Bank of Russia expands bank toolkit to fight fraudulent transfers
The regulator recommends that banks should assess the risks of breaking the rules for the use of electronic means of payment (cards, mobile applications and personal Internet banking accounts) belonging to persons whose transaction information has already been entered into the database on money transfers without customer authorisation. A corresponding letter was sent to credit institutions.
When identifying non-standard card and account transactions of persons registered in the Bank of Russia database, banks are offered to suspend remote access to account management. This will make it more difficult for fraudsters to withdraw money and will increase the chances of its returning to the true owner. Also, the Bank of Russia recommends that banks notify a client about the suspension and state the reason. The operation of electronic means of payment may be resumed after the client's personal application to the bank.
The recommendations were developed following consultations with banks to ensure a more effective response and suspend transactions made by droppers — persons who use remote channels to withdraw and cash out money stolen from other people's accounts. The information exchange with the regulator and the anti-fraud measures allow banks to limit transfers without customers’ authorisation in a timely manner.
‘Today, banks have sufficient information about clients, the nature and volume of their transactions. Therefore, they should assess the risk of using electronic means of payment for illegal purposes when seeing unusual activities in the client's account. Good-faith account holders should not be afraid that the operation of their means of payment might be restricted,’ says Vadim Uvarov, Director of the Information Security Department.