OP 28 November, 2024 - 05:36 PM
Bank clients who have suffered from the actions of droppers — fraudsters who cash out stolen money — may be able to independently request data from these individuals to file lawsuits. The development of such an initiative was announced by Vice President of the Association of Russian Banks (ARB) Yana Epifanova at the round table "Data Leaks: Prevention, Protection, Responsibility" held in the State Duma. The event was timed to coincide with the adoption in the second and third readings of the law establishing turnover fines for repeated data leaks. In addition, on the same day, a law was adopted introducing criminal liability for data leaks.
Epifanova explained that today banks do not have the right to provide affected clients with information about droppers, which may include their full name and registration address, which are necessary for going to court. "That is, today the bank does not even have the right to provide the data necessary for going to court," she noted. "And we are working on such an initiative. We believe that banks should be given such an opportunity so that clients could contact those to whose account the money was deposited for compensation."
Banks currently do not provide information to citizens due to banking secrecy requirements. At the same time, even data on droppers cannot be transferred, since this requires compliance with legal procedures. Experts note that such information is unlikely to help victims directly, since the client may be served by one bank, and the fraudster by another. To obtain data on droppers, it is necessary to contact law enforcement agencies, which can request the necessary information through the court.
In the event of transferring funds to dropper accounts and the impossibility of independently identifying the owner, it is recommended to record the fact of the offense by filing a statement with the police. Experts note that this process requires significant effort, but if all procedures are followed and a certain amount of luck is possible, the lost funds can be returned.
Victims are also advised to promptly send a written request to the bank with a request to provide a statement on the write-off of funds and an indication of the recipient bank. Experts emphasize that timely notification of the bank that received the transfer can prevent losses for the client and the credit institution itself. If the funds were written off based on forged documents, there is a possibility of recovering losses from the bank. However, at the moment, the seizure of funds within the framework of an initiated criminal case remains the only guaranteed way to block them.
Amendments to the Law on the National Payment System came into force on July 25, 2024, requiring banks to suspend transfers for two days if the recipient's data is included in the Central Bank's database of fraudulent transactions, otherwise the bank will have to return the stolen money to the client. These measures are aimed at preventing rash actions by clients. The bank must inform the sender of the reasons for the freeze and the period of suspension of the transfer. If the client re-initiates the transaction after two days of cooling, the bank is obliged to carry it out, releasing itself from financial liability.
Another measure to combat fraud could be the creation of a database of biometric samples (voice copies) of fraudsters to combat cybercriminals. Such an initiative was announced by Maksut Shadayev at the conference "Client Security First", held on November 19. According to a source close to the Ministry of Digital Development, the transfer of biometric data to the Ministry of Internal Affairs will be possible only if there is a statement from the affected subscriber and provided that the operator has a recording of the conversation with the fraudster. The transfer of data will be carried out with the consent of the subscriber and as part of operational-search activities.
At the moment, voice traffic is recorded in accordance with the "Yarovaya law". The possibility of using these records to combat cybercrime will be regulated by a separate bill.
It is assumed that the formation of a biometric database will be carried out using data from mobile operators that have information about phone calls made. The voices of fraudsters who previously made calls to victims are planned to be included in the database for their subsequent recognition and prevention of further calls from these persons.
Epifanova explained that today banks do not have the right to provide affected clients with information about droppers, which may include their full name and registration address, which are necessary for going to court. "That is, today the bank does not even have the right to provide the data necessary for going to court," she noted. "And we are working on such an initiative. We believe that banks should be given such an opportunity so that clients could contact those to whose account the money was deposited for compensation."
Banks currently do not provide information to citizens due to banking secrecy requirements. At the same time, even data on droppers cannot be transferred, since this requires compliance with legal procedures. Experts note that such information is unlikely to help victims directly, since the client may be served by one bank, and the fraudster by another. To obtain data on droppers, it is necessary to contact law enforcement agencies, which can request the necessary information through the court.
In the event of transferring funds to dropper accounts and the impossibility of independently identifying the owner, it is recommended to record the fact of the offense by filing a statement with the police. Experts note that this process requires significant effort, but if all procedures are followed and a certain amount of luck is possible, the lost funds can be returned.
Victims are also advised to promptly send a written request to the bank with a request to provide a statement on the write-off of funds and an indication of the recipient bank. Experts emphasize that timely notification of the bank that received the transfer can prevent losses for the client and the credit institution itself. If the funds were written off based on forged documents, there is a possibility of recovering losses from the bank. However, at the moment, the seizure of funds within the framework of an initiated criminal case remains the only guaranteed way to block them.
Amendments to the Law on the National Payment System came into force on July 25, 2024, requiring banks to suspend transfers for two days if the recipient's data is included in the Central Bank's database of fraudulent transactions, otherwise the bank will have to return the stolen money to the client. These measures are aimed at preventing rash actions by clients. The bank must inform the sender of the reasons for the freeze and the period of suspension of the transfer. If the client re-initiates the transaction after two days of cooling, the bank is obliged to carry it out, releasing itself from financial liability.
Another measure to combat fraud could be the creation of a database of biometric samples (voice copies) of fraudsters to combat cybercriminals. Such an initiative was announced by Maksut Shadayev at the conference "Client Security First", held on November 19. According to a source close to the Ministry of Digital Development, the transfer of biometric data to the Ministry of Internal Affairs will be possible only if there is a statement from the affected subscriber and provided that the operator has a recording of the conversation with the fraudster. The transfer of data will be carried out with the consent of the subscriber and as part of operational-search activities.
At the moment, voice traffic is recorded in accordance with the "Yarovaya law". The possibility of using these records to combat cybercrime will be regulated by a separate bill.
It is assumed that the formation of a biometric database will be carried out using data from mobile operators that have information about phone calls made. The voices of fraudsters who previously made calls to victims are planned to be included in the database for their subsequent recognition and prevention of further calls from these persons.