If earlier, when talking about the Bank robbery, it was about opening safes, now the danger is primarily hackers. How to avoid becoming a victim of hackers and what measures are taken by Central Bank to protect public funds, we were told by the Deputy head of the Main Directorate of security and information protection, Bank of Russia Artem Sychev.
photo: Gennady Cherkasov
According to the Bank of Russia, last year the number of thefts from cards declined. In 2016, the trend continued?
– Now there is a lull, the number of attempts at the expense of citizens declined slightly. This is due to several factors. First, seasonal: in summer and in early autumn, the scammers are less active.
Second, before criminals have used this type of fraud like skimming. This type of fraud, in which the ATM or terminals is established a special technical device which reads information about the Bank card, which further allows the criminals to remove it.
In addition, the introduction in the criminal code a separate article, which establishes criminal penalties for skimming, has led to the fact that wanting to “enjoy” such an easy way was significantly less. In addition, at the beginning of the year, law-enforcement agencies have detained a number of criminals that resulted in a decrease in the activity of criminals.
— What is now the scammers switch?
— The activity of cyber criminals is now largely focused on correspondent accounts of banks (the account to which the operations are carried out between credit institutions. — “MK”). For the last quarter of 2015 and the first quarter of 2016 Bank losses exceeded 2 billion rubles. Another 1.5 billion to law enforcement agencies with the assistance of the Bank of Russia managed to save, the cyber attacks have been stopped. In order to hack the information system of the Bank, the hackers to run malicious software. With his help they find out information about all the operations, conducted by the credit institution. In particular, get the keys, which are generated fake documents to write off funds from correspondent accounts. After funds are cashed.
— Why hackers changed their priorities?
— In order to obtain good Kush, fraudsters need to make significant efforts, and their goal is to spend less and earn more. The amount of money they can “earn” the attack on the Bank, more than if they robbed a natural or legal person. The cost of attack will be lower. For example, malicious software is worth up to 50 thousand dollars for the program. However, this is not a reason to relax the citizens because the crooks are periodically coming up with something new and usually aktiviziruyutsya closer to the end of the year.
— Why the end of the year?
— The fact that the basis of attacks on accounts of credit institutions or accounts is the desire of the criminal community for personal enrichment. Naturally, this enrichment also has seasonality: the scammers also want gifts for the New year… Except, this time the number of jobs always increases, and as employees of banks and their customers weakens. In other words, it is the Golden age for attackers.
— Who are the members of criminal gangs?
— Develop malware, as a rule, natives of Russia, Ukraine, China, and India. The geography of cybercrime — cross-border. The structure of the criminal group may be citizens of different States, in different countries. Often it is the citizens of the former republics of the USSR, who now live abroad. This actually complicates the work of law enforcement agencies in the prompt detention of criminals.
— What methods of plunder of means from the population distributed to the attackers?
— Classic fraud scheme, when a person comes to a text message, which reads: “Your card has been blocked! The security service of the Bank of Russia”. Immediately given the phone number by which I propose to call. We must understand that the Bank of Russia is not a Bank in the classic sense of the word: he shall supervise and regulate the financial market and does not work directly with individuals, not send this kind of SMS. In the case of such a message cannot call the number provided in it: such a text is aimed below people called him. Further, the offender begins to use verbal scheme of human exposure to force him to go to the ATM and make a transaction. Keep in mind that if the victim is conducting the transaction yourself, then Bank the money she will not return! In this situation, there is only one option — to write a statement to the police, who, maybe, will find the attackers.
Typically, such SMS-mailing are massive and are committed by persons who are in places of deprivation of liberty. Formally, they make claims extremely difficult. And the victims of these criminals are vulnerable segments of the population: pensioners, people with low incomes… it is Important that adult children explained their elderly parents not to go on about the Scam. If you have any questions regarding the status of your account or card, please call phone number of your Bank, which is listed on the back of your card and ask them.
— And what is now new schemes of fraud exist?
Now common situation where attackers seek to gain access to victims ‘ devices — computer, mobile phone, tablet, smart TV, etc. — and take possession of his office. This is distributed malicious software to the email addresses of citizens or links to malicious resources. Criminals are using social networks for distribution of malicious software and links.
— In this situation people protect their money?
– With tablets, smartphones and other devices need to adhere to the “rules of electronic hygiene”. That is, no need to download games and apps from unknown manufacturers with unknown resources.
Do not blindly follow ad-links. Breaking these rules, you may download malicious software, and as a result lose money. It is necessary to observe elementary rules of security: to download software only from original manufacturers, to install antivirus, do not go to sites with questionable content…
— As the Bank of Russia intends to continue to resist the fraud?
– In order to build a system for combating fraudulent transactions, proposed amendments to several laws. In particular, planned legislation to approve regulations that will allow banks to suspend transaction in the case, if there is a suspicion that they are carried out without the knowledge of the owner of the money.
In addition, we plan to significantly toughen the punishment for cyber crimes is to increase the maximum term of imprisonment. Now these edits have passed the stage of public discussions, was approved in Federal departments, in this autumn session will be submitted for consideration to the State Duma.
In addition, in the structure of the Bank of Russia more than a year working with the Center monitoring and responding to computer attacks in the financial sphere — FinCERT. The unit collects and analyzes data about cyber attacks on Russian banks, forms for banks papers with recommendations on how to avoid attacks.
Already, more than 300 banks and other financial institutions to share information about cyber attacks with the unit. Credit agencies understand that it is very important to know who the money is removed. Having the possibility of rapid exchange, the banks can suspend payments that are illegitimate.
— Legislative innovations will affect owners of Bank cards?
The meaning of these innovations is that save money on Bank cards people. Of course, that under certain circumstances could lead to a delay in the completion of the payment. But on one bowl of scales — the safety of funds of a citizen, the other is the transit time of the payment. First, in my opinion, far more important, and I think most citizens will agree with me.
The return of the money that was withdrawn from the account can be a problem for both the Bank and the client. And, oddly enough, often blame the client, does not comply with basic safety rules. As practice shows, citizens independently transmit their cards to fraudsters — again by calling the telephone number listed in the SMS message. Another common mistake our countrymen is to store the card information (PIN) together with a map…
— What criteria the banks will classify a particular operation to unauthorized?
First, let’s get a definition of an unauthorized transaction. This operation, which was accomplished not only without the consent of the holder, but without his participation. The bill provides for a two-tier scheme of recognition of a transaction as unauthorized. The basic rules formulated by the Bank of Russia. But during development it is, of course, relies on the experience of credit institutions.
The second level is formed every Bank and every transfer operator means independently, based on the classical behavior of his client. For example, if the card holder for a long time makes the payments in favor of a particular person, but suddenly, once abroad, begins to transfer money to the account of a legal entity in a completely different region of Russia — this situation should alert the Bank and he should obtain the confirmation of operation.
— How the credit institution will confirm the operation?
It is up to each individual Bank. A lot of options: phone call, text message, e-mail and so on.
— Will the banks for this service to charge their customers an additional fee?
— No, extra money for that banks should not take. However, even if in the end you for this convenience will pay 10 rubles, then compare with the money that you save. Relate the level of risk that you can lose. Simply put, our countrymen must understand that not only banks have to be responsible for the safety of money, but also their owners.