Make no mistake about it: scammers have discovered security holes in small banks.
Fraudsters have discovered serious vulnerabilities in small banks, Izvestia found out. Small financial organizations do not have enough funds to develop powerful security systems, and they often do not have round-the-clock security services. The attackers are trying to transfer money through them, and they do it at night, market participants confirmed. This is how criminals launder money. The Central Bank is developing a single platform for monitoring questionable transactions, but until then, security holes will remain. See the Izvestia article about why the authorities should take care of supporting small banks.
Scammers exploit the vulnerabilities of small banks
Fraudsters began using security holes in small banks to launder money through them, market participants told Izvestia. The attackers try to make transfers in the evening and at night through small or regional credit organizations, said Andrey Makosko, Deputy Chairman of the Board of Novik Bank.
He explained that money laundering control systems in such financial institutions may be ineffective or virtually non-existent. In addition, small market participants cannot rely on the work of financial monitoring units — they usually do not work around the clock there.
Fraudsters really force victims to open accounts in less secure banks, the press service of the Savings Bank confirmed. They are persuaded to transfer their funds there, after which they are withdrawn from the organization, bypassing its less developed anti-fraud system.
"Up to 30% of the stolen money is withdrawn through such transfers," the Savings Bank emphasized.
In addition, in small banks, withdrawal limits may be higher than those of large players, said the Vice President for Information Security at Dom Bank.Russian Federation" Dmitry Nikishov. This is also why fraudsters try to conduct operations through them.
VTB also confirmed an increase in dropper activity at night.
Izvestia asked for ten small banks with assets of up to 5 trillion rubles. At the time of publication, there were no responses from any of them.
Droppers are bank customers who provide their cards for cashing out money or making transfers in favor of shady businesses or other illegal transactions. These can be funds from victims of fraudsters, money from drug shops, crypto exchanges and pirate sites.
Fraudsters also actively use weekends to circumvent control systems in small financial organizations, a representative of Dom.RF Bank added.
In large banks, the monitoring of questionable transactions works around the clock and in automatic mode. This was reported in Sberbank, Sovcombank, PSB and Dom.RF Bank.
Why small banks are less protected from fraudsters
In general, the requirements for payment security are the same for all banks, the press service of the Central Bank reported. The regulator monitors the operation of anti-fraud systems and constantly notifies credit institutions about vulnerabilities.
Nevertheless, medium and small banks often simply do not have such advanced systems as the top market players, explained Alexander Bleznekov, head of Information security strategy Development at Telecom Exchange, an IT integrator. They do not use artificial intelligence and big data analysis, and financial monitoring teams are often reduced to a minimum or combine several functions at once.
— Therefore, small banks really have difficulties in detecting fraudulent transactions, — Alexander Bleznekov emphasized.
Small market participants clearly do not have enough funds to invest in the latest technologies, including cybersecurity, Natalia Milchakova, a leading analyst at Freedom Finance Global, agreed. In 2024, the net profit of small banks (not included in the top 100) did not exceed 1 billion rubles, and they were often unprofitable.
The development and support of security systems requires significant expenses and becomes a heavy financial burden for small banks, explained Dmitry Nikishov from Dom.RF Bank.
Why do we need a platform to monitor Russian transfers?
Small credit organizations need support from financial authorities in developing cybersecurity systems, agrees Garegin Tosunyan, President of the Association of Russian Banks (ARB). Their sustainability is important for the operation of the entire market, he stressed.
"The trend of withdrawing stolen funds through less secure banks suggests that the problem needs to be addressed systematically and by the entire market," Sberbank's press service echoes.
The Central Bank is already developing a platform for monitoring Russian transfers in cooperation with Rosfinmonitoring and banks. The system will bring information about identified dropper clients to all market participants - there is currently no infrastructure for exchanging such data.
It is important that small banks are helped to connect to the decisions of the regulator, Garegin Tosunyan from ARB emphasized. Otherwise, it may result in further losses for them. The central Bank often obliges the entire market to implement not the simplest IT solutions (for example, a digital ruble and a self-ban on issuing loans) completely at its own expense. The ARB believes that such initiatives should be at least partially supported by the authorities.
— The launch of the Central Bank's platform may be delayed. The development of uniform criteria by which banks will calculate droppers can create difficulties,— explained Andrey Makosko from Novikom.
At the same time, without a single platform on which to check a potential client, organizations cannot know in advance that a dropper has come to them, Andrei Makosko noted. It is possible to react only after they commit suspicious transactions.
He added: in addition, droppers are now just intermediate links in the chain of transfers of intruders. Previously, their cards more often received funds from victims of fraudsters, so they could immediately be blacklisted by the Central Bank. Now the scheme has been complicated.
Often, money comes to droppers after laundering through bookmakers, cryptocurrencies or online casinos, explained Andrei Makosko. Because of this, banks are legally unable to do anything with such clients - there is virtually no punishment for them. The activity of droppers and scammers is becoming more and more complicated, so it is becoming more difficult for small banks to cope with this.
The head of the Central Bank, Elvira Nabiullina, has repeatedly spoken about the importance of introducing criminal liability for droppers. Chairman of the State Duma Vyacheslav Volodin said that such a bill could be considered as early as April.
The launch of the initiative could deal a severe blow to droppers in the Russian Federation, concluded Alexey Gorelkin from the Stolypin Institute of Growth Economics. They are the most visible participants in criminal chains. Intruders whose money is being laundered are not so easy to find, and droppers will definitely be identified and punished.
Переведено сервисом «Яндекс Переводчик»
