The regulator recommends to banks to assess the risk of violating the rules of using electronic means of payment belonging to persons whose information about transactions has already been entered into the database of money transfers without the customer’s consent. A relevant letter was sent to the credit organizations.
If unusual transactions are detected on cards and accounts of persons whose information is in the Bank of Russia database, banks are asked to temporarily suspend remote access to account management. This will make it difficult for attackers to withdraw money and increase the likelihood of their being returned to their rightful owner. At the same time, the Bank of Russia recommends notifying the client of the suspension, indicating the reason. The resumption of the operation of electronic means of payment is possible after the customer’s personal notification to the bank.
The recommendations were developed after consultations with banks and allow to increase the effectiveness of suspending the activities of droppers — people using remote channels to withdraw and withdraw stolen money from other people’s accounts. The exchange of information with the regulator and the measures taken to counteract frauds allow banks to limit transfers on a timely basis without the consent of customers.
“Today, banks have enough information about their customers, as well as the nature and volume of their transactions. Therefore, in the event of any unusual activity on the customer’s account, the customer should assess the risk of using electronic means of payment for illegal purposes. Conscientious account holders should not be afraid of limiting their means of payment, ”says Vadim Uvarov, director of the Information Security Department.
