Today, fraud in our country has gained such momentum that it even seems that it cannot get worse. But... as long as the state does not react to this problem, the situation will only get worse.
According to the Ministry of Internal Affairs of the Russian Federation, the damage caused by fraudsters in 2021 amounted to more than 45 billion rubles.
Official statistics
The amount is simply phenomenal. Every fifth report of a crime registered with the Ministry of Internal Affairs of the Russian Federation is a report of fraud. And these are official statistics, which are always slightly “disingenuous”. In addition, it is worth considering the fact that many victims of fraudsters, for various reasons, simply do not file complaints with the competent authorities. What can we say if even large domestic banks, having become victims of fraudsters, try to hide this fact so as not to spoil their reputation with clients. Accordingly, these crimes are not covered by statistics, and there are far from a few of them.
It’s even more interesting: the percentage of cases of fraud solved is 25%. But “disclosed” does not mean “sent to court.” The same criminal cases already account for 20% of all criminal cases of fraud.
That is, only every 4th criminal case of fraud is solved, and only every 5th one reaches the court. The remaining criminal cases are suspended due to failure to identify the person to be charged as an accused. Here again, it is important to remember that official statistics are not always objective and are most often deliberately inflated.
Legal basis
The above in itself is logical and understandable. If the client declares that he did not make any transactions, then the bank must further provide evidence that the client made the transaction. Here banks like to fool customers and say that they will provide evidence only to the police. Then you should file a regular civil lawsuit in court against the bank, where he will have to prove his position.
There is 161-FZ - the federal law on the national payment system. The title is a bit unfortunate and can be misleading. What kind of national payment system is this and what do banks have to do with it?
Article 1
This Federal Law establishes the legal and organizational foundations of the national payment system, regulates the procedure for the provision of payment services, including the transfer of funds, the use of electronic means of payment, the activities of subjects of the national payment system, and also determines the requirements for the organization and functioning of payment systems...
It is still unclear what the national payment system is. Maybe this is some kind of separate system?! But no.
Article 3
1) national payment system - a set of money transfer operators (including electronic money operators), bank payment agents (subagents), payment agents, federal postal organizations when they provide payment services in accordance with the legislation of the Russian Federation, payment system operators, operators of payment infrastructure services, operators of information exchange services, foreign providers of payment services, operators of foreign payment systems, providers of payment applications (subjects of the national payment system);
It is unclear whether the bank is a money transfer operator. It has the meaning, but is not explicitly named.
Article 11
1. Funds transfer operators are:
2) credit organizations that have the right to transfer funds;
Oh, it's getting closer. But again, it is not yet clearly written about the bank, although everyone seems to know that a bank is a credit institution. And this is already enshrined in Article 1 of the federal law on banks and banking activities.
I brought this tedious process here to show how to read the laws and that everyone can do it. And sometimes people started calling me a lawyer, even though I’m not a lawyer.
Article 8. Client’s order, procedure for its acceptance for execution and execution
5.1. The money transfer operator, if he identifies an operation that corresponds to the signs of a money transfer without the client’s consent, is obliged, before debiting funds from the client’s bank account, for a period of no more than two working days, to suspend the execution of the order to carry out the operation that corresponds to the signs of a money transfer. without the client's consent.
Of the signs we are most interested in the point:
3.3. Inconsistency of the nature, and (or) parameters, and (or) volume of the operation performed (time (days) of the operation, place of the operation, the device with which the operation is carried out and the parameters of its use, the amount of the operation, the frequency (frequency) of the operations , recipient of funds) transactions usually performed by a client of a funds transfer operator (activities carried out by the client).
After all, all fraudulent transactions are not of a normal nature. Fraudsters, as a rule, at night, when the client is sleeping, write off all possible money, plus open loans and they are also written off. Fraudsters enter the bank from a different device, from a different IP address. And since the bank allowed this, it means it’s his fault.
Now from Article 3 we will need the following term:
19) electronic means of payment - a means and (or) method that allows the client of the money transfer operator to draw up, certify and transmit orders for the purpose of transferring funds within the framework of the applicable forms of non-cash payments using information and communication technologies, electronic media, in including payment cards, as well as other technical devices;
Essentially, this is a personal account on the bank’s website, a banking application on a smartphone, or even simpler - your bank account together with bank cards and accounts.
Article 9 Procedure for using electronic means of payment
11. In case of loss of an electronic means of payment and (or) its use without the client’s consent, the client is obliged to send a corresponding notification to the money transfer operator in the form provided for in the contract immediately after discovering the fact of the loss of the electronic means of payment and (or) its use without the client’s consent, but no later than the day following the day of receipt of notification of the completed transaction from the money transfer operator.
12. After the money transfer operator receives a client’s notification in accordance with Part 11 of this article, the money transfer operator is obliged to reimburse the client for the amount of the transaction performed without the client’s consent after receiving the specified notice.
13. If the money transfer operator does not fulfill the obligation to inform the client about the transaction completed in accordance with Part 4 of this article, the money transfer operator is obliged to reimburse the client for the amount of the transaction about which the client was not informed and which was completed without client's consent.
14. If the money transfer operator fulfills the obligation to inform the client about the transaction completed in accordance with Part 4 of this article and the client has not sent a notice to the money transfer operator in accordance with Part 11 of this article, the money transfer operator shall not is obliged to reimburse the client for the amount of the transaction performed without the client’s consent.
15. If the money transfer operator fulfills the obligation to notify the client - an individual about the transaction completed in accordance with Part 4 of this article and the client - the individual sent a notification to the money transfer operator in accordance with Part 11 of this article, the money transfer operator must reimburse the client for the amount of the specified operation performed without the client’s consent before the client, an individual, sent a notification. In this case, the money transfer operator is obliged to reimburse the amount of the transaction performed without the client’s consent, unless he proves that the client violated the procedure for using an electronic means of payment, which resulted in the transaction being carried out without the consent of the client - an individual.
Sometimes scammers change the client’s contact phone number at the bank or reissue the SIM card. In these cases, the client will not receive a notification. If the bank allowed fraudsters to change the phone number or activate a new SIM card, then the bank is obliged to reimburse everything.
If the scammers somehow stole the money, and the client, as described in many articles, receives an SMS about the debit, then by filing a claim with the bank within 24 hours, the client has a high chance of getting the money back. Record the fact that the bank received the claim - take screenshots of the chat, record a call to the bank, get the number under which your application to the bank is registered.
Criminal cases are not always initiated
It is also worth considering that the police do not initiate criminal proceedings against all allegations of fraud, to put it mildly. Unfortunately, I did not find such statistics, but I think that they are much more depressing than the above. It would be good if out of every 10th complaint about fraud, at least one criminal case is initiated.
The fact is that it is much easier and more convenient for police officers to “throw away” a fraud complaint than, having initiated a criminal case, to receive penalties due to the fact that it remains unsolved.
As a result, we find that the police do not want to work when it comes to crimes related to fraud.
Examples
- They stole a phone, gained access to email and the personal account of a mobile operator, changed the code word at the bank, and withdrew money from a credit card. It could have been prevented by following steps: 1, 15, 17, 35, 82-90. Full description in the article.
- The scammers have manufactured a fake cellular base station. The victim made a call from the coverage area of this station, after which the SIM card data fell into the hands of fraudsters. Then they made a clone of the SIM card and, using the Mobile Payments service, stole money from the account. There were no SMS or calls; the victim accidentally noticed that the money in the account had decreased significantly. It could have been prevented by following steps: 13, 24. Full description in the article.
- The scammers hacked the victim's Yandex email and linked his card to the account. Then a small amount was withdrawn in several payments. It could have been prevented by following steps: 92, 93, 94. Full description in the article.
- A classic scheme of telephone scam with the bank security service, the prosecutor and the Central Bank. The scammers were well prepared for the attack, using photos of relatives in their dialogues and intimidating them. As a result, the girl took dictation to apply for loans and transfer money to “protected” accounts. Damage 700k. It could have been prevented by following steps: 6, 12, 40. Full description in the article.
- The victim had a Trojan on her device. A call from the “security service”, a long conversation with the scammers, the woman said that she had received an SMS with a code, but did not mention the code. As a result, the scammers linked their phone number and transferred 230k to their master account. It could have been prevented by following steps: 6, 7, 40. Full description in the article.
- A call from the “security service”, a long conversation, the scammers asked to open the Alfa Bank application and asked if the SMS had arrived. As a result, the victim did not give the code from the SMS, but the money was stolen from the account. Most likely there was a Trojan on the device that sent SMS to the scammers’ server. It could have been prevented by following steps: 6, 12, 40. Full description in the article.
- The crooks somehow learned the code word and the answers to the security questions. Next, they linked their phone number to the victim’s bank account and emptied the card, forcing it into overdraft. It is difficult to put a card without an overdraft into overdraft, but it is possible. Such an attack is prevented by following steps: 33, 79, 92, 93, 94. Full description in the article.
- The crooks somehow found out the victim’s code word and answers to the victim’s security questions, linked their number to his bank account, issued a credit card and withdrew 93,000 rubles from it. It could have been prevented by following steps: 6, 21, 33, 40, 79. Full description in the article.
Why is this happening?
In fact, everything is very banal: low qualifications of law enforcement officers in the field of suppression and investigation of fraud crimes. The main problem is that the leadership of the Ministry of Internal Affairs of the Russian Federation continues to “turn a blind eye” to fraud in our country.
Police officers are not sent to advanced training courses for investigating this category of crimes, the methods for investigating these criminal cases are also endlessly outdated, and no one is developing or implementing new ones. As a result, it turns out that the police do not want to deal with allegations of fraud, because they simply do not know how to investigate them, since they do not have sufficient qualifications.
The creation of a separate unit within the Ministry of Internal Affairs of the Russian Federation to combat fraud could save and change the situation with fraudsters.
Indeed, now within the Ministry of Internal Affairs of the Russian Federation there is a BEPiPK unit, which actually investigates these crimes, but the fact is that in addition to fraud crimes, this unit also deals with all economic and corruption crimes. As a result, we find that due to the large amount of work, the police are investigating only those crimes for which they are “already experienced” and have valid and high-quality investigation methods. There is simply no longer any strength or desire left for crimes of fraud.
Of course, the Ministry of Internal Affairs of the Russian Federation initiates and investigates cases of fraud. But these are those cases where the damage caused by the crime amounts to at least hundreds of thousands and millions of rubles. These criminal cases, as a rule, have an increased public response, and therefore to make a decision to refuse to initiate a criminal case means losing your career. And having initiated such criminal cases, it is not always possible to solve them (the statistics are already given above).
Internet fraud
The police try not to deal with crimes on the Internet at all, citing the fact that there is no way to identify the perpetrators and regularly refusing to initiate criminal cases.
This is pure excuses. Nowadays, the Ministry of Internal Affairs of the Russian Federation has all the necessary technical resources to identify and prove the involvement of Internet fraudsters in the crimes they have committed on the Internet. The problem is that many police officers on the ground have no idea what capabilities their department has in combating crimes on the Internet. There is even a whole separate unit within the Ministry of Internal Affairs of the Russian Federation for the fight against cybercrime - department “K”. However, Department “K” also takes the path of less resistance and is mainly involved in bringing people to justice for “extremist posts”, “likes” on social networks and for the purchase and sale of “spy pens”. They practically never develop Internet scammers.
How to make the police work?
Only a focused and consolidated position of victims of Internet fraudsters can somehow change the situation in this area. Unfortunately, there is no need to expect help from the state in this matter.
On average, damage from the actions of Internet scammers is about 10 thousand rubles. However, there are entire forums on the Internet where victims of Internet scammers and simply vigilant citizens exchange information about online fraud schemes known to them. On these forums it is quite easy to find “comrades in misfortune”.
It is obvious that scammers are driven by a thirst for easy money and greed, therefore, having deceived one person online, they will never stop, because they are convinced of their impunity. Therefore, victims should write a collective statement to the Ministry of Internal Affairs of the Russian Federation.
It is much easier for police to issue a decision to refuse to initiate a criminal case where there is only one victim. If there are dozens or even hundreds of victims, then it will be extremely difficult not to initiate a criminal case here. Plus it will undoubtedly cause a great public outcry. In addition, this criminal case will most likely fall under the special control of the department’s leadership, which will not allow investigators to allow red tape in the criminal case.
It is also advisable to duplicate this application to the General Prosecutor's Office of the Russian Federation, since it is the prosecutors who supervise the investigation of criminal cases in our country.
Identification has hit the ceiling
Perhaps complicated identification procedures could protect the client from so-called social engineers. However, banks don’t see much sense in this. “After all, when a client himself disables all the bank’s security measures, he is left alone with social engineers and often succumbs to their tricks,” Sberbank notes.
How much do strollers cost? In the Urvansky district of Kabardino-Balkaria, a 44-year-old resident of the city of Nartkala turned to the police for help. A few days earlier, a woman posted an advertisement on the Internet for the sale of a wheelchair. On the same day, the prospective buyer called her and, clarifying that he could not transfer money to a bank card, asked her to go to the nearest ATM. Once at the terminal, the woman, following his instructions, typed the combination of numbers dictated by the “buyer” onto the keyboard, after which almost 184 thousand rubles disappeared from her account.
There are many technologies for enhanced identification today: from additional codes to biometrics. “However, the choice of their use should be based on the situation: how uncharacteristic the operation is currently being carried out by the client, what are the assessments of his behavior on the page or in the application, are there any markers of the use of malware or remote control,” explains the head of the anti-fraud department of the Center for Application Security Systems Alexey Sizov. Increasing complexity of identification technologies, he said, will lead to “difficult” and slow procedures.