Tomcat
Professional
- Messages
- 2,688
- Reaction score
- 1,015
- Points
- 113
Last year, the Central Bank registered 876.6 thousand cases of theft of money from bank cards.
According to statistics, the average size of one such transfer in 2018 was 3,320 rubles, and in 2022 it was already 15,320 rubles. We studied the Central Bank's analytics and talked with Tinkoff Bank security experts to find out why the number of unauthorized transactions is growing and who most often becomes a victim of criminals.
Number of registered crimes in Russia - Ministry of Internal Affairs of the Russian Federation
The thing is that in April 2018, another crime was added to Article 158 of the Criminal Code of the Russian Federation “Theft” - theft from a bank account. With this wording, criminal cases are now being initiated against those who steal money from bank cards. Previously, this was considered “wire fraud” and the penalties were lower. As a result, since April 2018, the number of thefts has increased significantly, while fraud has decreased slightly.
Crimes began to be better taken into account, and statistics shot up sharply: if in 2017 317 thousand illegal card transactions were registered, then in 2018 - 417 thousand, almost a third more, in 2021 - 1035.01, and in 2022 - already 876. 59. According to the Central Bank, the surge in such transactions in 2021 occurred due to the active development of new remote payment services and the growth in the volume of money transfers using electronic means of payment.
The number of registered violations has increased not only because they began to count differently : the number of crimes is actually growing. Russians have more cards in their hands: now there are an average of three bank cards per person in the country, up from one in 2010. The volume of card transactions has grown tenfold over these eight years. And where there is money, there are thieves. For example, in 2021, when a record number of illegal transactions were recorded, the volume of transfers increased by 28% compared to the previous year - to 1048.4 trillion rubles.
The real picture is worse than the statistics of the Central Bank: sometimes the victims do not even complain to the bank - for example, if a small amount was stolen and the client simply blocked the card. Or if a thief gained access to the account, but there was no money in it. Or if the client does not believe that the money will be returned. Nobody knows how many such cases there are in Russia. Moreover, this also affects the level of cybercrime: if no one is looking for thieves, they can easily break the law as much as they want, thinking that nothing will happen to them for it.
A separate problem is the instant transfer service: in a few seconds you can transfer 100 thousand rubles to someone else’s card by simply sending an SMS. Along with convenience, instant transfers also add risk. Such operations take place instantly - if a person transferred money to a criminal, the criminal will receive it immediately. By the time the victim writes a statement to the bank and the police, the thief will have time to transfer the money to another account or cash it out.
But banks do not risk increasing the time it takes for money to be credited from card to card: instant payments are popular among Russians; if conditions worsen, the client will simply go to competitors. After all, quick transfers are convenient, although risky.
The Central Bank itself, which launched the Fast Payment System at the beginning of 2019, has become hostage to the popularity of instant card-to-card transfers . Thanks to this system, money can be transferred by phone number to a card of any bank. Making transfers has become even easier - including for criminals. As of March 2023, 213 banks were connected to the SBP; in 2022, the volume of transfers amounted to 14.4 trillion rubles.
The most popular method of theft is through payment terminals. In the third quarter of 2022, 272.3 million rubles were stolen in this way. Compared to the third quarter of 2021, the number of such thefts increased by 61%. In second place is fraud via the Internet: 59.2 million rubles. In third place is theft through ATMs: 39 million rubles. There are fewer cases of theft via the Internet and ATMs compared to 2021.
For example, a person wrote a PIN code on the back of the card, and then lost his wallet, or when paying in a restaurant, he gave the card to the waiter, and he took a photo of it. Thieves often take advantage of gullibility and a low level of financial literacy: they lure card details or one-time passwords from SMS, posing as bank employees, or trick the victim into connecting someone else’s phone number to their mobile bank. We write about the most common schemes in our “Divorces” section.
Cases of theft associated with number spoofing have become more frequent: criminals use a special service to replace the number from which they are calling. The victim sees an incoming call from his bank number, but in fact it is thieves. Next, social engineering is used: criminals lure out a one-time password from an SMS or give instructions on how to link another phone number to a personal account, taking advantage of the fact that the person does not understand anything about the mobile banking settings.
The Bank of Russia’s attempt to quickly solve the problem of substituting bank numbers failed - Kommersant newspaper
There are also some very ingenious schemes. Criminals can call the bank from one phone and the victim from another. The bank operator thinks he is talking to the client and asks verification questions, while the thief simultaneously asks the same thing from the account owner. There is only one way to protect yourself from this method of fraud: hang up and immediately call the bank back.
You should not believe it, even if the “bank representatives” on the other end of the line correctly name all your data: passport number, card number, balance. Information databases stolen from a variety of departments periodically appear on the black market.
For example, a woman from Serov lost half a million rubles when criminals somehow found out that she had ordered medications from one of the TV stores. An unknown man called the woman and introduced himself as an employee of the Moscow archive. He said that the organization pays compensation to citizens who bought ineffective medications, and specifically it is entitled to 850 thousand rubles. Getting this money is easy: you just need to pay for insurance and delivery - 130 thousand. Later it turned out that there were other additional costs. As a result, the woman lost 530 thousand rubles.
You cannot give access to your account to anyone: in Saratov, police officers asked detainees to show their phone to check if the mobile phone was in the database of stolen devices. In fact, they didn’t check anything, but simply transferred money from the phone owner’s account through mobile banking. Before the police were detained, they managed to deceive 19 people.
Typical client behavior is tracked automatically: the computer constantly collects and analyzes information about transactions and, based on this, creates a unique financial portrait. True, there are times when a person is sure that he is doing everything right, and does not realize that he is becoming a victim of criminals. If the client is one hundred percent sure that he is right, no warnings will help. For example, a bank sees someone transferring half a million to an Albanian bank at three in the morning. The bank suspends the transfer and contacts the client:
Despite the fact that banks are aware of all the popular criminal schemes, account holders themselves should first of all think about the safety of their money. Moreover, the market for online theft is growing: according to forecasts by the American analytical company Mordor Intelligence, by 2024 it will more than double. True, everything is not as scary as it seems: last year in Russia the share of illegal card transactions amounted to only 0.0018% of the total volume of all transactions. Therefore, statistics are not a reason to refuse non-cash payments. The main thing is to remember the safety rules.
(c) https://journal.tinkoff.ru/card-fraud/
According to statistics, the average size of one such transfer in 2018 was 3,320 rubles, and in 2022 it was already 15,320 rubles. We studied the Central Bank's analytics and talked with Tinkoff Bank security experts to find out why the number of unauthorized transactions is growing and who most often becomes a victim of criminals.
What is the correct name for such crimes?
In ordinary life, criminals who defraud cardholders of money are called fraudsters. In the language of banking security experts, such crimes are called “fraud”, from the English fraud - “fraud”. But legally it is still theft, and the one who committed it is a thief.Number of registered crimes in Russia - Ministry of Internal Affairs of the Russian Federation
The thing is that in April 2018, another crime was added to Article 158 of the Criminal Code of the Russian Federation “Theft” - theft from a bank account. With this wording, criminal cases are now being initiated against those who steal money from bank cards. Previously, this was considered “wire fraud” and the penalties were lower. As a result, since April 2018, the number of thefts has increased significantly, while fraud has decreased slightly.
What the statistics say
Since June 2018, the Bank of Russia has tightened control over banks and electronic payment systems - now they need to report not only on the facts of money theft, but also on failed attempts. The Central Bank launched a special “ Feed Antifraud ” system, which automatically processes all information about such cases.Crimes began to be better taken into account, and statistics shot up sharply: if in 2017 317 thousand illegal card transactions were registered, then in 2018 - 417 thousand, almost a third more, in 2021 - 1035.01, and in 2022 - already 876. 59. According to the Central Bank, the surge in such transactions in 2021 occurred due to the active development of new remote payment services and the growth in the volume of money transfers using electronic means of payment.
The number of registered violations has increased not only because they began to count differently : the number of crimes is actually growing. Russians have more cards in their hands: now there are an average of three bank cards per person in the country, up from one in 2010. The volume of card transactions has grown tenfold over these eight years. And where there is money, there are thieves. For example, in 2021, when a record number of illegal transactions were recorded, the volume of transfers increased by 28% compared to the previous year - to 1048.4 trillion rubles.
The real picture is worse than the statistics of the Central Bank: sometimes the victims do not even complain to the bank - for example, if a small amount was stolen and the client simply blocked the card. Or if a thief gained access to the account, but there was no money in it. Or if the client does not believe that the money will be returned. Nobody knows how many such cases there are in Russia. Moreover, this also affects the level of cybercrime: if no one is looking for thieves, they can easily break the law as much as they want, thinking that nothing will happen to them for it.
Why is the number of thefts increasing?
First of all, the number of thefts is growing because the market for non-cash payments and transfers is growing: according to the Central Bank, over the nine months of 2022, Russians transferred 53.4 trillion rubles to each other. For comparison, Russians spent less on card purchases—34.2 trillion.A separate problem is the instant transfer service: in a few seconds you can transfer 100 thousand rubles to someone else’s card by simply sending an SMS. Along with convenience, instant transfers also add risk. Such operations take place instantly - if a person transferred money to a criminal, the criminal will receive it immediately. By the time the victim writes a statement to the bank and the police, the thief will have time to transfer the money to another account or cash it out.
But banks do not risk increasing the time it takes for money to be credited from card to card: instant payments are popular among Russians; if conditions worsen, the client will simply go to competitors. After all, quick transfers are convenient, although risky.
The Central Bank itself, which launched the Fast Payment System at the beginning of 2019, has become hostage to the popularity of instant card-to-card transfers . Thanks to this system, money can be transferred by phone number to a card of any bank. Making transfers has become even easier - including for criminals. As of March 2023, 213 banks were connected to the SBP; in 2022, the volume of transfers amounted to 14.4 trillion rubles.
The most popular method of theft is through payment terminals. In the third quarter of 2022, 272.3 million rubles were stolen in this way. Compared to the third quarter of 2021, the number of such thefts increased by 61%. In second place is fraud via the Internet: 59.2 million rubles. In third place is theft through ATMs: 39 million rubles. There are fewer cases of theft via the Internet and ATMs compared to 2021.
How to get scammed for money
If you believe the statistics of the Central Bank, in 70% of cases money is stolen from a card using social engineering, that is, when scammers persuade the victim to either give out card details or a password from an SMS, or simply transfer money. Also, money is often stolen from the card precisely through the fault of the client himself.For example, a person wrote a PIN code on the back of the card, and then lost his wallet, or when paying in a restaurant, he gave the card to the waiter, and he took a photo of it. Thieves often take advantage of gullibility and a low level of financial literacy: they lure card details or one-time passwords from SMS, posing as bank employees, or trick the victim into connecting someone else’s phone number to their mobile bank. We write about the most common schemes in our “Divorces” section.
Cases of theft associated with number spoofing have become more frequent: criminals use a special service to replace the number from which they are calling. The victim sees an incoming call from his bank number, but in fact it is thieves. Next, social engineering is used: criminals lure out a one-time password from an SMS or give instructions on how to link another phone number to a personal account, taking advantage of the fact that the person does not understand anything about the mobile banking settings.
The Bank of Russia’s attempt to quickly solve the problem of substituting bank numbers failed - Kommersant newspaper
There are also some very ingenious schemes. Criminals can call the bank from one phone and the victim from another. The bank operator thinks he is talking to the client and asks verification questions, while the thief simultaneously asks the same thing from the account owner. There is only one way to protect yourself from this method of fraud: hang up and immediately call the bank back.
You should not believe it, even if the “bank representatives” on the other end of the line correctly name all your data: passport number, card number, balance. Information databases stolen from a variety of departments periodically appear on the black market.
For example, a woman from Serov lost half a million rubles when criminals somehow found out that she had ordered medications from one of the TV stores. An unknown man called the woman and introduced himself as an employee of the Moscow archive. He said that the organization pays compensation to citizens who bought ineffective medications, and specifically it is entitled to 850 thousand rubles. Getting this money is easy: you just need to pay for insurance and delivery - 130 thousand. Later it turned out that there were other additional costs. As a result, the woman lost 530 thousand rubles.
You cannot give access to your account to anyone: in Saratov, police officers asked detainees to show their phone to check if the mobile phone was in the database of stolen devices. In fact, they didn’t check anything, but simply transferred money from the phone owner’s account through mobile banking. Before the police were detained, they managed to deceive 19 people.
How banks fight theft
Suspicious transactions are suspended, the transfer is frozen and the client who is sending the money is contacted. For example, if the bank sees that a client changes his password in online banking and then immediately attaches a new phone number to his personal account, this is a reason to call the old number and find out if everything is okay. In September 2018, the Central Bank outlined three signs that should immediately alert bank employees:- The money is received by a person who has already been noticed in similar crimes and is included in the appropriate database.
- The device from which the transfer is made has been used for illegal schemes before.
- “Atypical transaction” - let's say the bank knows that a particular client has always withdrawn small amounts from an ATM once a week and has never transferred money through mobile banking. If the system sees that this client is sending half a million at three in the morning to an Albanian bank account, the payment will be suspended. A bank representative will contact the client to make sure everything is in order.
Typical client behavior is tracked automatically: the computer constantly collects and analyzes information about transactions and, based on this, creates a unique financial portrait. True, there are times when a person is sure that he is doing everything right, and does not realize that he is becoming a victim of criminals. If the client is one hundred percent sure that he is right, no warnings will help. For example, a bank sees someone transferring half a million to an Albanian bank at three in the morning. The bank suspends the transfer and contacts the client:
- BANK: Hello, Ivan Petrovich. The bank is calling you. We saw that you are transferring a large amount abroad. Is this really true?
CLIENT: It's okay. I just suddenly remembered that I owed an old friend money and decided to give it back.
B.: Ivan Petrovich, do you understand that if you become a victim of criminals, the money will not be returned, since you transferred it of your own free will?
K.: Yes, I understand everything.
Despite the fact that banks are aware of all the popular criminal schemes, account holders themselves should first of all think about the safety of their money. Moreover, the market for online theft is growing: according to forecasts by the American analytical company Mordor Intelligence, by 2024 it will more than double. True, everything is not as scary as it seems: last year in Russia the share of illegal card transactions amounted to only 0.0018% of the total volume of all transactions. Therefore, statistics are not a reason to refuse non-cash payments. The main thing is to remember the safety rules.
How to avoid becoming a victim of criminals
- Do not tell anyone your first and last name, card expiration date and security code on the back.
- Do not share SMS codes with anyone, not even bank employees.
- Do not leave your card unattended or allow a store clerk or waiter to take it out of sight.
- Set up confirmation of all card transactions with a PIN code .
- Order an additional card to pay online.
- Do not follow links from unfamiliar SMS and messenger messages.
(c) https://journal.tinkoff.ru/card-fraud/