Quick to wean: Russians' damage from online fraud has been halved
In Russia, the amount of damage to bank customers from theft through online services has halved since the beginning of 2025 compared to the same period in 2024, said Dmitry Revyakin, Vice President of VTB and head of the Corporate Interests Protection Department of the security Department. At the same time, the number of attacks increased 1.5 times. What are the reasons for such changes and which methods of struggle are most effective — in the material of Izvestia.
Changing the protection
The Central Bank's press service reminded Izvestia that, according to up-to-date statistics on transactions without customer consent for the first quarter of this year, the number of attacks prevented reached 43 million. At the same time, for the whole of last year, this figure was 18 million.
The main reason for reducing losses lies in the long-term joint work of the Bank of Russia, the government and the entire banking industry, Ainaz Khairullina, senior director of financial Institutions Ratings at the NRA rating service, told Izvestia. Active information work is underway — banks inform customers about new fraud schemes through all available communication channels (SMS, push notifications, mailing lists). The mega-regulator actively informs citizens on its website about new fraud schemes, signs of fraud, and gives advice and warnings. Quite a lot of legislative initiatives are aimed at combating fraud.
— A significant driver was the introduction at the legislative level of the possibility of installing a self-lock on the conclusion of consumer credit (loan) agreements with credit institutions and (or) microfinance institutions from March 1, 2025. Back in February of this year, the head of the Central Bank of the Russian Federation, Elvira Nabiullina, stated that "a quarter of the funds that were stolen from banks by cybercriminals are borrowed." And according to the NBKI, more than 10 million people have already used the self—locking option, meaning a certain channel has become more inaccessible to fraudsters," the expert said.
Khairullina noted that credit organizations have also carried out extensive work in their activities: they have strengthened the information security of online services, improved access systems to systems, conducted briefings and training for employees involved in public services to identify fraudulent pressure on the client at the time of issuing cash and loans, and introduced more advanced ones to detect suspicious transactions (including AI), use behavioral scoring of client transactions (for example, patterns such as sudden geolocation changes, atypical operation, etc.).
Banks have become better at preventing theft, even despite the growing number of attacks, Ainaz Khairullina believes. However, scammers are constantly adapting, so protection requires constant technology development and user training. And work in this direction continues.
— So, starting from October 1, 2025, large banks will be required to add functionality to their mobile applications that will allow customers to promptly report a fraudulent transfer and receive an electronic certificate of such an operation from the bank to contact the police. In addition, starting from October 1 of this year, all banks must accept applications from citizens who transferred cash to the accounts of intruders using tokenized (digital) cards through an ATM," she said. — It doesn't matter if the victim is a customer of this bank or not. Embezzlement of money through tokenized cards is now one of the most common methods of deception, according to the Central Bank of the Russian Federation.
Continuation of work
The reduction in the number of hacks of online services is a positive trend, but it is extremely important to remember that the main flow of money is transferred to fraudsters by the victims themselves, an expert from the Popular Front told Izvestia. Analytics", curator of the Moshelovka financial fraud platform Alla Khrapunova. The legends about secure accounts are strong, victims transfer all their savings, take out loans and transfer them, sell real estate and also give the proceeds to scammers.
— If we talk about protection against hacking of online banks, then we can recall the words of the chairman of the Bank of Russia at the Ural Cybersecurity Forum, when she said that all banks in the country would need to establish a system to protect personal accounts from hacking, similar to the approaches used by the largest banks. Banks monitor the behavioral characteristics of customers," she stressed. — In case of deviation and non-standard behavior, checks are carried out. This includes biometrics, a bank call, and communication with the security service, including face-to-face.
According to the expert, it is worth considering that banks can understand where the login to the personal account comes from. And discrepancies, for example, in location or identification features, can also trigger additional checks.
— In the case of protection against "unexpected" loans that are issued by third parties in your name, the best tool is self-locking. It is easy and fast to install it in your personal account at Gosuslugi. Some banks offer a second-hand service when a number of payments require the approval of a trusted person. It is necessary to remember about the possibilities of setting restrictions and limits in personal accounts of banks, this service should be used, not ignored. There must be a separate card for online purchases," Alla Khrapunova reminded.
Now, according to her, scammers often download malicious software to the victim's gadget and use it to enter applications, including banking ones. Therefore, it is important not to follow links from unfamiliar sources, download applications only in official stores, and not give remote access to your gadgets to third parties. Teenagers need to be more careful in online games and the environment they form.
Changing schemes
Fraud in the field of financial technologies is constantly changing, Alexey Yefremov, a leading researcher at the RANEPA Center for Public Administration Technologies, reminded Izvestia. The reduction in thefts through online services was due to increased information security measures in the banks themselves, when it became much more difficult to hack the banking application itself or gain access to the server of a credit institution. At the same time, the use of social engineering methods is constantly evolving, and it is in this area that maximum efforts are needed to improve critical thinking and financial literacy of the population.
— In addition, sometimes anti-fraud programs of banks cause justified irritation of customers. For example, if, in order to confirm a particular transaction, the bank needs to provide clearly redundant information about the client and his life. New services implemented on the Gosuslugi portal will be of great importance, but at the same time it is important to teach the widest possible circles of the population how to use them," he stressed.
Banks are independently increasing the level of protection of their systems and methods of interacting with customers, both through the use of the latest technologies and in terms of organizing interaction with customers, where efforts are clearly insufficient to ensure the security of funds, Vladimir Popov, associate professor of the Department of Private Law at GUU, noted in an interview with Izvestia.
— The most effective, of course, are preventive methods of countering cyberbullying. Due to the political situation in the world and the technical possibilities of withdrawing funds from Russian jurisdiction, in most cases it is impossible to return stolen goods, but it has become much easier to prevent theft," the expert added.
Переведено сервисом «Яндекс Переводчик»
