Table Of Content

Cybersecurity in E-commerce Ecosystem: Practice from Alibaba Yuejin Du. Ph.D VP and Chief Security Expert of Alibaba Security 2017.04.24@Geneva Key Challenges for E-commerce Today 1. Tech. side: loopholes never can be fixed 2. Human side: weakest link always there 3. Opponent: highly organized and technologized, and globalized Vulnerability: a war never ends 2016: CVE:6435 ( 2017S1: 3442) CNVD: 10822 Increased 34% compare with 2015% The Truth is : nobody knows the truth • Common Vulnerability; Product Vulnerability; Vulnerability in your own Apps. …… • How and when do you know yours? Esp. for SMEs? • And, can you fix it or avoid it Humans are always the weakest link • Moles in sellers/merchants • The ‘underground black economy’ send groups of their people to get jobs from sellers • Bribe employees • Moles in logistics provider • Photos taken of shipping slips • Voluntary leaker of info ¥100 billion • There is a market for buying and selling of merchant info Our Opponents: big, organized, advanced, globalized • Platforms of exploiting vulnerabilities • Platforms of ‘account collision’ and commercial tools • synthesizing info from multiple sources • organizing the entire criminal chain: obtain info; sell info; supply chain of SIM cards for defrauding victims; 1~2 million phishing website construction; money laundry; etc. Our countermeasure 1. Technology 2. Ecosystem building 3. Co-work with LEA Some Technologies and Products 1. Trusted authentication and account safety 2. “City Moat”: the guardian of merchant 3. “Money Shield”: anti-fraud platform 4. ASRC and Threat Intelligence 5. DSMM: Data Security Maturity Model Multi-factor real-people-authentication Feed Keep start measures Photo ID back valid USER 证件照 成功 Photo ID Deferent method biological Auto check Keep it valid according to risk feature verification level Authen ①OCR risk judgement ①alive tication ① photocopy? ① face ②Verification ①risk ID ②Voice feature ② PS? authentication with public sector ②risk Phone ③movement ② face retrieval service ③Risk device or ③Face compare environment ‘money shield’ anti-fraud public welfare platform Money Anti-fraud Police Anti-fraud open Shield working platform APP Platform • Recognize fraud number • Security SDK and call • DLP • Recognize fraud SMS and • Vulnerability scan phishinglinks • OCR and content filtering • Anti-virus and Trojans • TI • Risk environment alert • Real user authentication

Description:
The Truth is : nobody knows the truth. • Common Vulnerability;. Product Vulnerability;. Vulnerability in your own. Apps. …… • How and when do you.
ebook img

Cybersecurity in E-commerce Ecosystem: Practice from Alibaba PDF

14 Pages·2017·4.05 MB·English
by  Yuejin Du
Save to my drive
Quick download
Download
Upgrade Premium
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Cybersecurity in E-commerce Ecosystem: Practice from Alibaba

Cybersecurity in E-commerce Ecosystem: Practice from Alibaba Yuejin Du. Ph.D VP and Chief Security Expert of Alibaba Security 2017.04.24@Geneva Key Challenges for E-commerce Today 1. Tech. side: loopholes never can be fixed 2. Human side: weakest link always there 3. Opponent: highly organized and technologized, and globalized Vulnerability: a war never ends 2016: CVE:6435 ( 2017S1: 3442) CNVD: 10822 Increased 34% compare with 2015% The Truth is : nobody knows the truth • Common Vulnerability; Product Vulnerability; Vulnerability in your own Apps. …… • How and when do you know yours? Esp. for SMEs? • And, can you fix it or avoid it Humans are always the weakest link • Moles in sellers/merchants • The ‘underground black economy’ send groups of their people to get jobs from sellers • Bribe employees • Moles in logistics provider • Photos taken of shipping slips • Voluntary leaker of info ¥100 billion • There is a market for buying and selling of merchant info Our Opponents: big, organized, advanced, globalized • Platforms of exploiting vulnerabilities • Platforms of ‘account collision’ and commercial tools • synthesizing info from multiple sources • organizing the entire criminal chain: obtain info; sell info; supply chain of SIM cards for defrauding victims; 1~2 million phishing website construction; money laundry; etc. Our countermeasure 1. Technology 2. Ecosystem building 3. Co-work with LEA Some Technologies and Products 1. Trusted authentication and account safety 2. “City Moat”: the guardian of merchant 3. “Money Shield”: anti-fraud platform 4. ASRC and Threat Intelligence 5. DSMM: Data Security Maturity Model Multi-factor real-people-authentication Feed Keep start measures Photo ID back valid USER 证件照 成功 Photo ID Deferent method biological Auto check Keep it valid according to risk feature verification level Authen ①OCR risk judgement ①alive tication ① photocopy? ① face ②Verification ①risk ID ②Voice feature ② PS? authentication with public sector ②risk Phone ③movement ② face retrieval service ③Risk device or ③Face compare environment ‘money shield’ anti-fraud public welfare platform Money Anti-fraud Police Anti-fraud open Shield working platform APP Platform • Recognize fraud number • Security SDK and call • DLP • Recognize fraud SMS and • Vulnerability scan phishinglinks • OCR and content filtering • Anti-virus and Trojans • TI • Risk environment alert • Real user authentication

Description:
The Truth is : nobody knows the truth. • Common Vulnerability;. Product Vulnerability;. Vulnerability in your own. Apps. …… • How and when do you.
See more

The list of books you might like

Upgrade Premium
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.
DMCA & Copyright: Dear all, most of the website is community built, users are uploading hundred of books everyday, which makes really hard for us to identify copyrighted material, please contact us if you want any material removed.
Copyright @ PDFdrive.to, 2022 | We love our users