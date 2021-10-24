Jet Infosystems specialists have not come across this type of fraudulent scheme en masse. The largest MFOs interviewed by RBC and the self-regulatory organization “MiR” have not yet recorded such a scheme.

“In the old scheme, when the victim was convinced that“ money is being transferred from your account, a loan is being issued to you, ”a reasonable person went to the Internet bank, did not see such transactions and asked the question:“ Why are no notifications coming? ” The fraudsters were not very clever in explaining the reasons, “says Alexei Sizov, head of the anti-fraud department of the center of applied security systems of Jet Infosystems. In the current scheme, everything looks more realistic: all incoming messages are legitimate, you can probably call and check the registration attempt on such resources, and they will be confirmed there, the expert notes.

“The attack can last for a considerable time, heating up the situation to the maximum. After that, the attackers call and ask for a screenshot, which, among other things, will have an access code to the microfinance organization’s website, ”Chebyshev said.

2-2.5% of all loans in MFOs fall on loans that fraudsters arrange for third parties, while the main scheme is related to the issuance of online loans, Evgenia Lazareva, head of the Popular Front project “For the Rights of Borrowers”, told RBC. The microfinance market is fighting this problem, developing more serious verification mechanisms, due to which the number of such cases is reduced, Lazareva added.

Distance loans are a rather expensive segment from an operational point of view, so only large and a number of medium-sized market participants can afford such services, explains Elena Stratyeva, director of SRO MiR. According to her, to apply for a loan, you may really only need passport data, SMS and card number for crediting funds, but the MFOs themselves conduct additional checks on clients for several factors. Therefore, according to Stratyeva, the issuance of a loan simply by the passport number filled in the questionnaire and SMS confirmation is unlikely.

Each client’s application goes through a scoring system, it includes an anti-fraud model that analyzes more than 180 parameters: atypical contact of a given client with an MFO by credit history, his mobile or computer device, place and region of entry to the company’s website, etc. shared the managing director of the company “Lime-Loan” Olesya Kiseleva.

To apply for a loan at MFC MigCredit, you must also indicate SNILS or TIN (when issuing up to 15 thousand rubles) or go through full identification when issuing larger loans, said Konstantin Dedyukiev, head of the fraud prevention department at MFC MigCredit. MFIs working online also have a limitation of the validity period of the code from SMS when it is sent to confirm the phone number and at the stage of signing the contract – usually no more than a minute, Kiseleva clarified: two codes, a loan under such a fraudulent scheme is unlikely. “

Fraudsters know that only one passport and phone number are usually not enough to apply for a loan, so they try to keep constant contact with the person on whose behalf they are applying for a microloan, adds Anton Gruntov, Security Director of Eqvanta Group. Fraudulent registration is possible if the fraudster is “in collusion” with the client, says Leonid Kornilov, chairman of the board of directors of the Finbridge group: “For example, when a fraudster promises the client“ help ”in obtaining borrowed funds and for this the client needs to follow all the fraudster’s instructions “.

According to a representative of the security service of the MFC Zaimer (owned by the Robocash Group), the described scheme is too complicated for mass use by cybercriminals. He noted that the fraudsters in this scheme use the victim’s real number, and not their own, in order to make it more difficult to find the criminals, since in fact the loan agreement was signed electronically by the owner himself.

The MFO market does not have a mechanism for comparing a bank card and a client’s passport data, which would be most effective in combating all types of fraud, Kornilov emphasized: not at the beginning. “