the volume of funds stolen from customers of banks for the first quarter exceeded 4.5 billion rubles

According to the Bank of Russia, in the first quarter a record was set for the theft of funds from bank customers – more than 4.5 billion rubles, and about 12% of them occurred through the fast payment system (FPS). At the same time, it is in the SBP among all the instruments of transfers of individuals that the highest percentage of refunds is noted. Experts believe that this may be due both to the close attention to the system by the regulator, and to the predominance of unintentional errors in dialing the phone number of the recipient of money in such “thefts”.

The Central Bank published a review of operations without the consent of customers in January-March. According to the regulator, the amount of funds stolen by fraudsters from bank customers in January-March reached 4.55 billion rubles. and turned out to be the highest for the entire period of observation – the record for the fourth quarter of 2021 (4.49 billion rubles) was broken. Moreover, if the volume of stolen money increased by only 12% compared to the previous quarter, then the number of incidents increased by more than 40%, exceeding 250 thousand. The Bank of Russia did not respond to Kommersant’s request.

Of the most notable changes, we can note an increase in the blocking of phishing sites by almost 240% compared to the average value for the four quarters of last year.

Unexpected, according to experts, looks like information about a decrease in the number of DDoS attacks by more than 70%.

One of the participants in the cybersecurity market believes that we are talking about a decrease in the number of effective attacks that led to disruptions or unavailability of services: “As far as I know, it is these attacks that banks report to FinCERT. But this happened not because hackers attack credit institutions less, but because of the increased security of banks. We do not observe a decrease in the activity of the attackers.

For the first time, the Bank of Russia disclosed statistics on incidents in the SBP. They accounted for about 12% of all stolen funds – more than 550 million rubles, and the average value of a fraudulent transaction through the system was 6.5 times higher than a similar transaction with a card – 45 thousand rubles. against 7 thousand rubles.

At the same time, a significant part of the stolen funds was returned: 76 million rubles. Although the total amount of stolen funds from the cards turned out to be 2.5 times higher than through the SBP (1.4 billion rubles), of which only 65 million rubles were returned to the owners.

Cases of unauthorized transfers of funds may be associated with the payment of goods or services through SBPey, a Kommersant source in the payment instruments market believes: “Scammers can potentially fake access to the account through the application if the phone number associated with the bank is known.”

Commercial Director of SafeTech Daria Verestnikova adds that often people do not pay attention to what details are displayed when making payments through the SBP and where the money will go. There are several options for attacks, she explains: you can replace the QR code or use classic social engineering methods. “But the main reason for the incidents is that they neglect the rules of information security and continue to use unsafe means of confirming the payment, when the bank client does not see and does not notice where the money is being transferred,” believes Ms. Verestnikova.

According to Fedor Muzalevsky, director of the RTM Group technical department, two main types of incidents can occur in the SBP – related to transfers to another individual and payment to a supplier of services or goods. And, according to the expert, “payments cannot have a large proportion of incidents, since it is difficult to introduce a seller legally connected to the SBP into a fraudulent scheme, and the likelihood that the transaction will be frozen and the money will be returned is high.”

The head of the board of the Financial Innovations Association, Roman Prokhorov, connects the “relatively higher” percentage of the return of funds in transactions through the FPS with the increased attention of the regulator to the development of this transfer system: “Banks more often prefer to reimburse the client for losses.” Kommersant’s source in the payment instrument market adds that in the case of SBP, the proportion of “bona fide errors” is also high, for example, in the phone number: “In this case, the recipient is easy to identify, so those who received funds by mistake most often return them “.

Maxim Builov, Yulia Poslavskaya