Banking organizations and financial institutions are moving to work in the digital space - accepting applications for re-issuing loans and opening accounts, for transferring funds, identifying clients by digital copies of documents. The ability to work with consumers without forcing them to come to a bank branch with every request is a necessity and a competitive advantage. But how to avoid fraud? Indeed, along with the development of digital technologies, the level of technical savvy of fraudsters is also growing: graphic editors in which any document can be forged are no longer uncommon. Today we will talk about how you can resist fraud.
Every year the level of digital fraud is growing - and different types of financial organizations are suffering from this. Moreover, the attackers are both professional scammers and ordinary citizens who succumb to the temptation to deceive.
Methods of fraud
Anyone can forge: video and photo content, scans of documents (passports, driver’s licenses, bills, statements, decisions, resolutions and many others). Fraudsters use various types of graphics programs for this - from the usual Adobe Photoshop or Paint to editors specially designed for falsifying documents. And it is very easy to forge a document.
In addition, there is a market for rendering fake documents, whose participants offer to provide scans and photos of passports with the data the customer needs, photo confirmations where the owner of the passport is holding it in his hand, driver’s licenses, ID cards and others, quality passports, certificates. They also falsify photographic evidence, such as photographs of cars, dates of issue of documents and creation of images, and much more. In general, anything that could influence the decision of a bank or other financial organization to issue funds or guarantees is forged. The result is millions, even billions of financial losses.
What is fraud using electronic means of payment (Article 159.3 of the Criminal Code of the Russian Federation)
Lawyer Antonov A.P.
On May 4, 2022, changes to Art. 159.3 of the Criminal Code of the Russian Federation (see Federal Law of April 23, 2018 N 111-FZ “On Amendments to the Criminal Code of the Russian Federation”). The previous version of this article provided for liability solely for fraud using payment cards, while its current version provides for liability for fraud using electronic means of payment. Such changes are caused by constantly changing realities, the development of digital technologies, the diversity of existing electronic means of payment, and the emergence of new types and methods of theft. For example, methods of fraud using electronic means of payment include sending SMS notifications and calls asking for card details and PIN codes. All these actions pursue a single goal, namely, by taking possession of the card or electronic wallet data, PIN code, bank card security code (CVV/CVC), gain access to the account and, using the specified electronic means of payment, commit fraudulent actions aimed at stealing money funds. According to paragraph 19 of Art. 3 of the Federal Law of June 27, 2011 N 161-FZ “On the National Payment System”, electronic means of payment are a means and (or) method that allows a client of a money transfer operator to draw up, certify and transmit orders for the purpose of transferring funds within applied forms of non-cash payments using information and communication technologies, electronic storage media, including payment cards, as well as other technical devices. In addition, it should be noted that from May 4, 2022, the sanctions under this article have been tightened. If previously the maximum penalty for committing fraud using electronic means of payment was arrest for up to four months, now it is imprisonment for up to three years.
As qualifying elements of this crime, the legislator establishes the commission of actions: - by a group of persons by prior conspiracy, as well as causing significant damage to a citizen; - by a person using his official position, as well as on a large scale; - by an organized group or on a particularly large scale. The definition of the amount of damage is given in the notes to Art. 158 of the Criminal Code of the Russian Federation (theft). Significant damage is determined taking into account the property status of the citizen, but cannot be less than 5 thousand rubles. Large size is the value of property exceeding 250 thousand rubles, especially large - 1 million rubles.
Still have questions for your lawyer?
Ask them right now here, or call us by phone in Moscow +7 (499) 288-34-32 or in Samara +7 (846) 212-99-71 (24 hours a day), or come to our office for a consultation (by pre-registration)!
Let's talk about numbers
It is quite difficult to assess the real scale of digital fraud, because the results of the activities of attackers are not always known. However, we can share a few facts that show the scale of the problem:
• The Association of Insurers believes that every hundredth insurance claim may be false. At the same time, the same organization uncovers approximately two hundred frauds under compulsory motor liability insurance and comprehensive insurance per year in the amount of 15 million rubles.
• According to estimates from the National Credit History Bureau, losses from financial institutions from fraudsters are growing every year. At the beginning of 2014 alone, losses amounted to 153 billion rubles, while a year earlier the figure was less impressive - about 67 billion rubles.
• After a pilot launch of the Oz Forensics software platform in several organizations, more than 10 million rubles were saved in a year, and no payments were made on false documents.
• About 3% of confirmed cases of fraud are detected in the electronic document flow, and this figure continues to grow. Not only statistics are important, but also the “cost” for a business of a missed forgery; in some cases, it can cost millions of dollars in losses (for example, issuing a bank guarantee for counterfeit documents or paying for an insured event).
How to protect your money and e-wallets from scammers on the Internet: security tips
Here are some helpful tips from Kaspersky Lab's team of experts to help you protect your money and data online:
Don't assume that links are always genuine
If you need to access an online banking, store, or payment system site, enter the URL manually. Do not access websites by clicking on links:
- in emails
- in messages on social networks
- in chat messages
- in banner advertising on suspicious sites
- sent to you by people you don't know
Beware of fake communications
Most financial institutions never send emails asking customers to:
- send personal data by email
- go to their website to log in
- enter personal data in pop-up windows
Check the URL
When you visit a web page where you need to enter sensitive data, carefully check whether the page address displayed in your browser matches the page you wanted to access.
If the URL consists of a random selection of letters and numbers, or if it looks suspicious, do not enter any information.
Use encryption
Make sure you use an encrypted connection when you need to enter any sensitive data. If the connection is secure, the URL begins with the letters "https".
Additionally, a small lock icon appears in the browser's address bar or status bar.
When you click the lock icon, take a close look at the site's SSL authentication certificate information (you'll be able to see when the certificate was issued, who issued it, and for what period it was issued).
Use your computer and your Internet connection
Try to avoid using public computers in internet cafes, airports, clubs, hotels, libraries or other places if you need to access online banking or online shopping services.
These public computers may have a lot of spyware running on them. In this case, these malware can record everything you type on your keyboard, including your passwords, and also intercept Internet traffic.
Even if you use your own computer for online transactions, you should avoid connecting to the Internet through a public Wi-Fi network.
On a public Wi-Fi network, there is a risk that traffic could be intercepted by the network administrator or cybercriminals, and worm attacks could be launched.
Don't use a major credit card or debit card
It is worth having a special card that you will only use to pay for online purchases.
You can limit the credit limit on your "online credit card" or keep a limited amount of money on your "online debit card."
Study other people's opinions
Read customer reviews before shopping online./p>
Be careful with potentially unreliable sites
Avoid shopping on sites registered with free hosting.
Get more information about the website
If you have any doubts or suspicions about a store's website, use IP WhoIs to find out more about the domain, including how long it has been in use and who owns it.
Please note the period of time for which the domain was paid for.
Fixing vulnerabilities in your operating system and applications
Always ensure that your operating system and all applications on your computer and other devices are up to date with the latest updates.
This will help eliminate operating system and application vulnerabilities that can be used by malware to launch attacks.
Use a firewall
For added security, instead of running a simple firewall, you can run application- and software-based firewalls.
Protection against malware and Internet security threats
A reliable anti-malware solution can protect you from computer viruses, worms, Trojan horses, and more.
Some antivirus products also include special technologies that provide additional levels of security when working with online banking systems and making purchases in online stores.
How to resist fraud
When forged documents end up in financial institutions, it is quite difficult to analyze their authenticity without appropriate technical automated tools. Of course, you can use the services of additional examination, but this is usually expensive, time-consuming and not suitable for a large flow of electronic document management. But it is already possible to use the software platform modules built into the bank’s infrastructure.
In this case, you can consider integrating separate modules responsible for biometric identification of clients, checking documents for authenticity, or transferring data from scans to personal data, or implementing the entire software platform. We can offer to take this opportunity and conduct a pilot implementation of Oz Forensics, a software platform for developing the best fintech startup of 2016 according to the Skolkovo CyberSecurity Challenge and Finopolis 2016.
Types of fraud using payment systems and terminals
Lawyer Antonov A.P.
Wallets of payment systems, for example, Qiwi, are linked to the personal phone number of a mobile operator during its registration and allow you to top up your account in any convenient way and transfer funds. When using such services, the following ways of deceiving users are possible.
Issuing a non-existent invoice
- consists of generating an invoice for payment for any product, service, charitable contribution, payment similar to messages generated by the payment system. The idea is that the user will confirm the payment without going into details, based on the principle of similarity, as he has done it repeatedly and without consequences.
Imaginary gain
- is an algorithm that consists of sending an SMS message with a text notifying about a large win, to receive which you need to deposit a certain amount or share of the winnings into your wallet account, and then activate it by sending a message to a short number, after which the funds are debited.
Wrong payment
- consists of sending a message supposedly from the payment system service department, indicating that a certain amount of money has been credited to the subscriber’s wallet. After this, another message arrives from the imaginary sender of the money, which notifies that an error has occurred and asks for a reverse transfer. The victim of the fraudster, without checking the actual replenishment of his account, makes a transfer to the specified wallet, thereby losing his own funds.
Equipment similar to a payment terminal can be completely counterfeited, i.e. a terminal is installed, externally similar to a bank terminal, after entering the card into the reader, a message is displayed stating that the terminal is faulty, and the card is returned to the owner. The entire operation takes less than a minute, but this time is enough for the skimmer, built into the device instead of a card reader, to read all the data necessary to make a duplicate, including information from the magnetic stripe.
If the payment terminal is intended for card payments, the following overhead devices can be installed.
Keyboard that remembers the entered PIN code
, superimposed on the standard input device and therefore protruding above the panel, so that it can be identified.
Card reader
, superimposed on the standard slot for entering a bank card and is essentially a skimmer for reading card data. The speed of the card when using such a device may be unreasonably low, and the overlay itself may move away from the panel when you try to slide it.
For older models of payment terminals that are not equipped with phishing protection, a thin fishing line or other holding device is used to allow the inserted bill to be pulled back out.
There is a precedent when a payment terminal was stolen by a group of criminals, dismantled, and the same bill was repeatedly passed through the receiver as payment. The result was the theft of 1 million rubles.
Sincerely, lawyer Anatoly Antonov, managing partner of the law firm Antonov and Partners.
Still have questions for your lawyer?
Ask them right now here, or call us by phone in Moscow +7 (499) 288-34-32 or in Samara +7 (846) 212-99-71 (24 hours a day), or come to our office for a consultation (by pre-registration)!
