Wallet shield: how the new state system will save Russians from cyber-hackers

A large-scale digital security reform is being prepared in the Russian Federation, promising to radically change the rules for countering cybercriminals. As early as 2026, the updated provisions of the Antifraud 2.0 package may come into force and the Antifraud state information system (GIS Antifraud), which unites banks, telecom operators and government agencies into a single infrastructure for the rapid exchange of data on suspicious activity, may be operational. Will dropping lose its appeal, and will massive fraud through telecommunications decline? This is reported in the Izvestia article.

Unified digital protection

GIS "Antifraud" and the package "Antifraud 2.0" will reduce the number of cybercrimes by linking Russian bank accounts to an INN, extrajudicial blocking of fraudulent sites and marking international calls, which will increase disclosure and compensation for damages, the government said.

The Russian Ministry of Finance will be the operator of GIS Antifraud, the Central Bank told Izvestia. The Bank of Russia is working on issues of future interaction and information exchange on the platform with all interested parties. The Central Bank expects that the operation of the system will increase the level of protection of citizens from the actions of fraudsters.

The adoption of the Antifraud 2.0 package this year and the launch of the Antifraud GIS are considered as the next step in the systemic protection of citizens from financial fraud. The Ministry of Finance emphasizes that the fight against cyberbullying is one of the key areas of the state's digital policy.

Photo: IZVESTIA/Eduard Kornienko

"Measures to protect citizens are constantly being improved. One of the main effects of the first package is already a noticeable decrease in the number of such crimes. The purpose of the new GIS is to ensure the operational interaction of all participants, since the fight must be conducted jointly," the press service of the Ministry of Finance notes.

The ministry adds that the platform will bring together government agencies and financial organizations in different scenarios, depending on the type of fraud.

Login only once: how hackers use long-leaked passwords

Demand for "second-hand" data has increased on the black market

Nikolay Zhuravlev, Deputy Chairman of the Federation Council and Chairman of the Council for the Development of the Digital Economy at the Federation Council, told Izvestia that the first package of measures adopted last year had already proved its effectiveness. The second package complements these innovations and closes existing loopholes used by criminals.

Firstly, the number of payment cards is limited. The original version of the bill assumes that one person cannot have more than five cards in one bank and twenty in all banks in total.

Photo: Global Look Press/Shatokhina Natalia/news.ru

— All of them will be linked to the INN, which will exclude the mass registration of cards for "dead souls" or stolen documents. At the same time, the exact number of bank cards issued to individuals can be adjusted by the second reading. The main thing is that the restriction should be optimal and not affect conscientious citizens," Zhuravlev said.

Secondly, telecom operators and banks will start working in a single information system. If the phone number is included in the unified register of subscriber numbers used for illegal activities (for example, due to complaints from other citizens), the bank will automatically receive a signal.

— The credit institution will have the right to suspend operations on the card for 24 hours to give the owner time to sort out and confirm the legitimacy of the transfer. At the same time, the client immediately receives a notification and instructions on how to exclude his number from the registry," he noted.

If hackers have hacked an account on Gosuslugi, access can be restored not only in the MFC, but also through biometrics, a mobile application, a bank website or the MAX service, said the deputy speaker of the Federation Council.

Photo: IZVESTIA/Eduard Kornienko

— Telecom operators are also integrated into the security system. SIM cards and devices will be linked to the individual, the IMEI of the device will be indicated at the conclusion of the contract, and this information will be transferred to a single database. The use of a single number on multiple devices or IMEI substitution will be prohibited," he stressed.

The Deputy Speaker of the Federation Council also focuses on finalizing the norms on mass calls.

— The bill will be finalized by the second reading. It is important to clarify, for example, the rule on mass calls.: Today, bona fide organizations that cannot reach their clients fall under it," he noted.

According to him, it should be clearly stated that calls made within the framework of the law, bylaws or the execution of a personal contract with a person are not considered mass calls.

Photo: IZVESTIA/Anna Selina

From control to prevention

Experts of the banking sector see in the new system a transition to a qualitatively different principle of combating fraud. Alexander Abramov, Director of the Legal Department of the Association of Banks of Russia, notes that financial organizations already have effective anti-fraud systems, but there is currently no centralized and cross-sectoral information exchange in the field of anti-fraud.

— GIS Antifraud will eliminate this gap by uniting banks, investigative authorities, operators and regulators into a single digital network. Automatic exchange will help create databases of suspicious individuals, identify trends and quickly adapt to new types of attacks," the expert emphasized.

Shock anti-fraud: The Cabinet of Ministers held a new package of measures against cyberbullying in the State Duma

The effectiveness of large-scale measures depends on the rapid adaptation of criminals to new realities.

Alexander Tovstolip, head of the Information Security Department at the Fintech Association, adds that the new security architecture makes fraud less widespread and anonymous.

— These measures mean the transition from local control of individual schemes to systematic control of all stages of fraud. When operations cease to be isolated fragments, the illusion of impunity disappears — dropping loses its appeal as an easy side job," the Izvestia interlocutor points out.

Photo: IZVESTIA/Sergey Lantyukhov

In his opinion, the effect of the new system will be particularly evident in the growth of user trust: the feeling that protection works in real time creates a conscious perception of security.

Industry experts point out that the bill affects not only the banking and digital spheres, but also issues of legal liability.

Alla Khrapunova, Deputy Head of the For Borrowers' Rights project, recalls that only a combination of new technologies and legal culture can ensure sustainable results.

— Blocking websites, labeling international calls and increasing the role of civil prudence are key areas of anti-fraud policy. But without the conscious behavior of citizens, protection will not be complete. Everyone should understand the basics of digital hygiene," she emphasizes.

Andrey Mishukov, iTPROTECT's Chief Operating Officer, points out that the proposed measures do not change the mechanism of citizens' interaction with banks, but rather add some organizational rules or restrictions to the banking services themselves.

Photo: IZVESTIA/Eduard Kornienko

— For example, a person cannot have more than five cards in one bank. In fact, this will not hurt the majority of customers, and such a limit may interfere with droppers in carrying out their operations. If you don't have the right number of cards, you need more droppers, and this increases the cost of withdrawing funds," says the expert.

As a result, according to him, the restrictions make the procedure of deceiving citizens more expensive, which means that the attackers have reduced motivation.

The balance of technology and trust

The introduction of new tools raises questions about the allocation of responsibility for possible errors in locks and markings. The chief lawyer of the Kontur company draws attention to this.Aegis" by Olga Popova.

— More accurate identification will reduce the number of fake profiles. But if the structures exceed their authority or make mistakes, they must be held accountable. Blocking errors are already problematic for bona fide citizens, so using an INN is a reasonable solution for correct identification," the lawyer notes.

Photo: IZVESTIA/Eduard Kornienko

A similar thesis is being developed by Sergey Shcherbakov, Technical director of the Stakhanovets company.

— Linking accounts to the INN will make the system more transparent, but the trust of citizens directly depends on the correctness of technology. If false blockages or payment delays start, the effect will be reversed. Only the stability and predictability of the mechanisms can strengthen faith in digital security," he points out.

Alexander Kiselyov, UserGate's patent attorney, adds that the proposed measures will significantly reduce the likelihood of schemes involving transfers to accounts of "unfriendly structures."

Digital responsibility and new frontiers

Evgenia Mamysheva, Associate Professor of Finance, Taxation and Financial Accounting at Moscow University of Finance and Law, draws attention to the fact that the new measures strengthen protection against telephone and SIM fraud, introduce trusted persons to confirm transactions and expand the functions of interdepartmental exchange. This creates the basis for the development of digital identity, but requires citizens to master new control tools, the expert notes.

Photo: IZVESTIA/Sergey Lantyukhov

She notes that a complex of technical and legal innovations, including a cooling-off period and criminal liability for droppery, creates economic and legal barriers to criminal schemes: now a random participant becomes an accomplice.

Elena Golyaeva, a business architect at Reksoft, considers Antifraud as the core of the state's early warning system.

Entertaining logic: how scammers speculate on the topic of microloans after the winter holidays

The attackers are taking advantage of the financial difficulties of Russians due to New Year's expenses and long vacations.

— GIS "Antifraud" translates citizens' interaction with banks into a proactive format: data is compared automatically, and suspicious transactions are detected before the damage occurs. This turns the user into a participant in real—time protection," the expert says.

At the same time, she emphasizes that the effectiveness will depend on the integration of the system with the infrastructure of banks and telecom operators. "The key risk is excessive interference in bona fide operations, so transparent procedures and a quick response to appeals are critically important," adds Golyaeva.

Photo: IZVESTIA/Eduard Kornienko

Alexander Yarov, Head of Information security at ELMA, believes that the effectiveness of the project will be tested in practice.

— These measures are aimed at controlling civilian data, limiting device ownership and confirming actions. They have the potential to reduce fraud, but data deletion criteria and contesting mechanisms have not yet been described. The results can be evaluated only after the system is launched," the specialist concluded.