The proposal to build a unified all-Russian anti-fraud system was voiced by representatives of Sberbank and VTB as part of the Ural Forum “Cybersecurity in Finance”, which was held in Yekaterinburg from February 14 to February 17, 2023.
Such a single resource for all, as experts comment, could become a really effective measure to combat social engineering. Tracking information about suspicious transactions would be carried out automatically even at the stage of a telephone conversation between the alleged victim and the fraudster. And the system could not only effectively and preventively oppose such operations, but also immediately transmit information about them to all participating banks, media quote comments from Deputy Chairman of the Board of Sberbank of the Russian Federation Stanislav Kuznetsov. Today, the maximum that banks can do is just to warn their colleagues, the speaker continued.
The problem of combating fraudsters, especially those using social engineering methods, is more relevant today than ever. Thus, according to the Bank of Russia, in 2022 the volume of transactions carried out without the consent of customers (read – fraudulent transactions) increased by 4% compared to 2021, and showed a new record of 14.2 billion rubles. More than 70% of such transactions were transactions carried out by “social engineers”.
How the new unifying anti-fraud model proposed by banks will be built and how it should work can only be guessed at. For example, according to Vadim Kulik, Deputy Chairman of the Board of VTB, this could be a system whose accuracy and speed of operation would be improved by Machine Learning models based on the analysis of data that will come to it from participating banks online.
An effective measure, according to security market experts, could be the combination of anti-fraud systems and databases of fraudsters that domestic banks have. Today, any bank must apply one or another algorithm to counter fraudulent transactions. At the same time, Sberbank of the Russian Federation has the largest database of fraudsters and their transactions. For example, on the official website of the bank there is a section “Report Fraud”. Customers who have received a call from scammers or suffered from their actions are invited to fill out a special form on the page, indicating all the known data of the scammers – phone number, link to the site, date of the event and a brief description of it, as well as their contact for communication and additional questions.
However, it will be very difficult from a technical point of view and too costly for many of them to implement a project that would cover all participants in the payment market without exception, so that it would include any sending bank and any receiving bank, experts comment in the media. For example, according to Fedor Muzalevsky, director of the RTM Group technical department, the creation of the system will cost millions of rubles. But, he clarifies, within the framework of the forum, it was discussed that at first the system would be “tested” by large banks, and then it would be transferred to small market participants, and by the forces of large players. The expert has no doubts that joining the unified anti-fraud system will be mandatory.
True, everything can come down to this, one of the experts believes, that Sberbank of the Russian Federation, as the owner of the most extensive database, will simply invite everyone to join its anti-fraud system.
A nationwide anti-fraud system can be created within the framework of FinCERT, a structural subdivision of the mega-regulator, a center for monitoring and responding to computer attacks in the financial sector, suggests Elvira Nabiullina, Chairman of the Central Bank of the Russian Federation.
As it appears on the official website of the mega-regulator, today, on the basis of FinCERT, a system of information exchange between financial market participants has been created, in which more than 1 thousand organizations, including all Russian banks, take part. As indicated in the document titled “Overview of transactions made without the consent of clients of financial institutions for 2020”, posted on the website of the Central Bank of the Russian Federation , FinCERT has accumulated more than 43 thousand unique signs of transactions carried out without the consent of clients.
At the same time, if FinCERT, receiving data on hacker attacks from banks, gives market participants recommendations on probable threats and on ways to repel cyber attacks based on the analysis of the information received, then within the framework of the new anti-fraud system, information on suspicious transactions will be exchanged directly by the banks are operational.
The number of cyber attacks on the Russian financial system will continue to grow, Elvira Nabiullina said during her speech at the Ural Forum. And it is banks that should be held accountable to customers who have become victims of intruders. Even if, after all the warnings, the client still transferred money to the scammers. A person is more vulnerable to fraudsters than financial organizations, many of which today have advanced anti-fraud models and protection systems, the speaker believes. At some moments in life, a person can be especially psychologically vulnerable, and his knowledge cannot always help him. The head of the mega-regulator reminded the audience that not only ordinary bank customers, but also managers of large financial organizations fall for the tricks of intruders and “social engineers”. At the same time, the amounts which banks return to victims of the actions of fraudsters are negligible. So, if in 2021 banks were able to return to deceived customers only 7.4% of the total amount of damage from the actions of malefactors, then in 2022 this figure almost halved in percentage terms, to 4%.
Responsibility in the issue of damages, assigned to banks, will be an incentive to more actively fight against fraud, she said. Otherwise, a turning point in solving this problem will not be achieved.