Forbidden to ford: the Ministry of Finance has developed measures to protect citizens from fraudsters

Citizens will be protected from fraudulent schemes involving the use of information technologies. The relevant package of bills has been developed by the Ministry of Finance together with the Central Bank and law enforcers. This initiative will significantly reduce the toolkit of attackers, but will create an additional burden on banks, experts warn. How the new norms will work - in the material "Izvestia".

Comprehensive approach

The measures proposed by the Ministry of Finance are part of a comprehensive action plan covering all the most common tricks of fraudsters. This was told in the office of Deputy Prime Minister - Chief of Staff of the Government of the Russian Federation Dmitry Grigorenko.

According to him, when preparing the initiatives were analyzed the most popular schemes of attackers, such as deception through calls and messages, hacking into personal accounts and registration of loans on other people's passports. Based on this analysis, measures to counteract fraudsters were developed.

"As a result, citizens will have access to a wide range of tools that will help them protect themselves from telephone and Internet fraud," Grigorenko emphasized.

Photo: IZVESTIA/Sergey Lantyukhov

In total, the package of bills includes about 30 measures. In particular, citizens will be able to remotely prohibit the registration of loans and credits online in their name through "Gosuservices" or banking applications. This restriction can be removed by a personal visit to a MFC or bank branch.

At the same time, credit organizations will be obliged to conduct a thorough check of borrowers. Banks will analyze credit history and the account to which it is planned to transfer funds. There will also be a ban on transferring microloans to third-party accounts.

If a person has changed his credentials or there is a leak of information about him, a temporary "freeze" on the issuance of online loans will take effect. During this period, it will be impossible to make a loan remotely, warned in the Office of Deputy Prime Minister.

Photo: IZVESTIA/Sergey Lantyukhov

And between government agencies, banks and digital platforms will be possible online exchange of information. This is necessary for automatic monitoring, which will allow to instantly identify suspicious actions, block them and notify law enforcers of potential crimes.

In addition, the package of bills proposes to introduce mandatory rules on user identification. Another important measure is mandatory marking of calls, as a result of which the name of the organization or the name of the person will appear on the screen of the subscriber's phone, which will allow to distinguish safe users from fraudsters.

The initiative also provides for a ban on communication via messengers of representatives of government agencies, banks and telecom operators. This will allow citizens to immediately determine that fraudsters are writing to them.

Izvestia's editorial staff sent inquiries to the Ministry of Finance and the Central Bank of the Russian Federation. At the time of publication, no response from the Ministry has been received.

Without leaving the room: scammers take out loans using data from leaked databases

How to protect yourself from such situations

In its turn, the press service of the Central Bank informed Izvestia that it had received the proposals of the Ministry of Finance. The Bank of Russia's position on the results of their consideration will be sent to the Ministry in due time.

The initiatives provided, according to the ministry, include support measures to counteract credit fraud, in which attackers induce a person to take out a consumer loan or credit and hand over money to them.

Photo: Izvestia/Pavel Volkov

To address this problem, the Bank of Russia has already prepared a list of proposals and sent them to the Russian Ministry of Finance.

- Among other things, they provide for a mandatory cooling-off period for consumer loans and credits between the conclusion of the agreement and the receipt of money. Its duration will depend on the amount of credit or loan, - specified in the press service.

Another measure stipulates that banks will send citizens warnings that in their name issued a loan or credit through "Gosuservices". The notice will reflect information about the basic terms of the loan or credit and how it can be waived during the cooling-off period, the Central Bank added.

The course on security

The initiative of Mincifra is an important step in the fight against fraudsters using modern technology, points out the expert of Bell Integrator Sergey Golovashov.

- New verification procedures that may be introduced are aimed at providing additional security for financial transactions and preventing unauthorized access to citizens' funds," he believes.

Photo: Izvestia/Eduard Kornienko

Automating monitoring and establishing the process of information exchange between government agencies and financial institutions will allow to quickly respond to emerging threats from institutional players, says Anton Shustikov, CEO of the CakesCats educational project, information security specialist.

In addition, the measures that are being tested today in the Ministry of Finance, synchronize the actions of several agencies at once, adds lawyer Igor Kim. This is important, because fraudsters have not been working alone for a long time. Often they are well-organized criminal communities, actively using digital technologies, neural networks and psychology.

The widow's mite: how fraudsters cheat Russians under the guise of the tax service

Criminals became active during the tax payment period

Among the measures that could be additionally introduced to protect Russians from attackers, Sergei Golovashov singles out mandatory two-factor authentication for all banking transactions, biometric identification to confirm the identity of the client for large transactions, the introduction of limits on such transfers and cash withdrawals without additional confirmation, as well as checking geolocation and the use of artificial intelligence algorithms to analyze customer behavior and detect abnormal activity.

All these actions, in his opinion, will strengthen the protection of citizens' personal finances and reduce the risks of fraud.

Photo: TASS/dpa/Andreas Arnold

Among the key aspects that the government should focus on, Golovashov calls tougher regulation of data processing, mandatory notifications of information collection, the right to delete personal data, fines for information leaks, the introduction of mandatory encryption standards and the creation of a centralized register of violations.

It is also necessary to establish international cooperation with organizations and partner countries to share experience and create unified data protection standards. This, according to the expert, is especially relevant in the context of globalization and the growth of cross-border information flows.

- However, it is important to note that the final list of procedures will depend on specific decisions taken by the legislature and financial market regulators," emphasizes the Izvestia interlocutor.

Uncovered schemes

Nevertheless, as practice shows, fraudsters are also adapting and looking for new ways to circumvent the law and take advantage of vulnerabilities, reminds Shawn Betrozov, a practicing lawyer of the Moscow Chamber of Lawyers, a member of the Russian Bar Association.

- For example, the measures do not protect against more complex social engineering schemes, when attackers gain the victim's trust and persuade him to give access to his data," the expert warns.

In this case, technical protection measures are ineffective, agrees Maria Zaliznyak, head of product development for the ecosystem of information security products and services at Nota Dome.

- Often such scenarios are accompanied by the use of dipfakes or hacking of accounts in social networks and messengers. Therefore, in parallel with the implementation of technical solutions, it is important to continue educational work and increase the level of digital literacy of the population," she emphasizes.

Photo: Izvestia/Mikhail Tereshchenko

Also, according to Betrozov, call labeling will not protect against the use of new methods of disguise by fraudsters, which will help to deceive the recognition systems.

- Call spoofing technologies, such as "spoofing" (number substitution), remain a significant threat. Nevertheless, the creation of legislative barriers will make it more difficult to fulfill criminal intentions and deprive attackers of much of their usual capabilities," the lawyer said.

Technical difficulties

However, there will be problems in implementing the package of bills. The introduction of new regulations will create an additional burden on information operators, banks and government infrastructure, Anton Shustikov admits.

Credit organizations will have to actively build up the capabilities and capacity of their IT platforms to monitor and control financial transactions in relation to customer accounts in real time, agrees Alexei Muntean, an expert at the Moscow Digital School and co-founder of the Community of Privacy Professionals.

Photo: Izvestia/Eduard Kornienko

The need to adapt internal processes to the new requirements may become an impossible task for small banks, warns Sean Betrozov.

- They will have to spend on new technologies, staff training, software adaptation and implementation of mechanisms for online data exchange with government agencies. This process will require both financial and organizational resources," warns the attorney.

Proportionate responsibility

At the same time, it is worth considering the possible legal consequences for banks in case of non-compliance with the new requirements. It is likely to entail substantial fines, admits Sean Betrozov.

- Lawmakers will strive to make the punishment proportional to the severity of the consequences. This could be both administrative responsibility in the form of significant fines and, possibly, temporary deprivation of license or restriction of activity for those who systematically ignore the new norms," the lawyer does not rule out.

Subliminal description: Russians are twice as likely to block suspicious accounts

The number of complaints about inclusion in the Central Bank's database has risen sharply in the country

In his opinion, special attention will be paid to cases when the violation leads to significant losses for citizens or provides fraudsters with an opportunity to carry out illegal actions. In such situations, the punishment may be even more serious, up to and including limiting the activities of a financial institution.

Photo: Izvestia/Eduard Kornienko

Meanwhile, there is no need to introduce criminal liability for non-compliance with the proposed requirements, Alexei Muntean believes.

- It is possible that the responsibility for non-compliance with these norms will not be developed separately, as it is obvious that the state has done a lot of work to clarify the current legislation, - believes the expert.

The main task of the Ministry of Finance's initiative is to improve regulation in specialized industry regulations and create a system of monitoring and prevention of fraudulent actions, rather than to develop a separate federal law, summarizes the Izvestia interlocutor.