The Bank of Russia will now receive information from banks about all participants involved in fraudulent operations, according to the new version of the standard of information exchange of cyber attacks and information security incidents in the financial sector. This exchange will happen in the Finzer system, which serves as the response center for computer incidents of the central bank. All Russian banks use this system to exchange information about fraudulent operations.
Starting October 1, 2023, the document will be enforced to comply with the law on information exchange between the Bank of Russia and the Ministry of Internal Affairs of Russia. The updated standard will provide banks with the capability to report information about fraudulent transfers based on more than 50 unique criteria. This includes cases such as when an online bank account opens simultaneously from different locations or when a pre-approved loan is granted after unblocking an account due to incorrect accounting data.
In addition, banks must keep an eye out for suspicious transactions from any new devices. If fraudulent operations are detected, banks must report information about the device, such as its manufacturer and model, SIM card, geolocation, and other relevant parameters, to the Finzer.
Banks are also required to report incidents of cyber attacks and leaks of personal data, and categorize the attackers as accurately as possible based on the international classification system. The Finzer system allows participants in the financial market, law enforcement agencies, providers and telecom operators, system integrators, antivirus software developers, and other information security companies to exchange information about identified threats and any attacks they experience. The system includes over 1,000 organizations.