Write-offs from cards of Russians in 2015 as a result of information leakage by fault of the Bank employees amounted to 350 million rubles (in 2014 — 390 million). This follows from the calculations that specially for “Izvestia” was prepared by the Zecurion company that specializes on security issues of remote banking services.
According to the company, for the first quarter of 2016 the volume of people’s losses as a result of malicious actions of employees of credit institutions amounted to 90 million rubles. By the end of this year the figure will reach $ 490 million, predicts Zecurion.
On 1 April the Central Bank announced the reduction of cybercrime in 2015, 27 percent to 1.14 billion rubles, compared with a year earlier. The volume of theft from the maps the Russians, with the participation of Bank employees over the same period decreased by 10.2%.
According to the head of Zecurion Analytics of Vladimir Ulyanov, the largest volume leak of customers ‘ personal data (which may cause the theft of their cards) occurs when “migration” of Bank employees.
In General, it turns out that 38% of Bank employees on the posts of the employees and Junior managers copied confidential information when changing jobs or are ready to do it now, — tells Vladimir Ulyanov.
According to experts, usage patterns of customers ‘ personal data standard. The list includes: the write-off small amounts from customer accounts — few of them know the account balances and what operations were performed; design loans and credit cards on Bank customers — the customers some time remain in ignorance that the name of the loan; the write-off of unclaimed accounts (including those of deceased customers).
According to Vladimir Ulyanov, in the framework of the first scenario from the accounts of Russians stole 55 million roubles in 2015, the third — 15 million the Remaining funds were looted through the second scenario.
Vladimir Ulyanov notes that the transfer of logins-passwords are now included in the list of least frequent violations.
Banks understand the risks in most cases, the authentication data is sent to the user privately (e.g., in a sealed envelope) or clients establish logins passwords themselves when they log in the Internet Bank, — the interlocutor specifies. But there are known cases, when Bank employees transferred logins-passwords, vyvedenie using official position, to a third party. In Russia in 2015 year there were 140 incidents of this kind.
According to the head of anti-fraud of the company “jet Infosystems” Alexey Sizov, in an unstable economic situation, cutting wages, cutting bonuses in companies and banks, the employees are in a state of uncertainty, which leads them to the theft of customer data and transfer them to third parties.
According to the Central Bank, in 2015 banks cut personnel costs by 4% compared with the previous year, until 665,7 billion. Estimated HeadHunter, in 2016, banks will cut staff by a third.
— If to speak about internal fraud (without the participation of third parties), the greatest risk are experienced employees who understand the business processes, their sequence, schemes of work, banking systems and, most importantly, the scheme of internal control, says Alexei Sizov. — To protect themselves from the actions of such staff is extremely difficult. Their collusion with a third party (usually initiated by the latter) are also frequent.
Leading expert on information security InfoWatch Maria Voronova indicates that employees were aware of the standard of customer behaviour — where there are, like paying by credit card, cash withdrawals at ATM.
Thus, the banks ‘ staff can deceive anti-fraud system that tracks non-standard payments by disguising fraudulent transactions under the standard, says Maria Voronova. — This is especially true for withdrawing money card clones.
According to Alexey Sizov, banks are actively dealing with internal fraud, using a range of activities, including: more strict authentication of employees (to confirm transactions need confirmation from two employees of the Bank); implementation of systems of control of the staff working not in the framework of reporting; implementation of operational systems analysis of the transactions in correlation with online banking systems, card processing.
The representative of the company “jet Infosystems” notes that the main ways to protect against theft from accounts of clients — connect service of SMS notifications about transactions, check the status of their accounts, attentive to personal data.
According to Deputy Chairman of LOCKO-Bank Andrey Luchina, it is necessary to introduce a statutory ban on working in the financial sector for those Bank employees whose guilt in the leak/theft of customers ‘ personal data is proved.
