Directory of RSS feeds
Statistics

RSS feeds in the directory: 2817

Added today: 0

Added yesterday: 0

Business / Finance

Please let PIN. When Russia will start to catch telephone scams

Banki.ru: themes of the day 17.09.2019 at 21:08

Banking and financial news on the website Banki.ru

"Hit" a Bank of season 2019 steel phone Scam, stealing money from Bank cards. Why these crimes were not ready, neither the victims nor the security banks or the police?

In June 2013, 65-year-old English pensioner Jenny, î the man called and introduced himself to the security officer of Tesco. He reported that her Bank card can be used by scammers. The lady was worried and told me that her account in the Bank Santander, the man on the other side of the line recommended it urgently to call. As shown later, the analysis of the telephone calls, the caller remained on the line, the session is not interrupted. When miss Parkinson scored a new room and, as she thought, called Santander, it in reality talked to another fraudster on the same phone. He gave her two numbers "protective" accounts. Under the guidance of the interlocutor pensioner transferred there 68 thousand pounds of savings. The investigation revealed that the money went to the accounts Barclays Bank and then was removed.

the Wave of telephone fraud has covered the UK in 2013-2015. Criminals talking on the phone to convince the victim to disclose the data allowing to access the account, or just transfer money to the correct account. The offence relates to social engineering — group deception techniques, forcing the user to perform actions that may harm him.

the Fact

it would Seem that a reasonable man cannot be the victim of such crime. But the objective of the criminals is the search of the weakest link. Victims are suggestible people who lose control during times of stress (the basic tactics of the scammers — bullying) and is not well understand the meaning of authentication procedures in General and of the banks.

the Representative of the financial Ombudsman told journalists in 2015 that 80% of victims being over the age of 50 years. With suspicious calls, according to Financial Fraud Action, an organization that coordinates actions to prevent financial fraud, received in that year, almost a quarter (23%) of British adults.

have Reached Russia

Globalization leads to the rapid spread of not only new technologies, but also new types of crimes. The surge of "social" fraud in Russia can be confirmed only indirectly, this is indicated by the jump frequency of publications about them in social networks and media, the number of criminal attempts (one of the authors of these lines, for example, crooks is also called), alerts the police reports and the fact that the problem is attended to, the regulator.

to Catch cheaters — it is certainly not the task of the bankers. But the police is clearly not ready to perform this task. "To catch criminals rarely, — says Alexey Golenischev, head of Directorate of monitoring of electronic business of alpha Bank. Law enforcement agencies do not really like such things because everything happens in the digital environment, on the other end of the fraud difficult to identify. This implies a fairly serious set of measures, and high-tech. You have to understand who was calling, as the money is withdrawn where withdrawn. To take such cases, obviously, not very interesting, because it's going to be another "cold".

the Fact

the interior Ministry, however, looking for ways to solve the problem. Curator Fincert of the Central Bank Artem Sychev, speaking at a conference "Information security of the financial sector", said that law enforcement officers understand that the problem exists, and intensively started to address the issue. "There are special units, techniques for working with this type of crime, is detained, and I hope that in the near future will be quite specific trials with real deadlines," said Sychev.

On the basis of judicial acts Law.ru for 2019 there are only two cases of such fraud. In February Myskovskiy city court (Kemerovo region) has sentenced the citizen Khlystova A. V. to two years of imprisonment. In fact, there are several episodes of Whips convinced victims that by simple manipulation of the ATM they get money from selling them furniture. In fact, they translated these amounts into a mobile phone. In June 2019, the people's court Arsk (Tatarstan) citizen sentenced Khabibullin to two years two months imprisonment. The defendant, being in prison, persuaded the victim Ibatullina to give him your Bank card information to Khabibullin allegedly was able to transfer him the money for the rental of a jackhammer.

the Fact Dispersed in the issues blocking

Now banks have virtually no legal opportunities to stop the transfer to the fraudster, even if his victim has told of his error within minutes. The beneficiary's Bank to hold the amount already received on account of his client, can not the Civil code. In theory, the Bank can stop the transfer of funds, if they are still in the correspondent account, but not adebamowo on the ultimate beneficiary's account. In this case, the sending Bank, who learned from his client of fraud, submits a request for suspension of payment Fincert, but the latter is not always able to react quickly due to the large amount of information processed.

"Now the banks will be the recipients of payments, clearly seeing the fraud, can't stop him. A similar mechanism is at 115-FZ and AML/CFT. Could this mechanism be extended to fraud," — said the head of the Department of combating e-fraud and information security threats ROSBANK Nikolay Peremyshlanska.

the Fact

At the end of August, the media reported that the Association of banks of Russia proposed to block the account of the alleged fraud for up to 30 days at questionable transactions. However, according to Alexey Golenishchev, the idea incorrectly interpreted, and really only discussed hydrovane amount of questionable transactions, not all funds.

"to Block all the accounts, all funds of the recipient of the suspicious transfer is illegal. They may not have relation to this translation, which challenged", — says Alexei Golenishchev.

Sberbank considered a useful initiative to introduce a legal basis to stop the operation in case of suspected fraud. To the credit of the stress that the victim should be given the opportunity to return the funds, and Bank — understandable rules with the stolen money.

the Identification rested on the ceiling,

you May protect the client from so-called social engineers could be a complex procedure for identification. However, banks big sense do not see this. "After all, when the client disables all remedies of the Bank, he remains with the social engineers one-on-one and often to succumb to their tricks," — noted in the savings Bank.

the Fact

Technology enhanced identification today there are many: additional codes to biometrics. "However, the choice of their application should be based on the situation: how uncharacteristic operation is now carried out by the client, what assessment his behavior on the page or in the app, is there any markers of malware or remote control", — says head of anti-fraud center for applied security systems company "infosistemy Dzhet" Alexey Sizov. Complication identification technologies, he said, will lead to "heavy" and slow procedures.

Anti-fraud vs. social engineers

the Modern anti-fraud systems are capable of monitoring certain types of attacks using social engineering. For example, the case when the fraudster vyvodyat Bank details of the victim on the phone and then registered on his behalf in the Internet Bank on the third-party device. "A new session from a new device when the new location on the territory of Russia — of course, disturbing signal," — said the head of Kaspersky fraud Prevention Maxim Fedyushkin.

However, the most common scheme when translation is carried out with the device and hands of the victim under the leadership of fraud. The attacker can convince the client to download on your device the remote control program, such as TeamViewer. "Only on some parts of the session are directly involved Scam: something clicks, enters the account number to which he wants to get the money. Part of the action makes the user a part of the rogue. To distinguish one from another is quite difficult," — says the head of the Secure Bank Group-IB Pavel Krylov. And in this case, transaction anti-fraud system is useless, there is more effective behavioral session analysis, he points out.

The latest technology sessional antifraud allow you to track everything the user is doing: as it prints, what key combination uses, and drives the arm which hand holds the phone, with what force and in what parts of the push elements. "The system does not collect information about what the user entered, only meta-information about how he did it," — says Pavel Krylov. These data allow us to create a "profile" of a client with his work habits in the app and online banking.

to detect suspicious behaviour of the victim is possible, even if all the actions the client commits themselves, says Alexei Golenishchev. "Social cheaters put pressure on the victim, the actions of the client will differ from the usual practices. For example, it is not under the angle of holding the phone," he explains. However, he feels the expert, such systems actually work, one.

no matter How advanced was the anti-fraud system, it cannot 100% protect user, agree most experts on information security. Need to solve the problem comprehensively: to increase the financial literacy of the population, to organize a mass campaign to raise awareness of fraud, to establish cooperation between banks, mobile operators and the regulator to step up the search and capture of the crooks.

Sergey KASHIN, Evgeniya OGURTSOVA, Banki.ru