Man
Professional
- Messages
- 3,222
- Reaction score
- 819
- Points
- 113
The profession of a fraudster is very demanding in terms of competition: in order to stay afloat and be economically efficient, the poor guys must follow trends and quickly react to changes. Tomorrow, somewhere they will start issuing loans for the development of agriculture - quickly collect cattle from neighbors and get a loan for the suddenly increased livestock. The day after tomorrow, fraudsters will urgently run to study foreign languages and take loans from gullible banks for this business. And as we know, only cowards repay loans.
Credit fraudsters can be combated by careful analysis and rechecking of user information. But sometimes fraud is carried out using specially generated "valid data". Today I will tell you about interesting cases that we caught in Uzbekistan.
The fraudster has deceived many banks and is happy with the money he received
A little historical background.
The electronic government of the Republic of Uzbekistan rests on three pillars: the portal of interactive government services, the unified identification system and the interdepartmental integration platform (IIP). In simple analogies, IIP is an Enterprise Service Bus of the country's scale, to which dozens of databases and hundreds of services of government agencies are connected. Through IIP, the systems of recipient government agencies request the required information online using standard protocols. End users are relieved of the hassle of running around for certificates; all the necessary information can be obtained automatically. Every day, IIP processes millions of requests.
A well-functioning tool becomes interesting for businesses - businesses want to receive up-to-date data and are sometimes willing to pay for it. In September 2022, a resolution of the Cabinet of Ministers was adopted, which allowed commercial organizations to receive information from central databases. Naturally, taking into account the requirements of the legislation on personal data, information security requirements and several other by-laws. The main consumers of services were banks and commercial organizations, which for the first time had the opportunity to create scoring based on online data. In the competitive struggle, banks prepared more and more delicious offers, and now in Uzbekistan there is simply an explosive growth in the issuance of online loans and microloans through mobile applications (for example, a site with comparative tables of loans from different banks).
Scheme 1: Are you working?
The first scoring models were simple. A user could get a significant score only because he was employed. If the applicant was employed, he was an honest person a priori and could be made happy with a microloan.
Fraudsters quickly understood the logic of scoring and launched the service " Microloan as a service ". The future victim goes about his sacrificial business, meets a suspicious person in the passage, who conspiratorially whispers "psst, kid, do you want to make money?" After a short persuasion, they go into an inconspicuous little room, the person is quickly hired to work in a shell company, all the necessary identifications and checks are quickly passed, and profit: the lucky owner receives a microloan. 50% of the microloan is immediately transferred to the suspicious person for services, and the unwitting accomplice spends the rest of the money on his own needs. And he enjoys life until it turns out that the microloans need to be repaid, and the shell company has already closed.
The maximum amount of an online microloan is limited to 50 million sums (a little less than 4,000 dollars). As a rule, for the first microloan, they approve significantly smaller amounts, but this is enough for a comfortable life for scammers.
The fraudster pretends to have a good job
Scheme 2: Do you pay a pension?
When banks faced obvious problems, analysts began to frantically think about how else to assess the solvency of a potential borrower.
One of the indirect ways to assess the applicant's financial status is his pension contributions. According to local legislation, mandatory pension contributions amount to 0.1% of total income. According to the same legislation, the maximum amount of voluntary pension contributions is not limited. The future fraudster gets a job (real or not quite real) with a conditional salary of $ 50. In parallel with this, the fraudster voluntarily contributes the amount of his earnings to the pension fund. After 3-4 months, the fraudster goes to his favorite bank and, having turned up his acting skills to the maximum, says to the employee - "Look closely, man! You see how big my pension is, but can you imagine what my salary is?" The bank employee takes a calculator and, according to his understanding of the legislation, calculates the applicant's salary. After which he happily issues a loan or microloan to a respected person with a monthly income of $ 50,000. And then, for some reason, the issued loan is not returned.
This scheme can be expanded with a "microloan as a service" for a third-party victim and the inclusion of a familiar bank employee in the scheme.
Fraudster pretends to receive a large pension
Scheme 3: Do you receive a salary?
After the pension "shop was closed", the scammers did not grieve for long, new schemes appeared. One of them is interesting because it uses completely legal methods:
The fraudster pretends to receive a large salary
The described cases are largely no longer working, banks include additional checks and rechecks in scoring. The Central Bank is fighting fraud, requirements for issuing loans and identifying users are becoming stricter. But we are eagerly waiting to see what the scammers will come up with this time.
P.S. The article specifically did not consider typical schemes such as "the security service calls you, give the code" or "we launder a homeless person, give him a bottle of vodka so that he provides his passport data and gets a loan." The described schemes are based on data that the bank trusts and should trust.
P.P.S. All written amounts are given in dollar equivalent, solely for understanding the scale.
Source
Credit fraudsters can be combated by careful analysis and rechecking of user information. But sometimes fraud is carried out using specially generated "valid data". Today I will tell you about interesting cases that we caught in Uzbekistan.
The fraudster has deceived many banks and is happy with the money he received
A little historical background.
The electronic government of the Republic of Uzbekistan rests on three pillars: the portal of interactive government services, the unified identification system and the interdepartmental integration platform (IIP). In simple analogies, IIP is an Enterprise Service Bus of the country's scale, to which dozens of databases and hundreds of services of government agencies are connected. Through IIP, the systems of recipient government agencies request the required information online using standard protocols. End users are relieved of the hassle of running around for certificates; all the necessary information can be obtained automatically. Every day, IIP processes millions of requests.
A well-functioning tool becomes interesting for businesses - businesses want to receive up-to-date data and are sometimes willing to pay for it. In September 2022, a resolution of the Cabinet of Ministers was adopted, which allowed commercial organizations to receive information from central databases. Naturally, taking into account the requirements of the legislation on personal data, information security requirements and several other by-laws. The main consumers of services were banks and commercial organizations, which for the first time had the opportunity to create scoring based on online data. In the competitive struggle, banks prepared more and more delicious offers, and now in Uzbekistan there is simply an explosive growth in the issuance of online loans and microloans through mobile applications (for example, a site with comparative tables of loans from different banks).
Scheme 1: Are you working?
The first scoring models were simple. A user could get a significant score only because he was employed. If the applicant was employed, he was an honest person a priori and could be made happy with a microloan.
Fraudsters quickly understood the logic of scoring and launched the service " Microloan as a service ". The future victim goes about his sacrificial business, meets a suspicious person in the passage, who conspiratorially whispers "psst, kid, do you want to make money?" After a short persuasion, they go into an inconspicuous little room, the person is quickly hired to work in a shell company, all the necessary identifications and checks are quickly passed, and profit: the lucky owner receives a microloan. 50% of the microloan is immediately transferred to the suspicious person for services, and the unwitting accomplice spends the rest of the money on his own needs. And he enjoys life until it turns out that the microloans need to be repaid, and the shell company has already closed.
The maximum amount of an online microloan is limited to 50 million sums (a little less than 4,000 dollars). As a rule, for the first microloan, they approve significantly smaller amounts, but this is enough for a comfortable life for scammers.
The fraudster pretends to have a good job
Scheme 2: Do you pay a pension?
When banks faced obvious problems, analysts began to frantically think about how else to assess the solvency of a potential borrower.
One of the indirect ways to assess the applicant's financial status is his pension contributions. According to local legislation, mandatory pension contributions amount to 0.1% of total income. According to the same legislation, the maximum amount of voluntary pension contributions is not limited. The future fraudster gets a job (real or not quite real) with a conditional salary of $ 50. In parallel with this, the fraudster voluntarily contributes the amount of his earnings to the pension fund. After 3-4 months, the fraudster goes to his favorite bank and, having turned up his acting skills to the maximum, says to the employee - "Look closely, man! You see how big my pension is, but can you imagine what my salary is?" The bank employee takes a calculator and, according to his understanding of the legislation, calculates the applicant's salary. After which he happily issues a loan or microloan to a respected person with a monthly income of $ 50,000. And then, for some reason, the issued loan is not returned.
This scheme can be expanded with a "microloan as a service" for a third-party victim and the inclusion of a familiar bank employee in the scheme.
Fraudster pretends to receive a large pension
Scheme 3: Do you receive a salary?
After the pension "shop was closed", the scammers did not grieve for long, new schemes appeared. One of them is interesting because it uses completely legal methods:
- the user gets a “left” job in an equally “left” company.
- The company submits a payroll statement to the tax committee, and the fraudster's salary statement shows a huge salary.
- With these figures, which are confirmed by a request to the central database, the fraudster goes back to his favorite bank and takes out a loan “for a high salary.”
- a few days later, the company, saying "sorry, we made a slight mistake," recalls the previous one and submits an updated payroll, in which the fraudster's salary is much closer to reality. And the loan has already been issued.
The fraudster pretends to receive a large salary
The described cases are largely no longer working, banks include additional checks and rechecks in scoring. The Central Bank is fighting fraud, requirements for issuing loans and identifying users are becoming stricter. But we are eagerly waiting to see what the scammers will come up with this time.
P.S. The article specifically did not consider typical schemes such as "the security service calls you, give the code" or "we launder a homeless person, give him a bottle of vodka so that he provides his passport data and gets a loan." The described schemes are based on data that the bank trusts and should trust.
P.P.S. All written amounts are given in dollar equivalent, solely for understanding the scale.
Source
