Bank of Russia to receive information about all participants in fraudulent transfers
The Bank of Russia’s Financial Sector Computer Emergency Response Team (FinCERT) provides a platform for all Russian credit institutions to exchange data on frauds. The FinCERT will receive additional information from banks about the parties involved in such transfers and not only about the ultimate recipient of the stolen money. This is stipulated in the revised version of the standard on the rules for the exchange of information about cyber attacks and information security incidents in finance (STO BR BFBO-1.5-2023).
The document is to become effective on 1 October 2023. It is needed to ensure compliance with the law on information exchange between the regulator and the Ministry of Internal Affairs of the Russian Federation.
After the standard comes into force, banks will be able to provide information on fraudulent money transfers based on more than 50 unique features. In particular, the standard classifies as suspicious such cases when an online banking account is active in different geographical locations simultaneously or when a pre-approved loan is raised immediately after unblocking of an online banking account blocked due to the entry of an invalid login, password or phone number.
Besides, banks should pay attention to money transactions that are not common for a particular client and carried out using a new telephone or computer. When forwarding information on detected fraudulent transactions to the FinCERT, banks will specify the unique set of data of the devices used for such transactions, including the model and manufacturer of the device, the number of the SIM card, geolocation, and other parameters.
The requirement to submit data on cyber attacks and personal data leaks in as much detail is possible is also provided for according to the international system of fraud classification.
In addition, the document simplifies the procedure for communication between information exchange participants and the FinCERT by standardising the mechanism for data exchange.
‘The revised version of the rules that were first established in 2018 has been developed considering the recent fraud techniques. The forms of requests have been tailored to the future exchange of information between the Bank of Russia and the Ministry of Internal Affairs of Russia about the facts of thefts in the course of money transfers. As a result of the expansion of the content and higher quality of data forwarded to our automated system, banks will be able to counteract fraudulent transfers more efficiently,’ noted Vadim Uvarov, Director of the Bank of Russia’s Information Security Department.