Russian banks in 2019 the total paid to clients of RUB 935 million, deducted from their accounts without consent. This amount compensates for approximately 15% of the funds lost by customers as a result of unauthorised transactions, according to the annual report of Tinzert (Center for monitoring and responding to computer attacks in the financial sector the Bank of Russia). His data are cited by RBC.
Previously, the regulator has never revealed the percentage of damages and the sum only once, at the end of the third quarter of 2018, when banks returned to the affected 230 million rubles last year, banks spent 576,5 thousand transactions that were later deemed unauthorized. We are talking about the transfer of physical and legal persons committed without their consent using payment cards and other electronic means of payment, including electronic purses. The total amount of these operations amounted to 6.42 billion.
According to the report of Incerta, the overwhelming proportion (99,2%) unauthorised transactions conducted on accounts of physical persons. The average amount of one transaction amounted to 10 thousand roubles Often such translations are performed through ATMs and POS terminals, remote banking services (online studies or mobile application), as well as through payment for goods and services on the Internet (so-called CNP transactions).
The low level of reimbursement of the stolen funds by banks is that in most cases, customers trust the fraudsters themselves and give them sensitive information, thereby violating the requirements of the contract with the Bank. And if the client is compromised the data card or remote banking service, the Bank may not return the money to him. The report argues that the Central Bank is considering changing the order of payment of compensation to victims, but no details are provided.
Last year 69% of all theft of means of citizens were carried out using social engineering techniques, or psychological methods of defrauding personal data. Due to new forms of reporting banks, this figure was lower than in 2018 when it amounted to 97%. Reducing the influence of sochinenii can also be attributed to the growth of cyberprotest of the population. Central Bank recommends to banks to better inform citizens about the lack of responsibility in cases when the customer himself is to blame for transferring data of your card.
Most often scammers use methods of sochinenii to debiting via mobile application or Internet-Bank – its share is 88.9 percent. This is because in systems of remote banking services available in larger amounts than in other channels. Specialists recorded 160,8 thousand similar thefts for a total amount of 2.27 billion rubles of this money the banks have returned to the customers only 162,3 million rubles, that is, every 14th ruble.
With the help of sochinenii scammers have spent two-thirds of unauthorized transactions for payment of goods and services on the Internet. On this channel had the most transfer without consent of the clients 371,1 thousand transactions with a volume of 2.97 billion rubles. However, the level of compensation was higher: 653,2 million rubles, or every fifth ruble is stolen.
The smallest proportion of sochinenii – 22,4% was recorded when using a payment card without the consent of the client. In total, 2019 discovered 40 thousand such cases. The total amount of damages for the theft of ATMs and terminals has exceeded 525 million rubles, the Banks have returned to the victims only 10% of the stolen funds (54,4 million rbl.). In relations with legal entities fraudsters prefer to be employees confusing for access to the remote banking services system with the use of viruses.
In 2019, banks reported by the Central Bank of 877 cases when their employees have unauthorized access to information on customer accounts and transferred funds without authorization. The damage from such theft amounted to 24.5 million RUB, the company Informed Fincert have not reported such incidents, the reports were only a few cases when the cashiers are transferred funds employers to third party accounts. In 14 cases, Bank employees have access to the software of ATMs and electronic terminals and managed to steal 13.5 million rubles.
The number of computer attacks on banks in 2019 fell 15 times: organizations reported 58 incidents with loss of 23.2 million RUB for Another 15 attacks, the hackers made at ATMs, in the amount of stealing 33.1 million RUB Total damage from unauthorized access by outsiders (including their own employees) to the information system of banks totaled 103.8 mln.
Contribute to fraud and data breaches: since February 11, the network got the data of the clients of the credit broker “alpha Credit”, which collects applications for loans and helps you choose and get a Bank loan. They were held in the database management system MongoDB, open source, used by some companies for internal purposes. It contained more than 44 million records, including name of the client, the amount and type of the loan requested, phone number, email address, city, and region of residence. Several people from the database confirmed that it had applied for a loan through the “alpha Credit”. A source close to the broker confirmed the leak in the company, customer data was freely available within four days.
According to experts, databases, MongoDB get in the open access due to the negligence of system administrators, as well as maintenance and tuning of their technical staff. By default, MongoDB does not require a login and password to gain access to it, and on sale until this base was not present, however, time spent in open access were sufficient to detect and download these database.
6 February it became known that in the sale on a dedicated Internet site was released more than 1.2 million customers of microfinance organizations. “Probe” database containing about 800 entries include surnames, names, patronymic, phone numbers, email addresses, dates of birth and passport data of Russian citizens.
The seller did not disclose the name of the MFIs whose data he had, but most customers reported that they had applied for a loan from the company Bystrodengi. Also the “probe” data of clients of microfinance companies “Timer” “ekapusta”, “lime” and “Microlab”. They are in contact with MFIs in the period from 2017 to late 2019. Part of the base contains up to date numbers, not served or under new ownership. Some participants database confirmed that their data are correct, but claimed that he never applied for a loan.
It was reported that the source of the leak may be a database of partner companies that collect online applications for loans and sell them to the MFI, a composite database of clients several is already not functioning MFI or the MFI one, which is assembled in pieces from different sources. According to experts, these data can be used as other IFIs to attract customers and scammers to create a scheme of deception under the pretext of obtaining the “best” loans. Not to become their victims, Bank customers after the call are advised to hang up and call back to the Bank at the official number.