RBC: The Central Bank will introduce a mandatory refund amount to Russians who have become victims of fraudsters must return to customers who are victims of scammers. RBC writes about this with reference to the regulator's materials.
According to the publication, changes are planned to be made to 161-FZ “On the National Payment System”. The relevant materials were sent to the banking market participants on behalf of the director of the information security department of the Central Bank Vadim Uvarov.
Their authenticity was confirmed by three sources of the publication in the financial market, and the receipt of the materials was confirmed by representatives of Rosbank and Alfa-Bank. In addition, Uvarov himself spoke about the development of the amendments on December 2 at the AntiFraud Russia international forum to combat fraud in the field of high technologies.
The main prerequisites for amending the law are: the observed picture of the share of refunds to clients, the need for a significant modernization of the mechanism for countering theft of funds and the return of funds debited from clients' accounts
Vadim Uvarov Head of Information Security Department of the Central Bank Theft
According to the regulator, in the third quarter of 2021, fraudsters stole 3.2 billion rubles from the accounts of bank clients through unauthorized money transfers, while banks returned only 7.7 percent of the stolen funds to clients, that is, less than 250 million rubles.
< p>Now the most widespread fraud is when citizens voluntarily transfer payment card numbers, codes or passwords to cybercriminals, which they use to steal funds using social engineering methods. The regulator notes that this “is one of the acute problems that negatively affect the level of public confidence in remote payment services and, as a result, to the credit and financial system as a whole.”
What does the Central Bank offer?
First of all, the Central Bank wants to introduce a simplified procedure for returning funds to Russians who have suffered from fraudsters in an amount that will be determined by the regulator itself. To do this, the client must inform the bank about the incident no later than the next day after receiving a notification from the bank about the operation. This amount will be calculated “based on the targeted return of funds to citizens on average in 80-90 percent of all cases of social engineering.” he will have to return the entire stolen money to the client, even if it turns out to be higher than this amount. The low level will include cases when banks cannot identify transactions made without the client's consent.
At the same time, it is not clear how the behavior of the bank's client will affect the refund procedure when, under the influence of fraudsters, he himself transfers funds to them. Now, by law, banks are required to return funds only in cases where they were not stolen through the fault of the client.
In addition, the Central Bank proposes to give banks the right to write off money on transactions after one or two working days, even despite the client's consent, and the obligation to check transactions for signs of fraud should be assigned not only to the bank of the client transferring money, but also to the bank where they are serviced. recipient.
The Central Bank also intends to give banks the right to block for five working days all expenditure transactions on the account of the recipient of funds, information about which is contained in the database (maintained by the regulator itself) about cases and attempts to transfer funds without the consent of the client. This period is necessary for victims and law enforcement agencies to go to court in order to obtain permission to seize funds and receive a court decision on the return of money. Banks will be able to block operations only on the basis of information about the initiation of criminal cases.
Related materials 00:01 – August 3 
Split personalities. Hackers have adopted face recognition systems. Why is it dangerous for millions of people? 00: 10 – 15 October 2020 
“There are problems on the Internet that you can't even guess about” Russians have already lost billions of rubles due to online fraudsters. How to stop this? Will the innovation help?
As the representative of the Central Bank said, the regulator held the first round of consultations with market participants and received a large number of proposals and clarifying questions. Now, based on the results of the discussion, a new version of the bill is being prepared, which will have to go through another round of discussions. Therefore, it is too early to talk about concrete measures and solutions. The Central Bank intends to take into account the opinion of market participants as much as possible.
Experts interviewed by the publication indicate that the initiative can be useful only in terms of establishing the amount of the refund. At the same time, some unscrupulous clients may be able to challenge previous transactions and demand compensation.
Also, the interlocutors of the publication draw attention to the fact that banks are not obliged to refund funds if a gullible client believed the fraudsters and followed their instructions. and cybercriminals quickly withdraw the stolen funds from their accounts before the victim takes any action to recover them.
Automated attacks
It has recently become known that the number of automated attacks on bank clients has increased in Russia, financial organizations are reporting a surge in robotic calls, their share reaching 90 percent. This type of fraud is cheaper and deceiving for cybercriminals, as more and more voice assistants are used in the banking industry.
Such auto-dialing appeared about six months ago. To organize robotic attacks, the required sequence of phrases is recorded, followed by an appeal to the victims. It is assumed that a person communicates directly with a robot and receives instructions from him, for example, to enter a code from an SMS message.
Scammers' logic
Head of the Jet Infosystems Anti-Fraud Department Alexey Sizov said that scammers were planning theft of funds are guided by many factors, of which two main points can be distinguished. The first one is the background information about the potential victim. It is also important for cybercriminals to choose the right time to communicate with a potential victim – most often they launch attacks on bank clients on Fridays and weekends.
If a call from a bank seems dubious, Sizov advises to end the conversation immediately – immediately after the request provide any personal information. In addition, after the attack is thwarted, you need to call the bank at the number indicated on the back of the card and find out if everything is in order with the account.