- Статьи
- Economy
- Operational interception: Russian banks have improved the quality of their fight against fraud
Operational interception: Russian banks have improved the quality of their fight against fraud
Russian banks in the second quarter of 2025 reflected 38.7 million attempts to commit fraudulent transactions, the press service of the Central Bank reported. This is 1.5 times more than the average for the previous four quarters. Izvestia investigated exactly how such indicators were achieved and what should be remembered in order not to become a victim of criminals.
Common tricks
Fraudsters are constantly improving their methods of circumventing anti-fraud systems using social engineering, number substitution, digital identity forgery, and phishing, Ekaterina Danilova, business development manager at Kaspersky Fraud Prevention, Kaspersky Lab, told Izvestia. Schemes using "trusted" devices are often used to mask illegitimate activity.
— Attackers can influence the telemetry sent from the user's device to the anti—fraud analytical platform by blocking, replacing, and deleting it. Attackers can also use data leaks to bypass behavioral analytics," the expert said.
However, according to her, experts in the field of information security are not lagging behind: they are constantly studying new schemes and methods and developing security tools. For example, modern anti-fraud systems have introduced relevant functionality related to the recognition of fraudulent phone calls.
Dmitry Ermakov, head of the Financial Fraud Protection Department at F6, told Izvestia that among all the threats to Russian bank customers, malicious versions of NFCGate are developing particularly rapidly.
— Over the past year, the arsenal of intruders who attack users in Russia using Android devices has expanded significantly. New modifications appear almost every week. For example, the reverse NFCGate appeared in April. The main difference is: Instead of intercepting the user's NFC card data, the attackers create a clone of their own card on their device. When, as a result of a fraud attack, the victim tries to transfer money to his account through an ATM, the entire amount will be sent to the drop card," the expert said.
Developers of criminal solutions, in his opinion, are constantly improving their technologies. The organizers of criminal schemes are constantly looking for new tools. They use both their own developments and borrow solutions that are successfully used in other countries. For example, in the summer of this year, the first attempts to attack users in Russia were recorded, which used the SuperCard application, a new malicious modification of the legitimate NFCGate program. In the spring of 2025, SuperCard was used in attacks on European bank customers, and less than a month later it was tested in Russia.
At the same time, the nature of the attacks themselves has hardly changed: social engineering remains in the first place, Alexey Voylukov, MBA professor of business practice in digital finance at the Presidential Academy, told Izvestia. It does not require complex technologies, but it works due to psychological pressure. People are being persuaded to transfer money, codes, and perform actions at ATMs or through online banking on their own. Often, the victim does not even realize that he is acting at the dictation of the attacker.
Ways to fight
Most banks have already implemented transaction anti-fraud systems that allow them to detect fraud at the transaction level by analyzing the type of transaction according to a variety of parameters, Ekaterina Danilova noted. However, in modern realities, this is no longer enough, so early warning systems are becoming an important part of an integrated approach, enriching with additional data on suspicious activity at the user's device level. They help to identify suspicious activity by a variety of parameters. For example, according to information about the user's device, behavior, analysis of running applications that are not typical of the client, etc. This allows you to alert the system in situations where the personal account is accessed from an atypical device for the user, the client is in online banking and an active call is in progress, and a remote access program is detected on the device.
— Banks use both combinations of anti-fraud systems from different suppliers and single window systems. With such an integrated approach, fraud can be prevented well in advance, as well as money laundering schemes, complex schemes using social engineering, automation methods, and more," she noted.
The introduction of additional multi-factor authentication methods, she said, also allows for increased protection against theft of the account and user data of the online service. For example, you can make a decision about access to your personal account not only based on your username and password and an SMS code, but also by evaluating the trusted device and the riskiness of the user session.
Banks block tens of millions of questionable transactions, Ilya Zharsky, managing partner of the Veta expert group, noted in an interview with Izvestia. These are considered, for example, transactions carried out with a high frequency (more than 30 per day), involving a large number of senders and/or recipients, in the amount of over 600 thousand rubles to accounts to which the client had not previously transferred funds or which had previously participated in suspicious transactions, as well as transactions without an explicit economic purpose. having signs of fragmentation of a single payment, with suspicious counterparties (usually in relation to foreigners and organizations originating from other countries).
— Banks are required not only to independently monitor and block questionable transactions, but also are responsible for inaction if an operation that had signs of suspicion was not blocked. In the case of theft, if the bank has made a transfer to an account that has been recognized as fraudulent, it must compensate for the full damage within 30 days after the client's request, the expert reminded.
Now banks are trying not to violate the requirements of anti-money laundering legislation and not to get into situations related to the need to recover funds stolen from the client. As a result, the number of blocked transactions is growing.
— However, questionable transactions are not always carried out by scammers and in the interests of scammers. In addition, most of the embezzlement from Russian accounts currently occurs using social engineering methods, meaning there are no questionable transactions involving third parties. The client withdraws funds from the account himself, and the bank cannot prohibit the client from disposing of his funds in such a situation," emphasized Ilya Zharsky.
Safety rules
It is always important to be skeptical about what is said on the phone or what is written on the website, Ekaterina Danilova reminded. In particular, if the call is allegedly from a bank, you should immediately hang up and call back to the phone number indicated on the back of the bank card.
— If a person sees a message about social benefits or remuneration for something, it is necessary to check this information on the official website of the specified organization, - she noted. — Classic tips will also help: do not share personal or financial information with anyone, do not follow links in messages, especially from unknown people, do not download programs to your devices at the request of third parties, install security solutions, install software updates regularly, enable two-factor authentication where possible, and use complex and unique passwords for banking applications.
Izvestia sent a request to the Central Bank, but no response had been received at the time of publication.
Переведено сервисом «Яндекс Переводчик»
