.jpg)
Dansk Politi 1998-2014Danske Bank 2014-2019Nets A/S 2019-MSc Counter Fraud & Counter Corruption
@paranoiapusher
Sune GabelgårdHead of Digital Fraud, Intelligence & Research
![Page 3: Digital skimming...Dansk Politi 1998-2014 Danske Bank 2014-2019 Nets A/S 2019-MSc Counter Fraud & Counter Corruption @paranoiapusher Sune Gabelgård Head of Digital Fraud, Intelligence](https://reader033.vdocuments.net/reader033/viewer/2022041803/5e52dc8e731cf547fb21fb69/html5/thumbnails/3.jpg)
FaaSFraud as a Service
Trusselsbilledet inden for cybersvindel 2019
Udbyttet fracybersvindel
Antal ofre
Lykkeriddere Hacker
Organiseredekriminelle
![Page 4: Digital skimming...Dansk Politi 1998-2014 Danske Bank 2014-2019 Nets A/S 2019-MSc Counter Fraud & Counter Corruption @paranoiapusher Sune Gabelgård Head of Digital Fraud, Intelligence](https://reader033.vdocuments.net/reader033/viewer/2022041803/5e52dc8e731cf547fb21fb69/html5/thumbnails/4.jpg)
Lad os starte med Adam og Eva …
![Page 5: Digital skimming...Dansk Politi 1998-2014 Danske Bank 2014-2019 Nets A/S 2019-MSc Counter Fraud & Counter Corruption @paranoiapusher Sune Gabelgård Head of Digital Fraud, Intelligence](https://reader033.vdocuments.net/reader033/viewer/2022041803/5e52dc8e731cf547fb21fb69/html5/thumbnails/5.jpg)
Lad os starte med Adam og Eva …
![Page 6: Digital skimming...Dansk Politi 1998-2014 Danske Bank 2014-2019 Nets A/S 2019-MSc Counter Fraud & Counter Corruption @paranoiapusher Sune Gabelgård Head of Digital Fraud, Intelligence](https://reader033.vdocuments.net/reader033/viewer/2022041803/5e52dc8e731cf547fb21fb69/html5/thumbnails/6.jpg)
Den go’e gamle 4-party model ─ har nu udviklet sig til et street party
Forbruger
Forretning
Indløser
Kortudsteder
![Page 7: Digital skimming...Dansk Politi 1998-2014 Danske Bank 2014-2019 Nets A/S 2019-MSc Counter Fraud & Counter Corruption @paranoiapusher Sune Gabelgård Head of Digital Fraud, Intelligence](https://reader033.vdocuments.net/reader033/viewer/2022041803/5e52dc8e731cf547fb21fb69/html5/thumbnails/7.jpg)
Det var ikke vores skyld!Vi opbevarer ikke kortdata og er PCI DSS-compliant!
![Page 8: Digital skimming...Dansk Politi 1998-2014 Danske Bank 2014-2019 Nets A/S 2019-MSc Counter Fraud & Counter Corruption @paranoiapusher Sune Gabelgård Head of Digital Fraud, Intelligence](https://reader033.vdocuments.net/reader033/viewer/2022041803/5e52dc8e731cf547fb21fb69/html5/thumbnails/8.jpg)
![Page 9: Digital skimming...Dansk Politi 1998-2014 Danske Bank 2014-2019 Nets A/S 2019-MSc Counter Fraud & Counter Corruption @paranoiapusher Sune Gabelgård Head of Digital Fraud, Intelligence](https://reader033.vdocuments.net/reader033/viewer/2022041803/5e52dc8e731cf547fb21fb69/html5/thumbnails/9.jpg)
Magecart – Digital or Online skimmingIkke bare én gruppe, men flere, som udnytter Fraud as a Service (Faas)
Inficerede/ kompromitterede
netbutikker/ serviceleverandører
Kompromitteretkortdata
Hælereaftager de indkøbte
varer
MageCartgrupper
Online undergrundsmarked
Tumbler
Re-shippingog falske netbutikker
Kriminelle personer eller grupper
![Page 10: Digital skimming...Dansk Politi 1998-2014 Danske Bank 2014-2019 Nets A/S 2019-MSc Counter Fraud & Counter Corruption @paranoiapusher Sune Gabelgård Head of Digital Fraud, Intelligence](https://reader033.vdocuments.net/reader033/viewer/2022041803/5e52dc8e731cf547fb21fb69/html5/thumbnails/10.jpg)
Digitalt bandeskyderi
https://blog.malwarebytes.com/threat-analysis/2018/11/web-skimmers-compete-umbro-brasil-hack/
![Page 11: Digital skimming...Dansk Politi 1998-2014 Danske Bank 2014-2019 Nets A/S 2019-MSc Counter Fraud & Counter Corruption @paranoiapusher Sune Gabelgård Head of Digital Fraud, Intelligence](https://reader033.vdocuments.net/reader033/viewer/2022041803/5e52dc8e731cf547fb21fb69/html5/thumbnails/11.jpg)
Et række gode råd
Start med at gå hjem og lave en øvelse ─ den vil formentlig skabe forvirring på et højere plan
Stop med at have Java Scripts i betalingsbilledet ─ ahh OK, næste
Stop med at have Java Scripts fra ”tilfældige” service leverandører ─ har du mødt dem fysisk?
Brug HTTP headers Content Security Policy (CSP), som kan begrænse, hvilke Java Scripts, der kører
Sub Ressource Integrity (SRI) som giver mulighed for at lave en hashed værdi eller checksum for dine Java scripts, så du til enhver tid kan kontrollere, om der er ændret i dine Java Scripts
Digital hygiejne – selvom du ikke opbevarer og håndterer kortdata eller anden sensitiv data, så øg sikkerheden
Sørg for at bruge to-faktor autentificering på jeres Content Management Systems (CMS) og Tag Management-systemer. Det gælder også marketingsafdelingens adgang.
Brug obfuskerede Java Scripts
Der findes virusscannere specialiseret i at detektere denne trussel
![Page 12: Digital skimming...Dansk Politi 1998-2014 Danske Bank 2014-2019 Nets A/S 2019-MSc Counter Fraud & Counter Corruption @paranoiapusher Sune Gabelgård Head of Digital Fraud, Intelligence](https://reader033.vdocuments.net/reader033/viewer/2022041803/5e52dc8e731cf547fb21fb69/html5/thumbnails/12.jpg)
12
Spørgsmål?
![Page 13: Digital skimming...Dansk Politi 1998-2014 Danske Bank 2014-2019 Nets A/S 2019-MSc Counter Fraud & Counter Corruption @paranoiapusher Sune Gabelgård Head of Digital Fraud, Intelligence](https://reader033.vdocuments.net/reader033/viewer/2022041803/5e52dc8e731cf547fb21fb69/html5/thumbnails/13.jpg)
Tak for jeres tid
@paranoiapusher
Sune Gabelgård