Quarterly data on transactions not authorised by customers of financial institutions are published in the Statistics section.
1. General information on unauthorised transactions1
In 2023, the value of unauthorised transactions increased by 11.48% year-on-year driven by growing card-to-card money transfers (+10.54% to ₽136.38 trillion). Unauthorised transactions accounted for 0.00119% (vs 0.00097% in the previous year) in the total value of money transfers.
Total value and number of unauthorised transactions
Unauthorised transactions in 2023: individuals and legal entities
Key figures on unauthorised transactions
In 2023, credit institutions returned to their customers 8.7% (₽1,378.8 million) of the total value of money transfers made without customers’ consent, while in 2022 this figure stood at 4.4% (₽618.4 million).
Transactions without consent of individual customers by type
In 2023, as part of reporting form 0403203, credit institutions provided information on transactions without the consent of individual customers broken down by the following main types of transactions: Cards, Accounts, SBP, E-wallets, and Without opening account.
Number of transactions without consent of individual customers (in thousands)
In 2023, the number of fraudulent transactions involving payment cards ranked first among all types of transactions, totalling 984,770.
Value of transactions without consent of individual customers (in million rubles)
The largest amount of funds was stolen as a result of transactions involving payment cards (₽7,120.37 million). At the same time, the largest amount of funds returned to customers was related to transactions of the Accounts type and totalled ₽666.77 million.
Volume and number of thefts prevented
Since 2023, credit institutions have been sending information to the Bank of Russia on prevented thefts of funds. In 2023, the value of prevented unauthorised transactions reached ₽5,798.35 billion. Thanks to the effectiveness of anti-fraud procedures adopted by credit institutions, criminals failed to commit 34.77 million fraudulent transactions.
2. Statistical data from FinCERT automated incident processing system
Telephone fraud
In 2023, the Bank of Russia sent 575,669 phone numbers used by fraudsters to steal money from individuals to telecom operators for appropriate response measures.
Fraudulent phone numbers identified
Attackers keep using scenarios of calls allegedly from ‘bank security officers’, ‘law enforcement authorities’, and ‘the Central Bank’. They have also added scenarios related to calls allegedly from mobile operators.
The Bank of Russia continues to work with the Russian Ministry of Digital Development, financial market participants, and telecom operators. Over 2023, the number of fraud calls using landline phone numbers (geographical numbering zones) decreased by more than 75%. However, attackers continue to actively use mobile phone numbers (non-geographical numbering zones) and messengers, where they make calls and send malware and forged documents. In addition, the number of calls using
Attacks using phishing websites
In 2023, as part of its interaction with domain name registrars in the top-level domains .ru, .рф and .su, as well as other geographical top-level domains, the Bank of Russia sent information to the registrars on 3,639 online resources in order to remove their delegation, which was 30% less than in the previous year (5,217 resources). As earlier, on average, it takes registrars from three hours to several days to remove domain delegation.
Fraudulent online resources sent to domain name registrars
The Bank of Russia continues to cooperate actively with the Prosecutor General’s Office of the Russian Federation to block access in Russia to online resources that disseminate information about the provision of unlicensed financial services or advertise pyramid schemes. In 2023, access to 34,677 resources was blocked based on the regulator’s information, which is more than three times higher than in the previous year.
Fraudulent resources referred to the Prosecutor General’s Office
This was achieved thanks to cooperation between the Bank of Russia and the Russian Ministry of Digital Development on automated identification of online resources and pages on social networks used for illegal activities.
In 2023, the Bank of Russia initiated the blocking of access to 4,464 social media pages/groups and 35 applications. As in the previous year, most of the blocked pages/groups on social networks had been used for unlicensed activities. Blocked applications had been used to conduct phishing under the guise of existing credit institutions.
Resources used by attackers in 2023 by type (%)
In 2023, more than a half (55%) of the online resources for which the Bank of Russia initiated action were related to phishing. These are resources whose main purpose is to steal the data of customers of financial institutions. Compared to 2022, pyramid schemes ranked second (21%), although the number of resources subject to measures actually doubled. Fraudulent resources used by criminals to carry out unlicensed operations in the securities market and the activities of non-existent credit and microfinance organisations were also active in 2023, accounting for 15% of all resources. Other fraud accounted for about 9%, and less than 1% represented resources disseminating malware.
Cyber incidents and attacks in 2023
In 2023, the regulator observed an overall decrease in the number of cyber attacks against financial institutions compared to 2022; however, the main focus of attacks remained unchanged. Attackers mainly carried out DDoS attacks, sent phishing emails and malware, exploited vulnerabilities in systems used by financial institutions, and used password brute force attacks to compromise the accounts of employees and customers. Some attacks were timely detected and prevented thanks to machine-readable bulletins issued by the Information Security Department of the Bank of Russia daily. The bulletins contain indicators of compromise identified by analysing cyber attacks and incidents.
The practice of attacks against third parties continued in 2023. Criminals targeted integrators and vendors of IT solutions used in the financial market. The main goal of criminals was financial gain. Thus, they typically tried to encrypt documents on corporate servers, disrupt information systems or obtain access to confidential data.
No sophisticated targeted attacks with elaborate techniques were recorded by the regulator. Exploiting vulnerabilities in software that had not been updated in time was a prominent feature of critical attacks on financial institutions. One such incident became a mass attack.
To most effectively counter cyber attacks, it is still necessary to comply with the recommendations of the Federal Service for Technical and Export Control of Russia (FSTEC) and the Financial Sector Computer Emergency Response Team of the Bank of Russia (FinCERT) on fixing software vulnerabilities. In 2023, the Information Security Department issued a number of bulletins; three of them contained information on such attacks with a detailed analysis of the attackers’ tactics and techniques and recommendations on how to protect against them.
In 50% of cyber incidents, criminals gained access to the internal infrastructure of financial institutions and aimed to extract confidential information in order to sell or publish it on the darknet.
In 15% of cyber incidents, attackers did not steal any information, but altered content on the institution’s website by publishing various inappropriate materials.
In the remaining 35% of cases, attackers disrupted information infrastructure, which negatively affected the availability of financial services.
1 This overview provides data on the number and value of transactions not authorised by customers in 2023 compared to the same indicators in the previous year. The overview is based on data submitted by money transfer and payment infrastructure service operators to the Bank of Russia as part of reporting form 0403203. The Bank of Russia works on an ongoing basis to improve the quality of data on unauthorised transactions submitted by money transfer and payment infrastructure service operators, including within the framework of supervisory activities. Based on these efforts, a number of institutions send corrected data on reporting form 0403203 for various reasons (including errors in previously submitted data that were independently identified by the institutions).