FinCERT: social engineering remains main method of money theft
FinCERT published a review of transactions not authorized by financial institutions’ customers in 2019.
According to FinCERT, in 2019, the total value and number of electronic payment transactions not authorized by customers (individuals and legal entities) amounted to 6426.5 million rubles and 576 566 transactions, respectively, with the average unauthorized transaction amount of 10,000 rubles per individual and 152,000 rubles per legal entity. The not authorized transactions figures for individual customers alone are 5723.5 million rubles, and 571 957 transactions.
Moscow, St. Petersburg and the Kostroma region are leaders in the number and value of such transactions.
69% of all transactions not authorized by customers accounted for the so-called social engineering methods such as deceiving or confidence fraud that urged customers to conduct a transaction (97% in 2018).
Banks reimbursed customers in the amount of 935 million rubles (15%, or every 7th stolen ruble).
The unauthorized transactions accounted for 0.0023% of the total value of card payments in 2019 (0.0018% in 2018). Of these, 40 thousand transactions on payment cards (except for prepaid) not authorized by their holders were performed at ATMs or terminals. Almost a quarter (22.4%) of them resulted from the use of social engineering techniques by cybercriminals. The total amount of damage caused by theft through ATMs and terminals exceeded 525 million rubles, while banks returned to customers more than 10% of the stolen money (54.4 million rubles).
Most of the transactions not authorized by individuals were online payments for goods and services (CNP transactions).
Last year, bank customers notified of 371.1 thousand such transactions; 2/3 of them (243.3 thousand transactions) resulted from the use of social engineering methods. The amount of damage amounted to 2971.3 million rubles, while banks reimbursed customers approx. every 5th stolen ruble (653.2 million rubles in total).
The number and value of unauthorized card payments outside the Russian Federation account for 42.5% and 29.3% of their total number and value, respectively (44% and 40.7% in 2018).
Remote banking systems for individuals were attacked by fraudsters 160.8 thousand times, with the social engineering accounting for about 88.9% of them. The amount of theft reached about 2227 million rubles, while the banks returned to customers as few as 162.3 million rubles, that is, every 14th ruble.