Translated by
2019/11/14 11:57:17

Fraud with bank cards



Main articles:


B of Russia appeared a new method of theft of money from bank cards

In the middle of November, 2019 it became known of a new method of theft of money from bank cards in Russia. Swindlers bring means using online services on sending money from the card to the card (card2card system).

Using the sard2card-scheme, malefactors enter these cards with which want to charge off money, and the account into which they intend to enlist them. After that they call card owners under the guise of security service specialists of bank and ask to call the code from the message. As a result of means there are on virtual cards, it seems Yandex.Money, QIWI or Webmoney.

File:RIAN (1).jpg
In Russia it became known of a new method of theft of money from bank cards

According to the source Izvestia in Information Security Service of one of regional banks if in 2018 it was not recorded any case of theft of money through card2card, then in the 2019th it occurs to four times a month.

As swindlers who manage with use of methods of social engineering to steal money from someone else's card reported the edition in the press service of Sberbank, in 80% of cases, transfer them to virtual "plastic".

According to the deputy director of department of information security of FC Otkritie Ilya Suloyev, such method of theft of money from cards is explained by simplified identification of the client and existence of methods of its bypass for gaining access to financial services by the third parties.

The newspaper reports that in judicial practice there are cases when with the assistance of banks the injured client manages to return money. At the same time because swindlers use electronic payment instruments on different services, on search and a refund it is necessary to spend more time.

The technical director of the company of DeviceLock Ashot Oganesyan noted that before purchase of things in foreign online stores to the address of intermediaries was the most popular methods of cashing in among the swindlers specializing in theft of money from plastic cards.[1]

Visa: Fraud with bank cards in Russia one of the lowest in the world

Fraud level with bank cards in Russia is one of the lowest in the world, the head of the department of risk management of Visa payment system in Russia Evelina Nechiporenko on air of a podcast of Fears/error in the middle of October, 2019 reported.

We have statistics on cards of Visa, and Russia actually … at it fine statistics on the level of frauds, one of the lowest. We explain it with good work of our banks which conduct both explanatory work with the clients, and work on information security, protection of the systems. It plays very large role too — she told.

Fraud level with bank cards in Russia is one of the lowest in the world
Fraud level with bank cards in Russia is one of the lowest in the world

According to her, people often leave the data on the websites of swindlers. These are the websites offering a lottery, the websites with draws of some prizes, the websites with some advantageous offers at very low price of goods when people try "peck" on some very advantageous offers.

For example, fraudulent websites are used for collection of data on phones, on cards and on all other personal information and payment information — the expert warned.

As marked out Nechiporenko, banks are already able to be protected from cracking and cyber attacks independently. If the client of bank suspected that swindlers try to contact it, it is necessary to call back immediately in bank by the known number to phone. Bank employees never ask the card number and code CVV.

The representative of Visa emphasized that fraud gradually developed into social engineering. Occasionally, people do not even suspect that they say with fraudulent call centers.

According to the State Office of Public Prosecutor of the Russian Federation, since the beginning of 2019 on October in Russia more than 18.8 thousand crimes in banking sector were registered, the damage exceeded 154 billion rubles.[2]

Kaspersky Lab warned about viruses in ATMs which steal money

At the end of September, 2019 Kaspersky Lab announced a new virus which malefactors install in ATMs for theft of money from bank cards. Read more here.

The cashier remembered 1300 bank cards and paid with them purchases

On September 9, 2019 Yusuka Taniguchi who thanks to the photographic memory remembered data more than 1300 credit cards knew of detention of the cashier of one of shops in Japan and then used them for the purchases. Read more here.

Security officers become most often the victims of fraudulent lotteries

Men of middle age with work experience in law enforcement agencies most often become the victims of fraud with a dummy lottery when at the person ask to provide data of the bank card for a prize. It was said on September 5, 2019 by the first deputy director of the department of information security of the Central Bank of the Russian Federation Artem Sychev at an autumn session of the Ural forum of an informbezopasnostiya of the financial sphere in Moscow.

This "distributing" very simple: participate in a lottery — you will win a prize. You will not believe, but in this age category men, especially which somehow were related to law enforcement agencies, come across much more often than all others. Ridiculously, when the person, dear colonel, says: "I know, the devil pulled me for one and a half thousand to give all data of the card".

Men of middle age most often become the victims of fraud with a dummy lottery
Men of middle age most often become the victims of fraud with a dummy lottery

He marked out that for Internet swindlers became more often to select from quality of the potential victim of aged people from 32 to 48 years — i.e., "economically active" citizens who can have a large amount on the account. Because elderly people usually store means on deposits, and on the card they have some money.

Obzvonshchiki sit on percent therefore it is important for them that the amount of the withdrawn money was big. Guess at what population the amount on the account in the moment can turn out big? Only at economically active — the representative of the regulator explained.

At the same time 65% of the victims of social engineering are women of economically active age because at the time of call-down by swindlers they are more busy with affairs.

These are women who have children, and, as a rule, juveniles. And women active, still the head hurts them about work. Or the married - still the head about the house hurts them. Or it is the unmarried, so problems of actually personal order — Sychev told.

As swindlers deceive Russians by phone, pretending to be state lawyers

At the beginning of September, 2019 the Ministry of Justice of the Russian Federation warned about a new type of telephone fraud. Criminals call citizens allegedly from official numbers of Ministry of Justice and under the guise of government employees extort money from bank cards.

Unknown persons call Russians and, being represented by investigators of law enforcement agencies or other state bodies of Russia, announce an opportunity to compensate the cost of services of the lawyer and also to receive moral compensation for the purchased counterfeited dietary supplements.

Russians were warned about a new type of telephone fraud
Russians were warned about a new type of telephone fraud

Swindlers suggest people to send to Ministry of Justice or other departments the statement with a request to provide the free state lawyer for criminal proceedings, after it "defender" calls. Using the special software its number is displayed as number of the Ministry of Justice.

The swindler who provided the lawyer under different pretexts reports that he needs to transfer money through payment systems, including through the system of fast payments.

The Ministry of Justice noted that received over 3 thousand petitions from citizens from different regions of Russia with a request to provide the free lawyer. Numerous statements of similar contents come to Investigative Committee too. The set damage from such swindles by September 3, 2019 is not called — the police understand a situation, investigation is monitored by the State Office of Public Prosecutor.

Department warns that the persons suggesting to allocate money for accounts of courts and other public institutions by means of the systems of fast money transfers cannot be the staff of Ministry of Justice and other federal executive authorities of the Russian Federation and also law enforcement agencies performing the job responsibilities.[3]

The participant of the hacker TipTop group stealing funds from bank cards is sentenced to 2 years of prison conditionally

On August 28, 2019 the Group-IB company reported that in Chuvashia the sentence concerning the participant of the hacker group, within several years attacking clients of the largest Russian banks is pronounced. The group which received the working name TipTop committed thefts of money from bank cards of citizens using the malware. The participant of group was delayed as a result of the conducted special operation of department "To" the Ministry of Internal Affairs in the Chuvash Republic together with Administration "K" of the MIA of Russia with assistance of experts of Group-IB. Read more here.

Calls on behalf of the famous analysts in Russia began to use for plunder of money

At the end of August, 2019 it became known of the new scheme of fraud by phone. Malefactors are represented by the famous financial analysts and entice money at citizens.

About this fraud Kommersant was told in large banks. At the same time they did not tell the names of experts for whom swindlers as are afraid of bigger damage to reputation issue themselves. It is known only that it is about analysts who often give comments in media. Having heard a familiar name, people begin to trust speculators.

Russia began to use calls for plunder of money
Russia began to use calls for plunder of money

Judging by complaints, it is generally possible to select two schemes. The first is money transfer to broker accounts of pseudo-investment companies whose name is similar to known. For example, in the nonexistent "Alfakapitalkapital" conformable with UK "Alpha Capital". After money transfer the analyst disappears, and the account is not belonging to the specified company.

Within the second scheme called those who already made investments in the pseudo-investment platform and wanted to return them. "Analyst" promised "security of the made procedures in the course of formation of the account, safety of finance of the client and ensuring trade operations on accounts of the broker who is working within the legislation of the Russian Federation and having the license of the Central Bank". At the same time calling claimed that withdrawal of money is possible only through the Qiwi Wallet, and said that it is necessary to transfer 50-100 thousand rubles to this purse.

According to the senior investment advisor "BKS the Broker" Maxim Kovyazin, such calls spoil reputation of the companies and analysts as not only the beginning investors can become the victims of similar deception. The head of the analytical department of Raiffeisenbank Anastasia Baykova noted that financial analysts never contact private clients by phone.[4]

Frauds with cards and online banking in Russia became in 8 times more

In the first half of 2019 in Russia 6613 criminal cases about fraud connected with electronic payments (Article 159.3 of the Criminal Code of the Russian Federation) that in 8 times more in comparison with the same period of the 2018th were registered. The statistics collected by the Main information and analytical center Ministry of Internal Affairs of the Russian Federation and published on August 20, 2019 demonstrates to it.

Besides, in the first six months 2019 for 28% the number of the registered crimes (to 4441) under the article about fraud when receiving payments increased.

In Russia the number of cases on fraud with electronic payments grew by eight times
In Russia the number of cases on fraud with electronic payments grew by eight times

As fraud with electronic money usually consider any illegal actions, first of all — non-cash transfers. Among often found types of the attacks there is the leading anti-virus expert of Kaspersky Lab [Golovanov Sergey|Sergey Golovanov]] the phishing, social engineering, bank Trojans and attacks on the systems of Internet banking calls.

The deputy manager of legal service of the office of the business ombudsman Natalya Ryabova connected growth of number of crimes under the Article 159.3 by UK with activation of swindlers in the field of electronic payments and the resolution of a plenum of the Supreme Court of November, 2017 which explained features of application of article about fraud.

Perhaps, law enforcement agencies understood more accurately what is understood as this structure, and began to apply this article more actively — Ryabova noted.

The lawyer of Ekkorp-Zashchita Bar Oleg Nikulenko says that money withdrawal in the ATM from the stolen or forged card and money withdrawal from the card does not fall under Article 159.3 of the Criminal Code of the Russian Federation if the victim herself reported a PIN code from it. The expert added that article extends to plunder of money using the stolen or forged card when this card is shown to the employee of bank or shop. Waits for the swindler up to ten years of imprisonment at commission of crime by organized group or in especially large size.[5]

Swindlers thought up a new method of deception of Russians by phone from a bank name

On August 12, 2019 it became known of a new method of fraud with bank cards in Russia. Malefactors do not ask the victims of personal data and by that do not cause suspicion.

According to Rossiyskaya Gazeta, malefactors in telephone conversation are represented by employees of the bank and announce users that their means try to display illegally from the account in other region.

Data of the smartphone force to transfer by deception people. After that malefactors get access to confidential information
Data of the smartphone force to transfer by deception people. After that malefactors get access to confidential information

Swindlers say to the victim that they blocked attempt of write-off of money, and suggest to verify devices which have access to a personal account. Then they learn  whether the client uses the device with the Android operating system or iOS. After that malefactors suggest to help to disconnect a system which the client, using the program of delegation of access TeamViewer does not use.

This software allows to be connected to the smartphone by special number (ID) and to make any transaction on behalf of the owner. Chances to prove attempt of cracking are minimum as the user provides access voluntarily.

The correspondent of Rossiyskaya Gazeta  did not begin to install the third-party application, and  instead submitted the application for  suspicion for  fraud to  the Main Investigation Department  of the Ministry of Internal Affairs. In three days the address of the journalist was redirected to Bureau of special technical events of General Directorate of Ministry of Internal Affairs. Still several days later a certain employee contacted the reporter for refining of a residence address.

Messages about  new schemes of fraud appear regularly, and  in most cases criminals try to use carelessness and  trustfulness of citizens. According to the Central Bank of the Russian Federation, almost in  every third case Russians  lose means on  the accounts because of own carelessness  at the address with  Internet services and  mobile devices.[6]

The Central Bank told about new fraud at money transfer via the ATM

On July 5, 2019 the Central Bank of the Russian Federation told about a new type of fraud at money transfer via the ATM. This method is based on "imperfection of scenarios of processing of transfers" and connected with money transfer from the card on the card, said in the overview  of FinCERT (FINTSERT — structural division of the Bank of Russia) for 2018. 

The Bank of Russia detected a new method of fraud with canceling of transactions from the card on the map with use of ATMs
The Bank of Russia detected a new method of fraud with canceling of transactions from the card on the map with use of ATMs

The person selects from the ATM transfer from the client to the client (P2P) then he dials the card number of the receiver. Then the bank sends messages on authorization to bank receiver and bank sender. To the client the notification about approval of transaction from both banks practically at the same time comes.

Then the actual transfer when the balance on the card of the receiver increases is executed. On the card of the sender at this moment amount of transfer is frozen.

Then the ATM "asks" the sender about consent to write-off of commission charges for transaction. The sender does not agree therefore the bank initiator sends the message about return to bank sender and bank receiver  — the Central Bank explains.

The means frozen on the card of the sender will be unblocked, however by this moment the receiver manages to withdraw the funds sent it.

For risk minimization of the attacks of the Central Bank recommended to check correctness of scenarios of operation of ATMs, first of all sending the message about return of means to bank of the sender of means should happen only after a successful completion of transaction of return towards payee bank.

In the report of FINTSERT it is also said that in 2018 hacker the Cobalt groupings ( also FIN7 is also known as Carbanak)  and Silence was succeeded to steal more than 58 million rubles from the Russian banks. It is more than 17 times less  than results of the 2017th — then FINTSERT reported on losses of the Russian banks in the amount of more than 1 billion rubles.[7]

In Khabarovsk the swindler stole money from bank cards by an unusual method

In May, 2019 information that the staff of Regional Office of the Ministry of Internal Affairs of Russia across Khabarovsk Krai delayed the 23-year-old native of Nikolaevsk - on - Cupid appeared, suspected of participation in a series of thefts from bank accounts of citizens[8].

According to the message[9] of the press service of department, the malefactor acted in different districts of the city, generally in large shopping centers and in shops. He selected ATMs where there were small queues, and then using the proximity bank card transferred money for the phone number, but did not complete operation and departed. The person following the swindler inserted the bank card and a system automatically completed the previous operation and charged the specified amount off an account of the victim.

Further the suspect through electronic payment systems transferred the stolen funds to the account or for the card of the acquaintance and cashed.

During a search at the place of residence of the suspect bank cards, electronic media of information, SIM cards and also mobile phones were withdrawn. The preliminary amount of damage is estimated at 50 thousand rubles. Concerning the young man criminal case according to Part 3 of Article 158 of the Criminal Code of the Russian Federation ("Theft") is brought. Article prescribes the maximum punishment up to 6 years of imprisonment.

2018: Plunder from bank cards became separate crime

The bill toughening punishment for theft of funds from bank cards, the State Duma accepted in the second, final reading. Theft of funds from bank cards will be considered from now on as fraud — the relevant amendments will be published in the Criminal code of the Russian Federation. For such crime threatens violators up to 6 years of prison[10].

To avoid severe penalty till this day malefactors wrote off money the small amounts, however, the total amount of plunder becomes comparable to serious crimes in this connection deputies decided to toughen punishment and to make it criminal.

Besides, if swindlers at theft of means use someone else's electronic payment instrument, for similar act will threaten them up to three years of imprisonment.

2017: The State Duma will increase term of deprivation of freedom for embezzlement from bank cards

The State Duma of the Russian Federation in October, 2017 at a meeting on Wednesday adopted in the first reading the amendments in the Criminal Code (CC) setting separate punishment for embezzlement from the bank account and electronic money. According to the bill, punishment for such crime can be changed from these four months to three years of imprisonment.

The relevant bill was entered by group of deputies headed by the Chairman of the Committee of the lower house of parliament on the financial market Anatoly Aksakov (Just Russia).

The document provides entering of additions into  Article 159.6 of the Criminal Code of the Russian Federation (Fraud in the field of computer information) the qualifying signs — embezzlement from the bank account, and equally electronic money and also introduction of amendments to  Article 159.3 of the Criminal Code of the Russian Federation (Fraud using electronic payment instruments).

In particular it is offered to enshrine  in the Criminal Code of the Russian Federation responsibility for "the plunder of someone else's property committed using counterfeit or the electronic payment instrument belonging to other person, including credit, account or other payment card, by deception of the authorized employee of credit, trade or other institution". The maximum punishment for this crime should be enhanced from the operating four months to three years of imprisonment

The initiative also provides decrease in threshold values of the amounts of large and especially major damage for the crimes provided by these articles (250 thousand rubles and 1 million rubles respectively). According to the existing penal legislation, the maximum punishment for embezzlement from the bank account in especially large size makes 10 years of imprisonment.


Thefts from bank cards are afraid of 65% of Russians

By data VCIOM of 65% of Russians with a concern treat a possibility of theft of their means and personal information from electronic accounts and bank [11]

Specialists of the All-Russian Public Opinion Research Center also found out that users of "plastic" are afraid to face loss of money because of information distributed by malefactors through SMS or by e-mail (56%).

Besides, every third Russian faced the illegal acts connected with cellular communication and Internet services. Are highest a share of such cases among youth (36% 18-34-year-old), Muscovites and Petersburgers (37%), active Internet users (38%) and residents of the average cities (43%).

When using bank cards only 36% of respondents have feeling of security, 58% feel the vulnerability rather.

Prices of cracking of bank cards

The Dell SecureWorks company which specializes in assessment and the analysis of information security of computer systems published in the summer of 2016 "price list" of service prices of hackers worldwide.

"Services" considerably fell in price by cracking of bank cards. So access to the Visa and Master Card cards of the American bank will cost $7, European Bank – $40. Cracking of the Premium Visa and MasterCard credit card will cost $30-80.

Scales of unauthorized bank card transactions impress – for 2015 in Russia more than 260 thousand fraudulent transactions for the amount of 1.14 billion rubles were perfect.

You See Also: Quotations of user data in the market of cybercriminals


Fraud on credit cards in Britain grew

According to Experian in Britain fraud level on the current accounts in 2015 grew more than twice: with 73 on each 10,000 requests in January to 156 on 10,000 requests in December. Growth of fraud on the current accounts also promoted change of a ratio between fraud of the first person and plunder of personal data. At the beginning of 2015 51% of the requests on all financial products recognized fraudulent and rejected were classified as fraud of the first person, and 49% – as attempt of theft of personal data (fraud of the third party). By the end of the year — it the ratio considerably changed – in December 59% fell to the share of plunder of personal data.

Fraud on credit cards in January, 2015 made in Britain 36 on each 10,000 requests, however within a year increased to 55 by 10,000 requests. The same way, fraud according to insurance policies made 37 on each 10,000 requests at the beginning of a year, but grew to 68. As well as in a case with fraud on the current accounts, fraud on credit cards was substantially connected with plunder of personal data.

"Fraud on the current accounts moved to the forefront in 2015. The leading role in it was played by the criminals stealing personal data. The positive aspect consists that promulgated digits belong to the revealed and prevented fraud, i.e. demonstrate reliability of the systems protecting financial products, - Frolova Natalia, the marketing director of Experian, Russia and CIS comments. – However, all of us nevertheless need to be vigilant and to try to follow not it and to difficult rules of preserving of security of the personal data".

How to secure itself against theft of personal data

  • Always tear or otherwise destroy the documents which became unnecessary containing your personal data, do not throw out them entirely at all.
  • Do not react at all to "cold calls" and electronic messages in which account details, PIN codes, passwords or personal data ask to provide you.
  • Do not report about yourself too many data on social networks, for example, of a nickname of pets which you can use as passwords.
  • Regularly trace mail that the nobility when to expect important finance or other documents which may contain your personal data and take measures in case of their absence.
  • When moving be not too lazy to reach mail and to warn them about need of readdressing of your mail.
  • Always use reliable unique passwords for the greatest possible quantity of accounts on the Internet, and ideally – the individual password for each of them. As a last resort think up unique passwords for each type of service providers, such as financial institutions, online stores and e-mail.
  • You do not store the login and the password on the smartphone: in the electronic message, in the form of a note or for "automatic filling" when opening the website or the application. This information will become a pot of gold for swindlers in case of loss or theft of your phone.
  • You are not lazy to check statements on bank accounts and cards regarding suspicious transactions.
  • Regularly check the Credit history: there all your actions on the credits so you will be able to reveal the expenses which do not have relations to you are specified.

2013: Russia is in the lead on growth rates of losses from fraud with bank cards (+27% in a year)

Russia won first place in Europe on growth rates of losses from fraudulent transactions with bank cards in 2013. The volume of these losses in Russia in 2013 grew by 27.6% in comparison with an indicator the previous year and, respectively, by 10 times in comparison to data of 2006, and for 365% – 2008.

On the volume of these losses which increased by 22.5 million euros and reached 104.1 million euros last year Russia is in the fourth place among 19 European countries. It is advanced:

  • Britain (534.9 million euros),
  • France (428.9 million euros) and
  • Germany (116.3 million euros).

The data provided on the interactive map developed by FICO "Evolution of card fraud in Europe 2013" are like that.

At the same time, in Russia fraud with cards by the so-called method Card Not Present is much lower, than in countries of Western Europe (in our country its share of only 3% of losses). One third of the Russian losses (1683.8 million rubles) is the share of Counterfeit Cards and about the same (1599.4 million rubles) – of Lost and Stolen. Fraud by method ID Fraud in Russia yielded losses in the amount of 685.2 million rubles.

"FICO notes that in those conditions when the market is not saturated yet and distribution of cards in Russia continues, the threat of fraud is not so obvious – but the speed with which losses from it increase guards. Specialists of FICO warn that when growth rates of the card market are aligned, and losses will increase, the solution on implementation of developments on counteraction to fraud can be overdue – on installation and obtaining result can leave from six to eight months", - the head of FICO in Russia Shtemanetyan Evgeny says.

In 2013 cumulative losses from fraud with cards in 19 European countries made 1.55 billion euros, having even a little exceeded an indicator of 2008 when the last peak value was observed.

See Also