Column by Ksenia Dementieva about the benefits and harms of measures to combat social engineering

Despite all the efforts of regulators and bankers, the fight against social engineering in the financial market is still going without much success. Banks, which every day are required to be more vigilant in dealing with fraudsters, do not intend to give up. But from their zeal, as often happens, the clients themselves begin to suffer.

The other day, a good friend of mine got into an unexpected situation. It all started quite normally, I had to withdraw cash from a Sberbank card, but I didn’t have it with me. It doesn’t matter, she had a passport, the account was opened in her name, you can withdraw funds at the cash desk. It would seem that it is a matter of minutes – in the age of digital technologies and developed remote services, as well as the absence of currency exchange operations in the same volume, queues at the cash desk are a thing of the past. However, before entering the coveted “window”, you need to go through the customer service area, where the manager will issue the documents necessary for withdrawing cash.

Usually there are no difficulties with the passage of the entire chain, but this time something went wrong. After information that my friend wants to receive 100 thousand rubles from her account, the manager initiated a test call. The mobile client received a call from the robot of Sberbank, although banks especially draw the attention of customers that they themselves do not call them. But here everything was clean, and the manager was powerless to continue the process – it was necessary to pass the robot check. He asked the question for a long time in different ways: “Did the client decide to withdraw funds or under someone else’s pressure?” As a result, the verification was passed, the funds were received, but, as they say, “the sediment remained.”

The vigilance of the bank is understandable. According to the Central Bank, fraudsters managed to steal 4.5 billion rubles from bank customers in the first quarter. At the same time, the number of transactions without the consent of citizens decreased by 2% year-on-year, however, the share of social engineering (when the client himself provides data, transfers or transfers funds to fraudsters under their influence) remains at a high level of 50.5%. Only 4.3% of the total amount of stolen funds was returned to bank customers, which amounted to about 195.6 million rubles.

Against this background, the State Duma recently adopted in the second reading a law that obliges banks to reimburse citizens for stolen funds within 30 days if they were transferred without the voluntary consent of the client. The law makes it harder to verify transfers, and bankers appear to be starting to prepare for this. There is almost nothing to argue, the preservation of funds is the main task of any bank. But the question is how not to splash out customer experience together with information security and high artificial intelligence technologies.