Renat Shakirov, Avers Bank: ''Everyone should be able to protect their money on the Internet''
The Bank of Russia is going to oblige Russian banks to certify the electronic payment applications in the Federal service for technical and export control (FSTEC). They will be checked for compliance with the approved in August national safety standard of banking and financial operations, which will take effect from the beginning of 2018.
According to the regulator, the losses of domestic banks and their customers from online frauds last year amounted to about 2 billion rubles. The thefts from bank cards of Russians in 2016 increased to 650 million rubles. How to protect money on your plastic card when making payments online — read in the interview of Realnoe Vremya with Deputy Chairman of the Board of Avers Bank Renat Shakirov.
Not ''fishing'' phishing
Mr Shakirov, what are the most popular schemes of ''taking money from people'' on the Internet the cyber fraudsters have?
One of the most common ways of cyber fraud is phishing. It is the way the fraudsters extract the confidential user data — logins and passwords. This is achieved through sending emails, personal messages within various services, for example, using the name of a bank or in social networks. The email often contains a direct link to a website, the name of which is very similar to the real website name of the bank. After the user goes to a fake page, by a variety of psychological techniques the fraudsters try to induce the user to enter on the fake page their login and password that they use to access a specific website, which eventually will allow the fraudsters to get access to their online account and bank accounts.
Unsuspecting users are asked to renew the card information, including to specify the number of the credit card, CVV, name and surname of the holder, expiry date of the card by sending a reply email, or by visiting the website of the issuing bank and having filled the questionnaire. However, the link attached to the letter is not the resource of the real bank but a fake website that imitates the work of the bank.
Are illegal schemes used only on the Internet?
Some fraudsters have recently sent false messages about a prolongation of a subscription to the WhatsApp messenger to get money from bank cards. An expert in cybersecurity of the company ESET warned the users of WhatsApp about the impending phishing attack — the emails with information about a free subscription completion and insisting on updating payment information. The link provided in the message leads to a phishing site with credir card data entry form.
You have given the examples of online frauds, is it enough to be vigilant when working with the cards only on the Internet?
No, it is not, you have to be vigilant all the time and everywhere — never give your credit card details to anyone. For example, there is another kind of fraud — calls on cell phones from ''representatives'' of the bank with a request to repay a loan or immediately to block the card. When a person says that he did not take a loan, he is offered to clarify the details of his credit card. Then this information is used for unauthorized money transfers from the card account of the user.
In order to protect your money, you need to remember that banks and payment systems never send letters and call to clients asking them to present account data.
There is also quite common method when criminal organizations establish their own stores. The purpose of the existence of such ''outlets'' is simple — to obtain as much data as possible about the plastic cards of customers. Often fraudsters use Internet sites for this as well. Once using the services of such website (e.g., purchasing a product or downloading a video), the holder of the card with surprise finds out that he became its subscriber, and thus, he is monthly charged a fee for a subscription, to refuse from which is quite problematic. Therefore, it is important to use the card details on verified resources.
You should remember: the banks and payment systems never send letters and call their customers asking them to present account data
Security comes first
How to secure yourself and your money?
The only real way to reduce the likelihood of a fraud with plastic card or Internet payments is to observe some simple security rules.
Be sure to leave a specimen signature on the back of the card immediately after its receipt. The confirmation of a credit card transaction can be PIN or CVV. It can be requested both on chip and magnetic cards. The signature on the back of the card is needed for verification by an operator of the signature on the check. The employees of the bank that issued the card nor ATM staff/outlets have the right to demand PIN or CVV code from a user.
But what to do, for example, in a restaurant, when the waiter takes with him or her your card to pay?
In any case you should not lose sight of card out, when paying in restaurants or stores. Now there are mobile devices for making acquiring operations — POS terminals. Therefore, I recommend to ask the waiter to bring this device to enable you to pay the bill at the table, not passing the card into the wrong hands. Look carefully what they do with your card, do not use it in questionable establishments and be sure to keep copies of receipts.
How to secure online transactions?
It is better to use virtual cards for online payments. This card has no material carrier. Rather, it is an online card, but it has a number and CVV. When making online transaction, it is necessary to top up the virtual card from your plastic card with the purchase amount. This can be done in the system of remote banking service or mobile app. Even if the information about this card will get into some resources, it will be impossible to withdraw money from your card illegally as the limit is exhausted. At the same time, by not disclosing the details of the main bank card on the Internet.
The limit on the virtual card can be made higher than the purchase price paid through the Internet. In this case, it is possible to set a limit one-off, which cannot be exceeded, which will also reduce the risk of a fraud.
It is also possible to block the card and then unblock by yourself.
If you have the service SMS-informing, the client knows about any unauthorized transactions on time
SMS notification is the best method of card control
What would you recommend for control of your money?
The easiest way is to enable SMS-informing service that allows the client to obtain information on all transactions by their card. It is the service that is necessary to enable in the first place to ensure the security of card transactions.
For example, for purchase in online store it is required to enable the operation on the Internet. But after a successful purchase, some customers may forget to disable this service. And then they can have money withdrawn from the account. If you have the service of SMS-informing, the client knows about any unauthorized transactions on time.
Can the fraudsters, knowing the card number, use the money?
No, that's impossible. For this they need to know the name of the owner, card expiry date and CVV code — this three-digit code is indicated on the back of the card under the magnetic strip. Knowing these details, you can make an unauthorized transaction on the card. SMS-informing allows to prevent unauthorized transaction. If all this happens, you can call the bank's call centre and block the card or do it yourself through mobile applications of the RBS system Avers Online. An application to the bank must be submitted in the same day or the following.
Are there any additional security means of the money on the clients cards?
Avers Bank constantly cares of increase of security level of customer funds. Thus, the important element of security is the system of Fraud monitoring, which allows to monitor suspicious transactions. It is the monitoring of all information, incoming and outcoming, to detect fraud and suspicious transactions.