Despite the fact that the Bank of Russia notes a decrease in the total number of complaints about MFIs in 2022, the problem of financial fraud in the market remains relevant – according to the regulator, complaints about loan registration by cybercriminals in someone else’s name increased by 38.6%. How do microfinance organizations (MFIs) oppose unscrupulous practices of financial fraudsters?
Challenge accepted: 2022 tested the cybersecurity of MFIs
Last year, the domestic financial system faced many cybersecurity challenges.
So, representatives of the fintech industry recorded numerous hacker attacks, including using DDoS technology, which created episodically a significant burden on the websites of online lenders. Quantity of phishing attacks targeting financial system customers has increased by 60% compared to the same period in 2021. In addition, methods of social engineering are becoming more sophisticated every year; they are adjusted by attackers on the agenda – according to the statistics of the Central Bank of the Russian Federation for the III quarter of 2022, virtually every second financial transaction conducted without client consent, occurred due to the application of social engineering methods.
In this regard, representatives of the online lending market in 2022 started to pay closer attention to testing their systems and development of new algorithms of anti-fraud systems.
The Central Bank of the Russian Federation sets standards for the safety of online lending
Today, the regulator is carrying out a set of measures aimed at combating financial fraud and increasing cybersecurity in various sectors of the economy.
In the financial market, the Bank of Russia standardized borrowers’ data verification to reduce the level of financial fraud and to provide more secure customer interaction with online lending companies. Updates are reflected in the new revision of the basic standard for performing MFI transactions in the financial market.
Now companies will need to comply with a minimum of 3 out of 10 established rules for processing a customer’s loan request. These rules relate to verification of information specified in the client’s questionnaire for its correctness and compliance with data from public sources, BCH, etc. This reduces significantly the risk of unauthorized receipt of funds by third parties, and also allows small players to approach structurally the formation of anti-fraud policy.
Lenders in the fight against financial fraud
Despite the popular opinion in society about the loyal approach of MFIs to application review, online lending market leaders invest daily huge resources in the development of the technological potential of their scoring systems.
The fact is that a fraudulent loan is an incident that is unpleasant for both parties, as for a customer who has concerns about correcting information in credit history, and for a company that incurs losses on loans, initiated by third parties. Typically, lenders support a person who became a victim of a financial fraudster, and are ready to assist prompt correction of data in his credit history in case of his proven non-involvement. Bringing the case to trial requires significant operating costs, so this is a very rare scenario.
Much more profitable for lenders is investing in development and improvement of the scoring system; already at the user claim filing stage it can identify patterns of fraudulent activity.
Modern anti-fraud systems not only allow detecting inconsistencies in data of the application and other sources, but also record atypical behavioral factors (for example, when a user involves consecutively multiple telephone numbers).
In controversial cases, when the automatic system cannot determine reliably the correctness of the entered data, the request is sent for manual verification. Underwriting experts then scrutinize the data in applications, contact the client and ask him special questions.
For example, if a person becomes confused when answering a question about his sign of the zodiac, then, most likely, a third party was involved in the initiation of the loan.
Therefore, companies develop a variety of tools that allow to make sure they are dealing with a bona fide borrower, not with the fraudster.
On the risks of fraud in the financial market in 2023
At the moment, there are several factors that cause the risks of fraud in the financial market to remain high.
Firstly, digital services have long entered the everyday life of people – already now in Russia there are more than 130 million Internet users. At the same time, the demand for online lending services both in banks and in MFOs is not decreasing, which means that financial fraudsters retain wide opportunities for unscrupulous practices.
Secondly, attackers come up with new schemes for obtaining personal data and adapt it to actual agenda using panic sentiment of clients of financial institutions and coming up with more and more believable fraudulent legends.
Thirdly, technology does not stand still. Now no one will be surprised by use of QR code in fraudulent schemes. Representatives of the Bank of Russia also advise to be especially vigilant when responding to unknown persons’ calls in instant messengers, because it is on these platforms that attackers have an opportunity to act completely anonymously.
Nevertheless, there is progress in the fight against fraud in the financial market. But its acceleration is possible if the events held have a complex nature, including work on financial education of the population and the development of initiatives that determine the responsibility of companies in the field of processing and storage of personal data.
By Oleg Abakumov, Deputy Director for Security of Cash-U Finance