It is planned to introduce a simplified procedure for the return of funds to citizens who have suffered from a fraudulent transaction in the amount to be determined by the Bank of Russia. To do this, the citizen must notify the bank about the fraud no later than the next day after receiving a notification from the bank about the operation. The Central Bank does not disclose the exact methodology for calculating this amount, noting only that it will be calculated “based on the targeted return of funds to citizens on average in 80-90% of all cases of social engineering.” According to a study by the Tinkoff group, in 2020, fraudsters stole an average of 13.9 thousand rubles from Russians. at once.

Refunds within the specified amount apply to all banks, but if the bank has a low level of anti-fraud (anti-theft prevention mechanism), then it will have to return the entire stolen amount of money to the client, even if it exceeds this amount. The low level will include cases when banks cannot identify transactions made without the client’s consent, despite receiving the necessary information from the Central Bank about fraudulent transactions.

It is not clear from the document to what extent the behavior of the bank’s client will affect the refund procedure when, under the influence of fraudsters, he transfers funds to them on his own. Now, by law, banks must return funds only in cases where they were not stolen through the fault of the client. Two sources of RBC in banks also say that the market does not yet have an answer to this question.

Simultaneously with the introduction of the refund amount, the Central Bank proposes to significantly change the procedure for confirming transactions by banks if they see signs that they are being committed for fraudulent purposes. In particular, the regulator wants to give banks the right to write off money on them after one or two working days, even despite the client’s consent. “As a rule, in two days the client realizes that the money is being transferred to the fraudster, he has the opportunity to reject the transfer,” the Central Bank explains in the materials.

The Central Bank proposes to impose the obligation to check transactions for signs of fraud, including reconciliation with the base on transfers without the consent of the client, not only to the bank of the citizen or the company that initiate the transfer or payment operation, but also to the bank where the recipient of this money is served.

The Central Bank plans to give banks the right to block for five working days all expenditure transactions on the account of the recipient of funds, information about which is contained in the database (maintained by the Central Bank itself) about cases and attempts to transfer funds without the consent of the client. “The specified period is necessary for the client-victim, law enforcement agencies to go to court to obtain a legal basis for further seizure of funds and obtain a court decision on the return of money,” explains the Central Bank. Banks will be able to block operations only on the basis of information about the initiation of criminal cases.

Will the new rules help

The Bank of Russia held the first round of consultations with market participants, as a result of which it received a significant number of proposals and clarifying questions, a representative of the Central Bank told RBC: “Based on the results of the discussion, the next version of the draft law is being prepared, which will take another round of discussion. It is too early to talk about specific measures or tools. We believe it is necessary to take into account the opinion of market participants as much as possible ”.

According to Pavel Krylov, head of the Group-IB online fraud counteraction department, of the initiatives proposed by the Central Bank, only a measure to establish their amount will help to increase refunds. The director of the information security department of Rosbank, Mikhail Ivanov, believes that mandatory reimbursements will not have a positive effect on the growth dynamics of fraudulent transactions. “If this amendment is adopted, there is a potential for cases of abuse by unscrupulous clients who will dispute previously performed transactions and demand compensation. Additionally, the draft of changes does not describe in any way who and how determines the level of maturity of the “anti-fraud”, says Ivanov.

Now the problem with refunds is that the bank is not obliged to reimburse the funds if the gullible client believed the fraudsters and followed their instructions, notes the adviser on special projects of the A1 Bar Association Sergey Demkin, while the stolen funds are withdrawn from the accounts faster than the client comes to his senses and begins to search for them, and the Ministry of Internal Affairs is reluctant to work on such cases. According to the lawyer, the Central Bank needs to focus on developing general rules and recommendations for banks to identify potential fraudsters. “Also, special attention should be paid to transferring money abroad, especially to Ukraine,” Demkin emphasized.

Is freezing operations effective?

According to the current legislation, the bank can freeze a dubious transaction for a maximum of two days before contacting the client. If he did not get in touch, then the operation is resumed. But not all banks enjoy this right, says Dmitry Kuznetsov, director of methodology and standardization at Positive Technologies. Also, now banks can suspend account debit transactions for up to five working days if the client informs his bank about a fraudulent transaction, the expert recalled.

“In practice, there are cases when, when the monitoring system temporarily suspends a suspicious payment / transfer that has signs of an operation without consent, the client, under the influence of fraudsters, confirms the legitimacy of the operation and asks for the transfer. Only a few days later comes the realization that the client has become a victim of fraudsters, ”Ivanov notes. The five working days for which the Central Bank proposes to freeze the account is not enough for the injured client to have time to contact the law enforcement agencies, he believes: “We believe that this period should be increased to 30 working days.”

It is a good idea from an anti-fraud point of view to stop a transfer for one or two days, despite the client’s consent, but conscientious clients may have problems, warns Krylov: “By introducing such measures to prevent theft, banks may face erroneous locks. Those who have good anti-fraud systems do not need to worry, they will have a low percentage of complaints, but the rest can receive a wave of complaints and appeals. “