Ruslan Rakhmetov, Security Vision
Fraudsters and online scammers come up with various tricks to deceive citizens, and the end goal is often the victims' money and personal data. In turn, banks, insurance companies, retailers, marketplaces, and social networks take a number of measures to block malicious and suspicious activity by cyber fraudsters. Counteracting fraud, i.e. fraud, is called antifraud, and includes a number of technical and organizational measures, which we will discuss in this article.
In the previous article, we discussed online fraud and gave a number of examples that clearly demonstrate the danger of such actions. In the financial sector, actions associated with intentional deception are called fraud - the first examples were scams to forge checkbooks, traveler's checks, and weak bank cards in the United States back in the last century. With the development of technology, fraudsters have many more opportunities to commit remote fraud and malicious impersonation. Today, the main types of fraud are:
1) Bank fraud - using stolen bank card data, unauthorized access to a bank account (e.g. through phishing, telephone fraud or infecting the client's device with a virus), copying bank cards with a magnetic strip using a skimmer, using ATM features (e.g. preparing data for a money transfer in an ATM and expecting the next client to insert the card and enter the PIN code, thereby completing the fraudulent transaction and inadvertently transferring money from their account);
2) Financial fraud - financial pyramids, fake investments, advance money transfers for various goods, withdrawal of money from company accounts by insiders, false bankruptcy;
3) Fraud with online stores - creation of phishing clones of well-known sites, use of bonus points from hacked personal accounts, malicious exploitation of features of algorithms for forming discounts and accrual of bonus points, purchase of gift cards from stolen bank cards, false chargebacks;
4) Fraud with accounts - hacking or selection of credentials for authentication under the name of the victim and performing further malicious actions on social networks (sending messages with a request to transfer money, copying data and blackmailing with its disclosure, sending malware and phishing links);
5) Fraud with insurance payments - forgery of documents for receiving insurance compensation, registration of fictitious insurance cases, overstating the amount of damage.
The most dangerous types of fraud are related to financial transactions in banks, microfinance organizations, retail, marketplaces and other online platforms where you can perform actions related to the transfer of funds or their equivalents (bonuses, points, prizes, gifts, paraphernalia, etc.). To detect fraud, such platforms implement various measures to combat scammers, including anti-fraud systems. Anti-fraud systems can be divided into several types depending on the principle of their operation:
1) Transactional anti-fraud - is a search for signs of fraudulent transactions in data stored and processed by operators - a bank, insurance company, or online platform. For example, in banks, transactional anti-fraud systems analyze payments, data on issued bank cards, and customer information. For example, limits can be imposed on the number of payments and on their total amount over a certain period, operations to change linked bank cards in the personal account of a specific user can be tracked - frequent changes in linked cards may indicate attempts to use stolen card data to commit fraudulent CNP (Card-Not-Present, transactions without physically presenting a bank card). In addition, an analysis can be carried out on attempts by different users to use the same card data, unsuccessful authorizations can be monitored when trying to pay for goods, the history of orders and the use of various cards by users can be assessed. Banks can use algorithms for geographic binding of the card - the country of issue of the card, the country of the CNP operation, the country of location of the merchant (online store, seller) are assessed. In addition, transactional antifraud allows you to block money transfers to accounts that are on “black lists” (accounts of fraudsters and criminals), as well as suspend the transfer of funds when a certain limit on the number of transactions is exceeded.
2) Sessional antifraud - is a search for signs that the user's device or account has been compromised. The user's device (laptop, smartphone) may be infected with malware, a remote access trojan, or fraudsters may have persuaded the user to launch a remote administration program. In this case, information regarding the user's session with the bank or online platform, as well as data about the user's device, is analyzed. In the case of a client accessing the bank or marketplace via a browser, a special JavaScript (sometimes called an anti-fraud block) is introduced to the bank's or marketplace's web page, which receives a digital fingerprint of the browser, including information about the IP address and OS of the device, installed fonts and plugins, CSS, WebGL, Canvas parameters - this information is collected and accumulated in the session anti-fraud system. In the case of using a mobile application, the session antifraud system uses a special software antifraud block, which is built into the bank's mobile application and acts as a local collector of information about the smartphone (manufacturer, model, OS version, installed applications, etc.), and can also include antivirus functionality to detect malware infection or use of remote administration programs. For example, "red flags" for the session antifraud system will be using a browser in Headless mode, a fake (imported) browser fingerprint, using a mobile OS emulator, cloning an application, using customized OS builds, using a proxy or VPN. As a result, the bank or marketplace receives information about how much the current device and account can be trusted - if the session antifraud mechanisms did not reveal any deviations from retrospective data on previous connections, the user can safely make transactions.
3) Behavioral antifraud is an analysis of anomalies in user and device behavior compared to accumulated historical data. Behavioral antifraud uses antifraud blocks to analyze user actions with an application or website - evaluate mouse movement speed, keystroke speed, movement across the application screen, and the order of working with the website or application. This information is accumulated and then a model of typical behavior is built for each user, and deviations from it are considered an anomaly and lead to temporary blocking of the account and the inability to conduct financial transactions. For example, the behavioral antifraud system may become suspicious of automatic filling of fields on a page, instant scrolling of a web page, or transition to sections that are atypical for the client (for example, to the transaction limit settings). In addition to the specified mechanisms, it is possible to use user profile data (age, gender, preferences) and identify deviations from client transactions in the same group - for example, early deposit closure and withdrawal of large amounts from ATMs are not typical for clients of retirement age, which may be normal for young people.
4) Risk-oriented antifraud is an analysis of potentially malicious and suspicious user behavior in an application or on a company's website. For example, the list of criteria used for risk scoring may include IP address (connections from the Darknet will raise suspicions ), use of anonymization tools (for example, various privacy plugins for browsers), sorting through all products on the site ( scraping is possible ), sorting through promotional codes, attempts to log in with different credentials, "entering" stolen payment card data with an attempt to purchase a product, mass creation of new accounts, access to resources via API . Another risk factor may be access to the site from devices infected with malware - they can be part of a controlled botnet and execute operator commands.
5) Antifraud using machine learning and artificial intelligence allows you to process huge arrays of metadata and logs collected by Internet sites, banks and marketplaces in order to find hidden correlations and anomalies in them, identify potentially dangerous devices and compromised accounts, predict and prevent dangerous actions in advance. Unlike traditional systems that are based on signatures (characteristic signs of fraudulent transactions) and rules created by analysts, antifraud solutions based on ML and AI can independently adapt to constantly changing fraudulent schemes and effectively identify anomalies in user behavior.
The problem of banking fraud in Russia is more acute than ever. Thus, the Central Bank of the Russian Federation review states that in 2024, the volume of transactions without the consent of clients amounted to 27.5 billion rubles - compared to 2023, the growth was almost 75%. In addition, the message of the Ministry of Internal Affairs of the Russian Federation emphasizes that in the period from January to July 2025, the damage from illegal actions committed using information and telecommunication technologies amounted to almost 120 billion rubles. Such volumes cannot but cause concern, therefore, work is continuously underway at the state level to combat fraud in various ways, including through the creation of various information systems and the adoption of regulations. Thus, in 2018, the Central Bank of the Russian Federation, based on the ASOI FinCERT platform, created the Feed-Antifraud AS, which collects data on unauthorized transfers of funds and distributes feeds (attributes of recipients of unauthorized transfers) among participants in the information exchange with the Bank of Russia. Already in 2022, the Federal State Unitary Enterprise "GRChTs" officially launched the Unified Platform for Verification of Telephone Calls (UPVT) "Antifraud", which is designed to prevent fraudulent calls with the substitution of a telephone number in the networks of telecom operators. Then, on April 1, 2025, Federal Law No. 41 was signed on the creation of a state information system (GIS) for combating offenses committed using information and communication technologies (ICT), and on August 14, a plan for the implementation of this system was approved. This system involves the creation of a specialized digital platform that will allow law enforcement agencies, the Central Bank of the Russian Federation, credit institutions and telecom operators to exchange information necessary to identify offenses in Russian cyberspace.
The state is taking the necessary measures to combat fraud at the strategic level. Thus, the first package of anti-fraud measures includes some legislative requirements that will come into force as early as September 1, 2025:
1) Mandatory labeling of calls from organizations is introduced;
2) Citizens will be able to refuse mass telephone calls;
3) Citizens will be able to set a self-prohibition on the registration of SIM cards in their name;
4) It will be prohibited to transfer their accounts and control of the phone number to third parties;
5) Citizens will be able to connect the "second hand" service to protect against fraudsters - this will allow you to appoint a trusted person to confirm or reject money transfers;
6) Additional anti-fraud control is introduced when issuing cash through ATMs. The Order of the Central Bank of the Russian Federation defines 9 signs of fraud when issuing cash from ATMs, including uncharacteristic client behavior, atypical location of the ATM, receipt by the client of an unusually large number of SMS messages and calls, cash withdrawal immediately after applying for a loan.
It should be noted that a new, second package of government measures to combat fraud is currently being discussed.
.jpg)
