The Bank of Russia is preparing new measures to combat credit fraud

To combat the actively developing credit fraud, the Central Bank proposes to introduce a cooling-off period when issuing loans for large amounts and set a limit on depositing cash on newly opened cards. Some measures have already been implemented in large banks. However, according to experts, the effectiveness of the measures may be less pronounced than the problems and inconveniences they will create for banks and their clients.

At the Ural Cybersecurity Forum on Wednesday, February 14, the head of the Bank of Russia, Elvira Nabiullina, said that to combat fraudsters it is necessary to introduce a cooling-off period in consumer lending. As Stanislav Kuznetsov, deputy chairman of the board of Sberbank, explained, in almost a third of cases, scammers, having taken the victim’s savings, also convince her to take out a loan.

According to Elvira Nabiullina, every fourth ruble stolen from citizens comes from borrowed funds. Considering that, according to the Bank of Russia, over the past year, fraudsters stole 15.8 billion rubles from citizens’ bank accounts, we are talking about approximately 4 billion rubles.

A cooling-off period to combat fraudsters is already written into the legislation regarding transfers. According to amendments to the law “On the National Payment System”, from July 25, banks must block dubious transfers from customer accounts for two days. To introduce a cooling period for a loan, the head of the Central Bank previously proposed a level of 1 million rubles as the lower limit, although the amount is proposed to be discussed with the banking community.

An additional measure in the fight against criminals may be a limit on depositing cash on a new card. As Elvira Nabiullina explained, when, under the influence of scammers, a citizen takes out a loan from a bank and transfers the money to the scammer, he puts it on the card, and then transfers it further.

At this stage, the limit on depositing funds on the card can make it difficult for fraudsters to quickly confuse the traces of the movement of funds.

According to her, banks should pay special attention to depositing funds on new cards.

Representatives of Sberbank and VTB say that they are already applying measures similar to those proposed by the regulator. According to Stanislav Kuznetsov, this happens with loans for which, according to the anti-fraud system, the bank assumes “a high probability of fraud.” At the same time, the delay in transferring funds “does not seem significant.”

In the case of replenishing cards with cash, transactions involving tokenized cards are considered the most suspicious, said Vadim Kulik, deputy chairman of the board of VTB. When such cards are issued, confidential information is replaced with an impersonal token, which is then used by all reading devices. Tokenized cards are usually used for payments through mobile applications, on the Internet, etc., since plastic media is no longer needed when making transactions.

According to Mr. Kulik, an effective measure to combat fraud would be to block such a card for 48 hours after a request for a suspicious transaction.

At the same time, the head of the Financial Innovations association, Roman Prokhorov, believes that fraudulent schemes regarding cash loans are “easier to stop at the issuance stage.”

Setting a limit on cash deposits can create inconvenience for conscientious citizens, emphasizes Alexey Voylukov, vice-president of the Association of Russian Banks.

“In addition, this will lead to problems for banks that base their work on digital technologies and use an ATM as a mini-office. And fraudsters will simply get several additional cards, and it will become even more difficult to block their money,” believes Mr. Voylukov.

SafeTech Commercial Director Daria Verestnikova, while recognizing the possibility of attackers circumventing limits, nevertheless believes that “under additional conditions, the proposed measure may work.” In particular, the expert explains, “the introduction of the exchange of information about digital fingerprints of clients’ devices (fingerprints) between credit institutions” will strengthen security. Now, Ms. Verestnikova clarifies, mobile banks of credit institutions collect this information at the request of the regulator, but there is no data exchange that would allow them to identify that they are trying to tokenize the card on a third-party device and recognize the operation as suspicious.

Maxim Builov