Unauthorized transactions: general overview
| Number | Value, RUB thousand |
Share of social engineering % |
Share of funds reimbursed, % |
|
|---|---|---|---|---|
| Q1 2021 | 237,737 | 2,873,356.49 | 56.2 | 7.3 |
| Q1 2022 | 258,097 | 3,294,160.94 | 52.5 | 6.2 |
Number of unauthorized transactions, share of social engineering
| Q1 2021 | Q1 2022 | |
|---|---|---|
| ATMs, payment terminals, imprinters | 17,180 21.7% | 30,480 47.2% |
| Remote purchase of goods and services | 170,803 52.1% | 186,593 49.1% |
| Individuals’ RBS* system | 48,250 81.9% | 39,731 72.0% |
| Legal entities’ RBS system | 1,504 79.0% | 1,293 69.3% |
Value of unauthorized transactions (RUB, thousand), share of funds reimbursed
| Q1 2021 | Q1 2022 | |
|---|---|---|
| ATMs, payment terminals, imprinters | 304,920.21 6.8% | 532,079.24 2.5% |
| Remote purchase of goods and services | 879,204.19 18.9% | 953,521.69 17.7% |
| Individuals’ RBS system | 1,126,831,54 1.5% | 1,660,927.42 1.1% |
| Legal entities’ RBS system | 562,400.55 1.2% | 147,632.59 2.5% |
Unauthorized transactions executed using ATMs, payment terminals and imprinters
| Number | Value, RUB thousand |
Share of social engineering, % |
Share of funds reimbursed, % |
|
|---|---|---|---|---|
| Q1 2021 | 17,180 | 304,920.21 | 21.7 | 6.8 |
| Q1 2022 | 30,480 | 532,079.24 | 47.2 | 2.5 |
Unauthorized CNP transactions*
| Number | Value, RUB thousand |
Share of social engineering, % |
Share of funds reimbursed, % |
|
|---|---|---|---|---|
| Q1 2021 | 170,803 | 879,204.19 | 52.1 | 18.9 |
| Q1 2022 | 186,593 | 953,521.69 | 49.1 | 17.7 |
* Card-not-present transactions — transactions made without payment card physically present.
Unauthorized transactions executed using individuals’ RBS systems
| Number | Value, RUB thousand |
Share of social engineering, % |
Share of funds reimbursed, % |
|
|---|---|---|---|---|
| Q1 2021 | 48,250 | 1,126,831.54 | 81.9 | 1.5 |
| Q1 2022 | 39,731 | 1,660,927.42 | 72.0 | 1.1 |
Unauthorized transactions executed using legal entities’ RBS systems
| Number | Value, RUB thousand |
Share of social engineering, % |
Share of funds reimbursed, % |
|
|---|---|---|---|---|
| Q1 2021 | 1,504 | 562,400.55 | 78.6 | 1.2 |
| Q1 2022 | 1,293 | 147,632.59 | 69.3 | 2.5 |
Number of incidents by type and attack vector, quarterly change
| Q1 2021 | Q1 2022 | |
|---|---|---|
|
Attacks on clients of financial institutions. |
963 | 705-26.8% |
| Attacks on clients of financial institutions. Social engineering |
10,136 | 9,691-4.4% |
| Attacks on financial institutions. Malware |
56 | 50-10.7% |
| Attacks on clients of financial institutions. Exploiting software vulnerabilities |
47 | 0 |
| Other incidents | 137 | 284+107.3% |
Scam phone numbers identified, quarterly change
| Q1 2021 | Q1 2022 | |
|---|---|---|
| Numbers starting with 8 800 | 133 | 335+151.9% |
| Landline phone numbers | 4,185 | 71,284+1603.3% |
| Mobile phone numbers | 1,786 | 17,935+904.2% |
Over the reporting period, the Bank of Russia sent 89,554 requests to telecom service providers
asking them to take measures against scam phone numbers.
Number of scam websites withdrawn from delegation, quarterly change
| Q1 2021 | Q1 2022 | |
|---|---|---|
| Unlicensed activity | 503 | 111-77.9% |
| Fraud* | 429 | 1,716+300.0% |
| Malware | 48 | 2-95.8% |
| Pyramid schemes | 18 | 57+216.7% |
* Scam websites of non-financial institutions and companies disguised as real financial institutions.
The Bank of Russia sent requests to domain name registrars asking to carry out appropriate verification procedures and withdraw from delegation 1,886 domain names that were used for conducting illegal activities.
Moreover, the Bank of Russia sent information about 1,298 domains to the Prosecutor General’s Office of the Russian Federation to initiate verification procedures and take measures to restrict access to these domains under Article 15.3 of Federal Law No.