The Central Bank includes payment system operators and electronic platform operators in the information exchange about illegal write-offs

The Central Bank connects online services for financial transactions and digital financial asset exchange operators (DFAs) to the information exchange about fraudulent write-offs of citizens. They, along with banks and payment system operators, will have to transmit to the regulator data on cases of theft of funds from customer accounts from June. Financial market participants believe that expanding information exchange will help prevent crimes, losses from which last year reached 15.8 billion rubles.

“Kommersant” got acquainted with the updated procedure for informing the regulator about fraudulent transfers for payment system operators and electronic platform operators (EPOs) published by the Central Bank on the portal of legal acts on March 20. The project concerns financial transactions carried out “without the consent of clients” of banks and payment services, and “attempts to make” such transfers.

According to Kommersant’s interlocutor close to the Central Bank, the key change that the document introduces will be the extension of the regulator’s requirements to the EEP. According to the Central Bank register, these are Moscow Exchange PJSC, Financial Platform JSC and other online services for the financial industry and bank clients. Also, Kommersant’s interlocutor clarifies, “digital financial asset exchange operators” (SPB Exchange, etc.) are also subject to the requirement: if they attempt or steal an asset from the victim’s account, they will have to inform the Central Bank within a specified period.

According to the text of the document, operators must notify the regulator about the incident no later than the next business day, including transmitting to it data on attempts to carry out illegal transactions on the client’s account or cyber attacks on the EPS infrastructure.

The new procedure for notifying the Central Bank of cyber incidents comes into force at the end of June. Since October 2023, banks and other payment system operators will provide expanded information about all participants in fraudulent transfers to the Central Bank. Information from the regulator’s database is sent to all credit institutions through the FinCERT system (responsible for information exchange between banks, law enforcement agencies, telecom operators and companies that work in the field of cybersecurity).

The Central Bank added that the draft, among other things, clarified the list of measures to counter the transfer of funds without the voluntary consent of the client: “The document also establishes the procedure for the regulator to request and receive information from banks about transactions in respect of which information about illegal actions committed has been received from the Ministry of Internal Affairs.” The National Payment Card System (NPSK) added to Kommersant that the Central Bank is introducing a number of clarifications “aimed at reducing the risk of carrying out transactions without the client’s consent.” The Moscow Exchange and St. Petersburg Exchange did not respond to requests.

MTS Bank explained that they are already identifying suspicious transactions, predicting the likelihood of fraudulent actions, and based on this data, as well as requests from clients themselves, transmitting data to the Central Bank through FinCERT.

According to the Central Bank’s own data, the volume of funds stolen by fraudsters in 2023 increased to 15.8 billion rubles, 11.5% more than a year earlier. The Central Bank reported that this “occurred against the backdrop of an increase in the volume of money transfers using cards.” Banks were able to return only 1.4 billion rubles to clients. In December 2023, the NSPK announced plans to tighten the fight against fraud through payment terminals. Including through encouraging acquiring banks to combat fraudulent schemes implemented through retail outlets (withm. “Kommersant” from December 5, 2023 of the year).

The Central Bank puts banks, other payment system operators and electronic payment systems “on the same level”, since they all participate in the chain of funds transfer, explains Fedor Muzalevsky, director of the technical department of RTM Group: “This allows you to more quickly and comprehensively receive information about one incident. Also, the payment system operator can receive information more quickly, since transfers through payment systems are carried out faster than transfers from current account to account.”

Tatiana Isakova, Maxim Builov