Lending organizations have begun to return money to victims of cybercriminals
It is almost a year before the law that protects Russians from transferring funds to scammers comes into force. From July 2024, all banks will have to reimburse citizens for stolen funds within 30 days if the money was transferred without their consent. Before the entry into force of the relevant law, some credit organizations began to guarantee protection against telephone scammers and a refund if it did not work.
Photo: freepik-en.freepik.com
Tinkoff announced the launch of a new service that will block conversations with phone scammers and reimburse losses. MK figured out what the law provides citizens with, as well as what protective measures some banks offer customers now.
The legislative initiative belongs to Anatoly Aksakov, Chairman of the State Duma Committee on the Financial Market. The project was accepted in all readings in July, but implementation will have to wait. A number of credit organizations insure clients against fraudsters, but insurances usually do not cover social engineering.
According to the law, transfers made by a person to accounts in the database of the Central Bank of the Russian Federation “On cases and attempts to transfer funds without the consent of the client”, banks are required to block for up to 2 days. If the bank did not block the fraudulent transaction and the client complained about it, the bank is obliged to return the money. Sending banks are now checking the database, and after the law comes into force, the receiving bank will also be checked.
“During this time, banks will ensure that the necessary changes are made to their automated systems, as well as business processes. The complex action of the mechanisms provided for by law will contribute to the improvement of the anti-fraud systems of banks. Credit institutions are required to check funds transfer transactions for signs of transactions without the voluntary consent of the client and, if there are grounds, to take response measures,” Aksakov explained to MK.
But transfers — one of the threats of loss of telephone social engineering funds. For example, if a client disclosed personal data: handed over a bank card or access to a personal account to fraudsters, withdrew money and put it through an ATM in a cell, the bank is not obliged to compensate for the losses.
The head of the Central Bank announced the obligation of banks to reimburse customers at the beginning of the year. “Our banks are so advanced, with models, anti-fraud protection systems, they must do this. A person is more defenseless against scammers than a financial institution,” said Elvira Nabiullina.
According to Alexandra Pozharskaya, an expert of the Popular Front project “For Borrowers’ Rights” and the Moshelovka platform, calls from attackers at least once received 90 –95% of citizens.
“Our experience of working with citizens' appeals shows that many victims do not even admit to themselves that they have succumbed to tricks, and even more so they do not turn to the bank, law enforcement officers or control and supervisory authorities for a solution to the problem. Therefore, the legislative consolidation of the mechanism for compensating banks for funds stolen by fraudsters is an important element of the anti-fraud system. Attackers now use pressure and haste, and victims often become aware of what is happening within a couple of hours after the incident. However, in our opinion, this will not be a panacea. In order for the account to get into the database of the Central Bank and become considered a dropper account, some time must pass. So that this database does not get into the slander of the dissatisfied, thorough checks will be carried out on a large number of parameters,” Pozharskaya says.
Many banks insure accounts, but in practice, return the money sent to scammers almost impossible. These insurances do not cover the main threat — self-transfers and transfer of access codes under the influence of criminals, as well as depositing funds into third-party accounts.
Tinkoff announced the launch of a service that, according to the bank, uses technology to protect customers from losses in the most common telephone fraud scenarios at the moment — calls from the prosecutor's office, police, and security services of banks. If the service does not warn the client about the threat, the bank will return the funds to him.
“According to the bill that we are promoting, all transfers must be returned to the citizen, even if he himself transferred the money under the influence of social engineering. One point that is not spelled out there concerns those cases when the attackers are not in the Central Bank database. The regulator has a huge database, it has hundreds of thousands of numbers. If Tinkoff technologies allow you to identify intruders outside the corresponding database, I only welcome. It is quite possible that their know-how allows them to automatically detect that there is an intruder on the other end,” Aksakov emphasized.
The service is based on a combination of bank and telecom operator technologies, which guarantees more complete protection against telephone fraudsters. The bank clarified that protection is provided by three echelons:
— protection against suspicious calls, including during a conversation;
— caller ID;
— protection of transfers above a certain amount and blocking suspicious transactions.
< p>According to the bank, the protection will cover not only cases of transferring money to scammers, but also in other situations when a person gave the attacker a code from SMS or a card number, or withdrew cash through an ATM under the influence of social engineering during a phone call. Currently, this does not include fraud by calling in instant messengers.
“Scammers use all available technologies to deceive people, create large-scale call centers, special interfaces like cloud databases, in which you can instantly create a fake ID of government agencies or institutions, get information about the latest relevant divorce scenarios and access to personal data of Russians. People of any age and level of education become victims, so it was so important to exclude the human factor, not to give scammers the opportunity to ingratiate themselves — to interrupt the conversation and prevent losses.
To combat such a prepared adversary, we use the synergy of all ecosystem solutions to create an impenetrable technological armor that will protect customers at all stages of a fraudulent scheme, from the first phone call to the transfer of money,” said Alexei Baklanov, Vice President and Head of the Tinkoff Ecosystem Security Center.