The Central Bank (Central Bank) of Russia proposed introducing a mandatory amount of money that banks must return to customers who have become victims of fraudsters. Writes about it RBK with reference to the materials of the regulator.
According to the newspaper, changes are planned to be made to 161-FZ “On the national payment system”. The relevant materials were sent to the participants of the banking market on behalf of the Director of the Information Security Department of the Central Bank Vadim Uvarov.
Their authenticity was confirmed by three sources of the publication in the financial market, and the receipt of the materials was confirmed by representatives of Rosbank and Alfa-Bank. In addition, on December 2, Uvarov himself spoke about the development of the amendments at the AntiFraud Russia international forum to combat high-tech fraud.
According to the regulator, in the third quarter of 2021, fraudsters stole 3.2 billion rubles from the accounts of bank clients by unauthorized money transfers, while banks returned only 7.7 percent of the stolen funds to clients, that is, less than 250 million rubles.
Now the most widespread fraud is when citizens voluntarily transfer payment card numbers, codes or passwords to cybercriminals, which they use to steal funds using social engineering methods. The regulator notes that this “is one of the acute problems that negatively affect the level of public confidence in remote payment services and, as a result, to the credit and financial system as a whole.”
First of all, the Central Bank wants to introduce a simplified procedure for returning funds to Russians who have suffered from fraudsters in an amount that will be determined by the regulator itself. To do this, the client must inform the bank about the incident no later than the next day after receiving a notification from the bank about the operation. This amount will be calculated “based on the targeted return of funds to citizens on average 80-90 percent of all cases of social engineering.”
Moreover, if the bank has a low level of anti-fraud (a mechanism to prevent theft), then it will have to return the entire stolen amount of money to the client, even if it turns out to be higher than this amount. The low level will include cases when banks cannot identify transactions made without the client’s consent.
At the same time, it is not clear how the behavior of the bank’s client will affect the refund procedure when, under the influence of fraudsters, he himself transfers funds to them. Now, by law, banks must return funds only in cases where they were not stolen through the fault of the client.
In addition, the Central Bank proposes to give banks the right to write off money on transactions after one or two working days, even despite the client’s consent, and the obligation to check transactions for signs of fraud should be assigned not only to the bank of the client transferring money, but also to the bank where they are serviced. recipient.
The Central Bank also intends to give banks the right to block for five working days all expenditure transactions on the account of the recipient of funds, information about which is contained in the database (maintained by the regulator itself) about cases and attempts to transfer funds without the consent of the client. This period is necessary for victims and law enforcement agencies to go to court in order to obtain permission to seize funds and receive a court decision on the return of money. Banks will be able to block operations only on the basis of information about the initiation of criminal cases.
As a representative of the Central Bank said, the regulator held the first round of consultations with market participants and received a large number of proposals and clarifying questions. Now, based on the results of the discussion, a new version of the bill is being prepared, which will have to go through another round of discussions. Therefore, it is too early to talk about concrete measures and solutions. The Central Bank intends to take into account the opinion of market participants as much as possible.
Experts interviewed by the publication indicate that the initiative can be useful only in terms of establishing the amount of the refund. At the same time, some unscrupulous clients may get the opportunity to challenge previous transactions and demand compensation.
Also, the interlocutors of the publication draw attention to the fact that banks are not obliged to reimburse the funds if the gullible client believed the scammers and followed their instructions, and the attackers quickly withdraw the stolen funds from the accounts before the victim takes any measures to return them.
Recently it became known that the number of automatic attacks on bank clients has increased in Russia, financial institutions are reporting a surge in robotic calls, their share reaching 90 percent. This type of fraud is less costly for cybercriminals and can be used to mislead victims as more and more voice assistants are used in the banking industry.
Such auto-dialing appeared about six months ago. To organize robotic attacks, the required sequence of phrases is recorded, followed by an appeal to the victims. It is assumed that a person communicates directly with the robot and receives instructions from him, for example, to enter a code from an SMS message.
Alexey Sizov, head of the anti-fraud department of Jet Infosystems, said that fraudsters, planning to steal funds, are guided by many factors, of which two main points can be distinguished. The first one is the background information about the potential victim. It is also important for cybercriminals to choose the right time to communicate with a potential victim – most often they launch attacks on bank customers on Fridays and weekends.
If the call from the bank seems dubious, Sizov advises to end the conversation immediately – immediately after the request to provide any personal information. In addition, after the attack is thwarted, you need to call the bank at the number indicated on the back of the card and find out if everything is in order with the account.
#Russia #offered #return #obligatory #amount #case #theft #accounts