Thefts of money from payment cards have decreased over the past year, but have become more sophisticated. First Deputy Head of the Bank of Russia Main Directorate for the Central Federal District Ilshat Yangirov revealed the five main ways in which fraudsters empty citizens’ cards and told how to avoid losses.
According to the Bank of Russia, the share of unauthorized withdrawals from “plastic” accounts in the total volume of transactions made using payment cards in 2024 amounted to 0.0016 percent. The figure seems scanty only at first glance. In absolute terms, this is almost a billion - 961.3 million rubles. It is gratifying that the volume of losses is 10.6 percent less than a year earlier. This is the result of the actions of the Bank of Russia, law enforcement agencies and, of course, the money transfer operators themselves.
However, the number of fraudulent transactions in 2024 was 317,178, which is higher, although not significantly, than in 2023. The situation is complicated by the fact that 40 percent of the quantity and 44 percent of their volume is committed outside of Russia. And this makes it much more difficult to find criminals and bring them to justice.
The best protection for payment cards is still the attentiveness and caution of their owners. There are several most common methods of bank card fraud.
To prevent this from happening, you should not give the card to strangers when paying for a purchase or provision of services. Pay attention to the behavior of the employee performing the transaction. If he takes a photo of your card on a mobile phone under the guise of dialing a number or SMS, you should interrupt the operation and demand the return of the card. And it’s best to contact the bank that issued the card with a request to reissue it: after all, you don’t know what data the fraudster managed to record.
You, if necessary, enter a PIN code. And then the cashier reports that an error occurred and the payment did not go through. Everything is repeated from the beginning, and the transaction is completed successfully. And after some time, you discover that the money for the purchase was written off twice.
Surprisingly, even those who have activated the SMS notification service about completed transactions do not always immediately notice the disappearance of money, thinking that the second SMS about debiting funds is an error or a duplicate, since the amounts are the same. It is easy to protest such transactions and get your money back. But it is difficult to bring the perpetrators to justice, since everything can be attributed to a system failure or operator error.
An honest cashier, if the payment terminal actually refused to carry out the transaction, will always print and give the buyer a receipt indicating that the payment did not go through.
Enable the option of SMS notifications for card transactions. If the first transaction is successful, the cardholder will immediately receive a corresponding SMS message and will be able to justify his refusal to repeat the transaction by showing it to the cashier.
If you receive two debits for the same amount, call your bank and check to see if there has actually been a double debit.
This technology came to Russia in 2008, and scammers quickly learned to work with it. An attacker only needs to bring the reader closer to the card at a distance of 5-20 centimeters to write off money. In crowded public transport, in a market, or in a store, an attacker places a contactless reader against clothing pockets or the sides of bags and steals money from cards from unsuspecting owners. Fraudsters can record the information received on clone cards to steal funds from real bank cards.
If you use a contactless payment system, remember that a PIN code is requested as confirmation of debiting an amount of more than 1,000 rubles, not a receipt signature. If you do not plan to pay contactlessly for purchases worth more than 1,000 rubles, it is best to set an individual spending limit on the card and limit the number of possible transactions.
This method is used when attackers have already managed to take possession of the card data and they need to use a code from an SMS to confirm the transaction of transferring money to the desired account. Attackers can find out the cardholder’s phone number from social networks, from friends, while performing their official duties, etc.
Here's how it happens. I receive calls and SMS messages on my mobile phone asking me to call you back. The senders are "Central Bank of Russia", CentroBank, "Security Service of the Bank of Russia", Visa, MasterCard, "MIR". All these names are associated with the Central Bank or payment systems. If the client calls back on the specified phone number and provides his information, fraudsters can withdraw money from the card by making a counterfeit version. Theoretically, to receive a duplicate card at the operator’s office, you need to indicate the date of the first call or account balance, and also present your passport. In practice, office workers are not always scrupulous, and fraudsters may present a fake passport.
The issuance of a duplicate SIM card must be paid, so the owner’s phone may receive a message about replenishing the account or debiting funds, after which the number will soon be blocked.
The scammers then transfer money from the victim’s card to their own cards or pay for the goods online, confirming the transaction using the code received via SMS. For the victim, the situation is complicated by the fact that he often discovers the disappearance of money only a few days after the incident: after all, he can no longer receive an SMS message about the debit of funds, and he may not immediately remember about linking the mobile card number to the bank account.
40 percent of fraudulent transactions are carried out outside of Russia, this seriously complicates the search for carders.
How to minimize possible damage? Having received a sudden notification about a change in your account status after calls from unknown numbers, you must immediately block all your payment cards “linked” to this phone number. To do this, you need to call the banks' hotlines, the numbers of which are indicated on the cards themselves. Then contact your mobile operator to unlock your SIM card and at the same time block the duplicate received by the scammers. File a report with law enforcement agencies, even if the scammers have not yet written off funds from your cards.
The “buyer” asks the seller to provide him with the card details (CVV2/CVC2 code, expiration date, owner’s full name) in order to transfer money to it. If a trusting seller provides this information, money begins to be debited from his card for payment for goods and services, transfers are made to other accounts, etc. In some cases, the attacker tries to find out the code from the SMS that arrives on the mobile phone. This means that the scammers have already managed to find out the card details and all that is missing is the transaction confirmation code. Having received it, criminals steal funds.
In this case, simple caution can protect the cardholder. Do not provide card details, personal data and codes sent via SMS to unauthorized persons. Do not give anyone access to your card through online banking. In any suspicious situations, you need to call the bank that issued the card at the number indicated on its back.
(c) https://rg.ru/2018/04/17/5-osnovnyh-afer-s-bankovskimi-kartami-kak-ne-stat-zhertvoj-moshennikov.html
According to the Bank of Russia, the share of unauthorized withdrawals from “plastic” accounts in the total volume of transactions made using payment cards in 2024 amounted to 0.0016 percent. The figure seems scanty only at first glance. In absolute terms, this is almost a billion - 961.3 million rubles. It is gratifying that the volume of losses is 10.6 percent less than a year earlier. This is the result of the actions of the Bank of Russia, law enforcement agencies and, of course, the money transfer operators themselves.
However, the number of fraudulent transactions in 2024 was 317,178, which is higher, although not significantly, than in 2023. The situation is complicated by the fact that 40 percent of the quantity and 44 percent of their volume is committed outside of Russia. And this makes it much more difficult to find criminals and bring them to justice.
The best protection for payment cards is still the attentiveness and caution of their owners. There are several most common methods of bank card fraud.
1. A crafty calculation
Money from a bank card can be stolen even where you would not expect it. A cashier, waiter, gas station attendant, bank employee or any other employee to whom a citizen has given a payment card for payment can take a photo, copy down its data or simply remember it in order to later make a duplicate card. This can be done unnoticed. The recording device is turned on in advance (this can be a regular CCTV camera), in the recording from which the card is visible on both sides. In this case, fraudsters can only rewind the recording to the required time and rewrite the card data.To prevent this from happening, you should not give the card to strangers when paying for a purchase or provision of services. Pay attention to the behavior of the employee performing the transaction. If he takes a photo of your card on a mobile phone under the guise of dialing a number or SMS, you should interrupt the operation and demand the return of the card. And it’s best to contact the bank that issued the card with a request to reissue it: after all, you don’t know what data the fraudster managed to record.
2. Who pays twice
Imagine that you are paying for a purchase in a supermarket. You hand the card to the operator, who swipes it through the reader.You, if necessary, enter a PIN code. And then the cashier reports that an error occurred and the payment did not go through. Everything is repeated from the beginning, and the transaction is completed successfully. And after some time, you discover that the money for the purchase was written off twice.
Surprisingly, even those who have activated the SMS notification service about completed transactions do not always immediately notice the disappearance of money, thinking that the second SMS about debiting funds is an error or a duplicate, since the amounts are the same. It is easy to protest such transactions and get your money back. But it is difficult to bring the perpetrators to justice, since everything can be attributed to a system failure or operator error.
An honest cashier, if the payment terminal actually refused to carry out the transaction, will always print and give the buyer a receipt indicating that the payment did not go through.
Enable the option of SMS notifications for card transactions. If the first transaction is successful, the cardholder will immediately receive a corresponding SMS message and will be able to justify his refusal to repeat the transaction by showing it to the cashier.
If you receive two debits for the same amount, call your bank and check to see if there has actually been a double debit.
3. Contactless robbery
Many payment systems have developed contactless payment technologies to speed up and simplify cashless payment for purchases. For example, PayWave (Visa system), PayPass (MasterCard), MIR-beskontakt (MIR system). Contactless payment terminals are most often found in vending machines, toll roads, turnstiles, gas stations, supermarkets and cafes. When making payments with such a card, you do not need to enter a PIN code or sign on the check if the amount does not exceed 1000 rubles. A special POS terminal reads information from the card at a distance and makes it clear with an audio or visual signal that the required amount has been debited from it.This technology came to Russia in 2008, and scammers quickly learned to work with it. An attacker only needs to bring the reader closer to the card at a distance of 5-20 centimeters to write off money. In crowded public transport, in a market, or in a store, an attacker places a contactless reader against clothing pockets or the sides of bags and steals money from cards from unsuspecting owners. Fraudsters can record the information received on clone cards to steal funds from real bank cards.
If you use a contactless payment system, remember that a PIN code is requested as confirmation of debiting an amount of more than 1,000 rubles, not a receipt signature. If you do not plan to pay contactlessly for purchases worth more than 1,000 rubles, it is best to set an individual spending limit on the card and limit the number of possible transactions.
4. Gemini "SIM" cards
One of the most dangerous ways to steal money from an account is to make a duplicate SIM card. It is the least obvious to the cardholder. With the help of a duplicate, fraudsters can gain complete control over the victim’s accounts, since bank card accounts are usually linked to a phone number and can be controlled remotely using it.This method is used when attackers have already managed to take possession of the card data and they need to use a code from an SMS to confirm the transaction of transferring money to the desired account. Attackers can find out the cardholder’s phone number from social networks, from friends, while performing their official duties, etc.
Here's how it happens. I receive calls and SMS messages on my mobile phone asking me to call you back. The senders are "Central Bank of Russia", CentroBank, "Security Service of the Bank of Russia", Visa, MasterCard, "MIR". All these names are associated with the Central Bank or payment systems. If the client calls back on the specified phone number and provides his information, fraudsters can withdraw money from the card by making a counterfeit version. Theoretically, to receive a duplicate card at the operator’s office, you need to indicate the date of the first call or account balance, and also present your passport. In practice, office workers are not always scrupulous, and fraudsters may present a fake passport.
The issuance of a duplicate SIM card must be paid, so the owner’s phone may receive a message about replenishing the account or debiting funds, after which the number will soon be blocked.
The scammers then transfer money from the victim’s card to their own cards or pay for the goods online, confirming the transaction using the code received via SMS. For the victim, the situation is complicated by the fact that he often discovers the disappearance of money only a few days after the incident: after all, he can no longer receive an SMS message about the debit of funds, and he may not immediately remember about linking the mobile card number to the bank account.
40 percent of fraudulent transactions are carried out outside of Russia, this seriously complicates the search for carders.
How to minimize possible damage? Having received a sudden notification about a change in your account status after calls from unknown numbers, you must immediately block all your payment cards “linked” to this phone number. To do this, you need to call the banks' hotlines, the numbers of which are indicated on the cards themselves. Then contact your mobile operator to unlock your SIM card and at the same time block the duplicate received by the scammers. File a report with law enforcement agencies, even if the scammers have not yet written off funds from your cards.
5. Your own burglar
Often, carders use psychological techniques to control a person’s actions to steal money from a card. They depict buyers of puppies, cars, land, garages, etc. on free classifieds sites or social networks. Such “buyers” have one thing in common: they are located somewhere far away, but in order to prevent someone else from purchasing the desired product, they are ready to transfer part of the cost or even the full cost immediately to the seller’s bank card.The “buyer” asks the seller to provide him with the card details (CVV2/CVC2 code, expiration date, owner’s full name) in order to transfer money to it. If a trusting seller provides this information, money begins to be debited from his card for payment for goods and services, transfers are made to other accounts, etc. In some cases, the attacker tries to find out the code from the SMS that arrives on the mobile phone. This means that the scammers have already managed to find out the card details and all that is missing is the transaction confirmation code. Having received it, criminals steal funds.
In this case, simple caution can protect the cardholder. Do not provide card details, personal data and codes sent via SMS to unauthorized persons. Do not give anyone access to your card through online banking. In any suspicious situations, you need to call the bank that issued the card at the number indicated on its back.
(c) https://rg.ru/2018/04/17/5-osnovnyh-afer-s-bankovskimi-kartami-kak-ne-stat-zhertvoj-moshennikov.html
