Penetration Testing mailing list archives

RE: Online Fraud Protection

From: "Craig Wright" <cwright () bdosyd com au>
Date: Tue, 27 Jun 2006 11:49:39 +1000


Hello,
Online fraud detection and prevention is not the same as information
systems security. Different technologies, different processes and they
have some small overlap in controls - but this is all.

The use of CAATs to analyse data is far more important in this than any
standard IS security measures.

Next this is far form a "pen-test list" question. There are completely
different and unrelated skills involved with breaking into systems and
to designing a data analysis technique.

Fraud prevention systems require that an analysis of the data and
transaction is completed. This involves statistical analysis of the
data. Data mining techniques are commonly employed and the use of
Bayesian probability networks is common.

None of the above is included in anything a pen-tester does.

Regards,
Craig

-----Original Message-----
From: Umut Inetas [mailto:inetasumut () yahoo com]
Sent: Friday, 23 June 2006 4:06 PM
To: pen-test () securityfocus com
Subject: Online Fraud Protection

    Hi All;
I've been reading e-mails on this site for a couple of years and it
helped me so much,thanks all the people who keep this lists alive.
Now i'm working for a banking comp. and we are planning deployment of
anti-phising and anti-fraud services for our company.
As the specified needs are: 
Scanning and reporting dns domain names, e-mail content, brands in web
sites, company names and ssl certificates which are fraud or not.
  Taking precautions for  fraud and phising sites  We are going to
advance MS new operating system (Vista) and IE7 in a near future and we
have Microsoft as partner; we will need reporting to Microsoft for
Microsoft's anti-phishing add-on filter or IE7's integrated
anti-phishing filter to prevent people accessing detected fraud sites
automatically.
There are some vendors which proposed us some solutions but we haven't
decided yet.
As you are IT security pro. what is your advice about this case? Have
you ever tested,pen-tested or experienced this kind of anti-fraud
services?
Thanks in advance...


------------------------------------------------------------------------
------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the
Analyst's
Choice Award from eWeek. As attacks through web applications continue to
rise,
you need to proactively protect your applications from hackers. Cenzic
has the
most comprehensive solutions to meet your application security
penetration
testing and vulnerability management needs. You have an option to go
with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service
can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm
your
results from other product. Contact us at request () cenzic com for
details.
------------------------------------------------------------------------
------


Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within 
those States and Territories of Australia where such legislation exists.

DISCLAIMER
The information contained in this email and any attachments is confidential. If you are not the intended recipient, you 
must not use or disclose the information. If you have received this email in error, please inform us promptly by reply 
email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. 

Any views expressed in this message are those of the individual sender. You may not rely on this message as advice 
unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by 
a Partner of BDO.

BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, 
interception, corruption or unauthorised access.

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------

Current thread:

Re: RE: Online Fraud Protection, (continued)
- Re: RE: Online Fraud Protection josh . perrymon (Jun 26)
  - books sifo (Jun 26)
    - Re: books Vinod Gadgoli (Jun 27)
    - Re: books Francisco Pecorella (Jun 27)
    - RE: books Warbeck, Mark (Jun 27)
    - RE: books david (Jun 27)
    - Message not available
    - Re: books US Infosec (Jun 27)
    - Re: books sifo (Jun 28)
    - Re: books[Scanned] Davie Elliott - Eluse (Jun 27)
- re:online fraud protection scott (Jun 26)
- RE: Online Fraud Protection Craig Wright (Jun 26)