The Central Bank of Russia will fine banks for weak cyber defense


On September 12, 2019, it became known that the Central Bank has a new punishment for banks for poor cyber defense.  By the end of the year, the Central Bank will launch a new feature for credit institutions, it will be the risk profile on the level of information security.

This indicator, according to Artem Sychev, the first Deputy Director of the Information Security Department of the Bank of Russia, will show the likelihood of problems for the Bank due to non-compliance with cybersecurity standards.

The risk profile will be formed on the basis of four characteristics, including the share of unauthorised card transactions and the bank's readiness to repel an attack. In addition, the risk profile will be taken into account in assessing the economic situation of the bank along with the amount of capital, profitability, liquidity, quality of management, etc.

Depending on the risk profile on the level of cyber security, the Central Bank will give recommendations to banks.

The calculation of the risk profile will allow us to evaluate how the bank’s management responds to emerging cyber threats, the Central Bank added.

A financial institution that receives a low-risk profile will have consequences ranging from enhanced supervision to penalties. Moreover, this will affect the loan terms at the interbank market.

Sychev stressed that the Bank of Russia sees a connection between the way the Bank relates to information security issues and its financial stability.

Nobody before in the Russian Federation or in other countries has determined such indicators that help the regulator (the Central Bank) to form an opinion about the situation, whether it achieves the goals of the regulation or not from the point of view of information security,” Sychev explained.

It is worth noting that on September 12, the Bank of Russia recorded a “rather serious” cyber attack on Russian banks from Brazil, said Artem Sychev.

According to him, it was a BIN-attack, in which bank card numbers are generated using a special program.

Sychev noted that the direct interaction of each of the attacked banks separately with the representative of Brazil did not give results. The attacks stopped only after the interaction of the Central Bank with the Brazilian regulator.


Security forces are frequent victims of fraudulent lotteries, says Central Bank of Russia


In the past 1.5 year, financial fraudsters switched from the elderly to the economically active population. The Central Bank of Russia reported that most of the victims are middle-aged men with experience in the power structures. This was announced at the conference on information security of the financial sector by Artem Sychev, the first deputy director of the Information Security Department of the Central Bank of the Russian Federation.

Sychev explained that he is talking about participation in a fictitious lottery. Most often its victims are people over the age of 50 years or middle-aged men.

"This trick is very simple: participate in the lottery — get a prize. You will not believe it, but men, especially those who somehow related to power structures, become victims much more often than anyone else."

According to Natalia Ratinova, the Candidate of Psychological Sciences, the leading researcher of the University of Prosecutor's Office of the Russian Federation, an excessive share of self-confidence can fail people in uniform. A false sense of self-protection plays a cruel joke, because for scammers everyone is equal.

According to Sychev, now the target category of fraudsters is citizens aged 32 to 48 years. Only an economically active citizen can have a large amount on the card, which is important for criminals. Elderly people usually keep funds on deposits, leaving a small amount on the card, which is not interesting to fraudsters.

According to him, women of economically active age, 65%, also often become victims. At the time the scammers call, they are usually "busy with business."

Earlier it was reported that a new type of fraud is gaining momentum on the Web. Internet users are encouraged to participate in a "win-win lottery" or survey with guaranteed rewards. Users need to pay a commission and enter credit card information to participate. According to intelligent sources, attackers use a server simulating the site of one of the mobile operators to withdraw funds.

According to media reports, the turnover of the fraudulent scheme could amount to hundreds of millions of rubles. Now it’s becoming more difficult to investigate such crimes, because attackers do not just call from fake numbers, but use the bank’s official phone number.

Image credit: rbc.ru