Starting from October 1, 2025, a special button will appear in the mobile applications of large banks, which will allow customers to promptly report fraudulent transfers. It will also be possible to obtain an electronic certificate of such an operation from the bank in order to contact the police. Experts call this an important step, but warn that the tool should not be isolated, and predictive analytics is much more important to prevent fraud. In addition, banks are poorly prepared to fend off AI attacks, according to cybersecurity experts. For more information, see the Izvestia article
New functionality
According to the new requirements of the Central Bank of the Russian Federation, from October 1, 2025, large banks, including in the payment services market, will be required to add functionality to their mobile applications that will allow customers to promptly report fraudulent transfers. Victims will also be able to receive an electronic certificate of such an operation from the bank in order to contact the police.
In the mobile application, it will also be possible to answer the question whether the transaction for which the bank received a request from the regulator was carried out under the influence of fraudsters. This type of interaction is possible in cases where victims contact the police directly, and law enforcement officials request data from the Bank of Russia.
According to market participants, the inclusion of such a tool in mobile applications to quickly inform about suspicious transfers can be an effective way to combat fraudsters.
— This button will allow customers to inform the bank in a timely manner about possible fraud cases. In turn, banks will receive timely information about fraudulent transfers, which will allow them to promptly investigate and prevent further losses," says Sergey Igoshin, Head of the Fraud Prevention Department at Svoi Bank.
However, as representatives of credit institutions point out, such functionality should be improved.
This will help to respond promptly to suspicious transactions, but there will be questions about the behavioral analysis of customers, says Mikhail Petrov, Head of the Department for Control over Implementation and Technological Development of PJSC RosDorBank.
— For example, what to do if it's a weekend or a public holiday, when not all banks can quickly respond to these types of requests, and with the active implementation of SBP, funds can be credited to the fraudster's account in a few minutes and sent on from there. There is also a risk of abuse on the part of customers — for example, you can pay off a debt to a colleague with a transfer to the SBP, and then press the button," Petrov notes.
Digital hygiene
The effectiveness of the mechanism itself is not guaranteed, experts emphasize. Everything will depend on the speed of the banks' reaction and their interaction with the Central Bank and law enforcement agencies.
Industry representatives and cyber defense experts point to the need to expand the built-in digital hygiene products in applications. We need regular reminders about fraud methods and interactive trainings on countering social engineering right in the app. In addition, there are instant alerts about unusual or potentially fraudulent transactions so that the user can immediately block the operation.
The built-in "anti-fraud assistant" is also relevant, which could check the recipient's number in real time and inform if it has already appeared in fraudulent schemes. As well as the possibility of setting individual limits on transfers, which the user could change only through additional confirmation or after consulting with the bank, Pavel Karasev, a business partner at Computer Technologies, believes.
"Abnormal behavior"
Fraud using social engineering methods, when people voluntarily withdraw funds and give cash to a courier, cannot be solved by implementing a button or anything else, says Maria Krasenkova, CEO of NGO MOBY.Money."
— To protect citizens, it is important to have the technical ability to promptly block funds on the recipient's account until the circumstances are clarified. And for this, for example, it would be possible to automate the work of FinCERT so that the Central Bank could receive and send information about each potentially fraudulent transfer in real time," she emphasizes.
— The main problem here is the speed of funds withdrawal by fraudsters from the banking infrastructure. In order for the button to really work effectively, it is necessary to supplement it with a system for instant suspension of suspicious transactions and automatic notification of the bank's security service with the possibility of promptly blocking the transaction channel or the recipient's account for the verification period," says Sergey Belov, Head of the Banking Systems Security Research Department, Positive Technologies.
According to him, a real increase in security is possible only with an integrated approach: intelligent mechanisms for detecting abnormal customer behavior should be introduced into banking applications, for example, sudden large transfers and non—standard patterns of application use.
Focus on deepfakes
First of all, experts emphasize, banks need to focus on improving systems to prevent AI attacks by fraudsters. According to all forecasts, banks in 2025 will face an increase in the number of attacks using deepfakes. According to experts in the field of cybersecurity, most existing banking solutions are not at all ready to counter modern methods of deception using AI.
— Voice clones and fake video images of customers are becoming more sophisticated, which undermines the effectiveness of traditional verification methods. One of the solutions is anti-spoofing tools that reduce fraud cases by using voice imitations, as well as generated videos and images of users. In addition, banks need multi—factor authentication for critical operations. The combination of biometrics with confirmation through alternative channels and behavioral analysis will significantly complicate the task for fraudsters," says Natalia Lisitsyna, Chief Operating Officer of AI integrator and developer WMT Group.
Deep integration of behavioral analysis with operational means of blocking suspicious transactions, supported by a user-friendly and simple interface for clients, can become a real protection tool, explains Sergey Belov. Otherwise, despite the presence of any buttons, banks will continue to repel technical attacks, but funds will be withdrawn from accounts due to the mistakes of the customers themselves.
Переведено сервисом «Яндекс Переводчик»
