• 12 Neglinnaya Street, Moscow, 107016 Russia
  • 8 800 300-30-00
  • www.cbr.ru
What do you want to find?
Q3 Q2 Q1
Q3 Q2 Q1
Q2 Q1

Unauthorized transactions: general overview

Number Value,
RUB thousand
Share of social
engineering %
Share of funds
reimbursed, %
Q1 2021 237,737 2,873,356.49 56.2 7.3
Q1 2022 258,097 3,294,160.94 52.5 6.2

Number of unauthorized transactions, share of social engineering

Q1 2021 Q1 2022
ATMs, payment terminals, imprinters  17,180 21.7% 30,480 47.2%
Remote purchase of goods and services  170,803 52.1% 186,593 49.1%
Individuals’ RBS* system 48,250 81.9% 39,731 72.0%
Legal entities’ RBS system 1,504 79.0% 1,293 69.3%
* RBS — remote banking service.

Value of unauthorized transactions (RUB, thousand), share of funds reimbursed

Q1 2021 Q1 2022
ATMs, payment terminals, imprinters 304,920.21 6.8% 532,079.24 2.5%
Remote purchase of goods and services 879,204.19 18.9% 953,521.69 17.7%
Individuals’ RBS system 1,126,831,54 1.5% 1,660,927.42 1.1%
Legal entities’ RBS system  562,400.55 1.2% 147,632.59 2.5%

Unauthorized transactions executed using ATMs, payment terminals and imprinters

Number Value,
RUB thousand
Share of social
engineering, %
Share of funds
reimbursed, %
Q1 2021 17,180 304,920.21 21.7 6.8
Q1 2022 30,480 532,079.24 47.2 2.5

Unauthorized CNP transactions*

Number Value,
RUB thousand
Share of social
engineering, %
Share of funds
reimbursed, %
Q1 2021  170,803 879,204.19 52.1 18.9
Q1 2022 186,593 953,521.69 49.1 17.7

* Card-not-present transactions — transactions made without payment card physically present.

Unauthorized transactions executed using individuals’ RBS systems

Number Value,
RUB thousand
Share of social
engineering, %
Share of funds
reimbursed, %
Q1 2021 48,250 1,126,831.54 81.9 1.5
Q1 2022 39,731 1,660,927.42 72.0 1.1

Unauthorized transactions executed using legal entities’ RBS systems

Number Value,
RUB thousand
Share of social
engineering, %
Share of funds
reimbursed, %
Q1 2021 1,504 562,400.55 78.6 1.2
Q1 2022 1,293 147,632.59 69.3 2.5

Number of incidents by type and attack vector, quarterly change

Q1 2021 Q1 2022

Attacks on clients of financial institutions.
Phishing

963 705-26.8%
Attacks on clients of financial institutions.
Social engineering
10,136 9,691-4.4%
Attacks on financial institutions.
Malware 
56 50-10.7%
Attacks on clients of financial institutions.
Exploiting software vulnerabilities
47 0
Other incidents 137 284+107.3%

Scam phone numbers identified, quarterly change

Q1 2021 Q1 2022
Numbers starting with 8 800  133 335+151.9%
Landline phone numbers 4,185 71,284+1603.3%
Mobile phone numbers  1,786 17,935+904.2%

Over the reporting period, the Bank of Russia sent 89,554 requests to telecom service providers
asking them to take measures against scam phone numbers.

Number of scam websites withdrawn from delegation, quarterly change

Q1 2021 Q1 2022
Unlicensed activity 503 111-77.9%
Fraud* 429 1,716+300.0%
Malware 48 2-95.8%
Pyramid schemes 18 57+216.7%

* Scam websites of non-financial institutions and companies disguised as real financial institutions.

The Bank of Russia sent requests to domain name registrars asking to carry out appropriate verification procedures and withdraw from delegation 1,886 domain names that were used for conducting illegal activities.

Moreover, the Bank of Russia sent information about 1,298 domains to the Prosecutor General’s Office of the Russian Federation to initiate verification procedures and take measures to restrict access to these domains under Article 15.3 of Federal Law No. 149-FZ, dated 27 July 2006, “On Information, Information Technologies and Protection of Information”.

Department responsible for publication: Information Security Department
Save as PDF
Department responsible for publication: Information Security Department
Was this page useful?
Last updated on: 25.01.2023