1. General information on unauthorised transactions1
In 2022, the value of transactions not authorised by customers increased year-on-year by 4.29% amid the active development of new remote payment services and the growing volume of money transfers (+39%, reaching 1,458.6 trillion rubles) performed using electronic payment methods (payment cards and other e‑payment tools). Due to the expansion of banks’ anti-fraud measures, the number of unauthorised transactions declined by 15.31% year-on-year during the reporting period. In 2022, the share of unauthorised transactions in the total value of money transfers was at 0.00097% (in 2021, it was 0.00130%). These figures do not exceed the target benchmark set by the Bank of Russia for the share of such transactions in the total volume of transactions (0.005%) executed using payment cards.
Total value and number of unauthorised transactions
Transactions not authorised by customers: individuals and legal entities
Key figures on unauthorised transactions
The principal strategy used by fraudsters is still social engineering — a method of psychological manipulation that makes people either voluntarily transfer money or give away their banking details, enabling theft. The share of such transactions was 50.4% compared to 49.4% in the previous year. According to the Bank of Russia’s estimates, in 2022, there was an increase in the average amount stolen with the use of social engineering methods, which also led to an increase in the total amount of losses from unauthorised transactions. In 2022, 4.4% (618.4 million rubles) of all losses incurred by customers of credit institutions due to unauthorised money transfers were reimbursed, while in 2021 this figure stood at 6.8% (920.5 million rubles).
Average amount of an unauthorised transaction, RUB thousand
Transactions not authorised by customers (individuals), by type
In 2022, 129.08 thousand cases were recorded of payment cards (except pre-paid cards) being used in ATMs or bank terminals without their owners’ authorisation, with total losses of 1,569.72 million rubles. Notably, 24.1 % of these cases involved the use of social engineering methods. Fraudsters persistently applied a combination of schemes, whereby victims were forced into using this channel for transferring funds, which resulted in a growing number of unauthorised transactions of this type.
Unauthorised transaction performed using ATMs, payment terminals and card imprinters
In 2022, individual bank clients reported 515.88 thousand transactions not authorised by them, which were made to pay for goods and services online (CNP transactions), 48.7 % of which resulted from social engineering scams. Total losses amounted to 2,550.54 million rubles.
Unauthorised transactions involving remote purchase of goods and services (CNP transactions)
Remote banking systems of individuals were targeted by fraudsters over 226.79 thousand times, with social engineering being involved in 69.5% of cases. Total losses amounted to 9,237.51 million rubles.
Unauthorised transactions in remote banking services
2. Statistical data from the Automated Incident Processing System (AIPS) of FinCERT
In 2022, the Bank of Russia sent 756,072 phone numbers used by fraudsters to steal money from individuals to telecom operators for taking appropriate action.
Fraudulent phone numbers identified
The call scenarios previously used by fraudsters, who impersonated employees of banks’ security departments, law enforcement agencies and the Bank of Russia, were supplemented by scenarios related to the partial mobilisation.
Active joint efforts by the Bank of Russia, the Ministry of Digital Development, Communications and Mass Media of the Russian Federation (the Ministry of Digital Development), financial market participants and telecom operators have significantly reduced the number of calls using landline phone numbers (ABC numbering). However, attackers have intensified the use of mobile numbers (DEF numbering) as well as messengers as it was impossible to use landline numbers for calls from abroad as a result of the entry into force of Federal Law No.
Also, the Bank of Russia, the Ministry of Digital Development and telecom operators continue their efforts to counter telephone fraud conducted using official phone numbers of banks. In 2022, telecom operators blocked over 4 million calls (twice as many as in 2021) attempted by fraudsters using spoofing technology.
In 2022, as part of cooperation with domain names registrars in the top-level domains .ru, .рф, .su and other geographical top-level domains, the Bank of Russia sent them information on 5,217 online resources to be withdrawn from delegation, which is a 16% drop from the previous year (6,213 resources). As earlier, on average, it takes registrars from three hours to several days to withdraw a domain from delegation.
Fraudulent online resources sent to registrars
The Bank of Russia is actively developing cooperation with the Prosecutor General’s Office of the Russian Federation for restricting access within the Russian Federation to certain online resources that are known to provide unlicensed financial services and to advertise pyramid schemes.
Since February 2022, the Bank of Russia has been blocking pages (groups) in social media (VKontakte, Odnoklassniki, Telegram), and also computer (mobile) applications hosted in digital app shops (App Store, Google Play etc.) which were used by fraudsters to disseminate similar information. Over the period from 28 February 2022 to 31 December 2022, the Bank of Russia initiated blocking access to 1,942 pages (groups) in social media and to 23 applications. It is worth noting that the majority of the blocked pages (groups) in social media and applications were used for conducting unlicensed activities.
Fraudulent online resources sent to the Prosecutor General’s Office of the Russian Federation
In 2022, the number of resources that were blocked on the basis of information from the Bank of Russia amounted to 10,716, which is more than triple the number in 2021 (3,100 resources).
Online resources used by fraudsters, by type (%)
As in 2021, the bulk of online resources (34%) that were subject to measures initiated by the Bank of Russia were used by fraudsters to conduct unlicensed activities in the securities market as well as to advertise non-existent credit institutions, and also microfinance and insurance companies.
27% of the total were resources advertising pyramid schemes, as well as resources categorised as fraud (websites containing information on how to receive state-provided payments, earn money by completing a survey (test), online cinemas, websites selling tickets, travel tours etc.).
12% of the resources belonged to the phishing category. They were mostly fake websites of credit and financial institutions disguised by fraudsters as real ones. Less than 1% of these were represented by resources disseminating malware.
Where do fraudsters look for victims and who is the most vulnerable to fraud?
Anyone can become a victim of financial fraud, regardless of age or status. However, the Bank of Russia’s survey made it possible to create a profile of an average bank customer most vulnerable to fraud.
- Lives in the city
- Working male with middle income and secondary education
- Active user of online banking services
Type of locality
Percentage of individuals exposed to fraud
What materials about fraud risks did people see most often?
1 This overview provides data on the number and value of transactions not authorised by customers for 2022 as compared with similar indicators of the previous year. The overview has been compiled based on the information provided to the Bank of Russia by money transfer and payment infrastructure services operators under Reporting Form 0403203.
The Bank of Russia continuously works to enhance the quality of information on unauthorised transactions submitted by money transfer and payment infrastructure services operators, in particular as part of its supervisory activities. As a result of this work, several organisations resubmitted revised versions of data under Reporting Form 0403203 for a number of reasons (for example, to correct mistakes in the previously sent data identified by the organisations themselves), which explains the discrepancy between the data on unauthorised transactions presented in this Overview and the data previously published by the Bank of Russia.