Banks of Russia will inform the Central Bank about the participants in fraudulent transactions
The information exchange will allow banks to track suspicious card transfers.
According to new edition standard of information exchange rules on cyber attacks and information security incidents in the financial sector, the Bank of Russia will receive information from banks on all participants in fraudulent transactions. The exchange of such information will take place in the FinCERT system (Computer Incident Response Center of the Bank of Russia), in which all Russian banks exchange information about fraudulent transactions.
The document will enter into force on October 1, 2023. It is necessary for the implementation of the law on information exchange between the Bank of Russia and the Ministry of Internal Affairs of Russia. The updated standard will allow banks to provide information about fraudulent transfers based on more than 50 unique features. This includes, for example, cases where an online bank is opened simultaneously from different geolocations, or a pre-approved loan is issued immediately after the restoration of access to an online bank that was blocked due to incorrect entry of credentials.
In addition, banks should pay attention to suspicious card transactions from a new device. When such transactions are detected, banks will send FinCERT information about the device from which the fraudulent transfers were made – its manufacturer and model, SIM card number, geolocation and other parameters.
Also, banks must provide information about cyber attacks and leaks of personal data, and as detailed as possible – in accordance with the international system for classifying the actions of intruders.
On the basis of FinCERT, an information exchange system was created between financial market participants, law enforcement agencies, providers and telecom operators, system integrators, anti-virus software developers and other companies working in the field of information security. Participants in the information exchange, which involves more than 1,000 organizations, report on the threats they have identified and attacks carried out against them, and FinCERT provides recommendations on how to counter these risks.