Countering External Fraud

The Smart Fraud Detection system checks payments in real time, suspends or blocks those that seem suspicious.

The SMART FRAUD DETECTION system detects the following fraudulent activities:

  • Provision of fake and fraudulently modified electronic payments (Internet banking, mobile applications)
  • Fraudulent transactions with payment bank cards: unauthorized actions with accounts and funds within the banking network of information systems (Internet Bank, mobile applications, bonus systems, loyalty cards)
  • Performing operations without the client’s consent. Signs of such operations are regulated by the Bank of Russia
  • Fraudulent actions with bonus systems and loyalty cards.
    • Abnormal actions with bonuses or miles (credited and used) by customers, employees, and partners
    • Unauthorized withdrawal of bonuses or miles
    • Stealing customer credentials to use bonuses or miles


Examples of external attacks that reflect the SMART FRAUD DETECTION system.

1. Attacks on Internet Banking and Mobile applications: 

Unauthorized transactions in e-banking from the client workstations

Trojan infection of the client:

  • Substitution of payment details
  • Remote control of the client’s computer or mobile app
  • Automated process of generating and sending illegal payments

Theft of RBS User credentials

Phishing (fake site):

  • Theft of customer credentials: user names, passwords, interception of one-time passwords

“Social engineering”

  • Theft of customer credentials with further transfers to fraudulent accounts and cards
  • Self-transfers by customers to accounts and cards of fraudsters

Attack on the RBS infrastructure

Trojan infection in the Bank’s infrastructure:

  • Theft of customer credentials: user names, passwords, interception of one-time passwords
  • Distribution of malicious code – infection of client workstations
  • Generating and sending an illegal payment

2. Attacks on card transactions:

  • Skimming (data reading), making duplicates
  • Skimming (data reading), making “Card Not Present” payments (online purchases)
  • Phishing (fake sites) for online purchases
  • Fraudulent point of sale: with a POS terminal or virtual – online store
  • Theft of a genuine card, use for fraudulent purposes

3. Social engineering