Статья 'The factor of complex interaction in responding to telephone fraud' - журнал 'Security Issues' - NotaBene.ru
по
Меню журнала
> Архив номеров > Рубрики > О журнале > Авторы > О журнале > Требования к статьям > Редсовет > Порядок рецензирования статей > Политика издания > Ретракция статей > Этические принципы > Политика открытого доступа > Оплата за публикации в открытом доступе > Online First Pre-Publication > Политика авторских прав и лицензий > Политика цифрового хранения публикации > Политика идентификации статей > Политика проверки на плагиат
Журналы индексируются
Реквизиты журнала

ГЛАВНАЯ > Вернуться к содержанию
Security Issues
Правильная ссылка на статью:

The factor of complex interaction in responding to telephone fraud / Фактор комплексного взаимодействия в реагировании на телефонные мошенничества

Плешакова Екатерина Сергеевна

ORCID: 0000-0002-8806-1478

кандидат технических наук

доцент, кафедра Информационной безопасности, Финансовый университет при Правительстве Российской Федерации

125167, Россия, г. Москва, пр-д 4-Й вешняковский, 12к2, корпус 2

Pleshakova Ekaterina Sergeevna

PhD in Technical Science

Associate Professor, Department of Information Security, Financial University under the Government of the Russian Federation

125167, Russia, Moscow, 4th Veshnyakovsky Ave., 12k2, building 2

espleshakova@fa.ru
Другие публикации этого автора
 

 
Гатауллин Сергей Тимурович

кандидат экономических наук

декан факультета «Цифровая экономика и массовые коммуникации» Московского технического университета связи и информатики; ведущий научный сотрудник Департамента информационной безопасности Финансового университета при Правительстве РФ

111024, Россия, г. Москва, ул. Авиамоторная, 8А

Gataullin Sergei Timurovich

PhD in Economics

Dean of "Digital Economy and Mass Communications" Department of the Moscow Technical University of Communications and Informatics; Leading Researcher of the Department of Information Security of the Financial University under the Government of the Russian Federation

8A Aviamotornaya str., Moscow, 111024, Russia

stgataullin@fa.ru
Другие публикации этого автора
 

 
Осипов Алексей Викторович

кандидат физико-математических наук

доцент, Департамент анализа данных и машинного обучения, Финансовый университет при Правительстве Российской Федерации

125167, Россия, г. Москва, ул. 4-Й вешняковский, 4, корпус 2

Osipov Aleksei Viktorovich

PhD in Physics and Mathematics

Associate Professor, Department of Data Analysis and Machine Learning, Financial University under the Government of the Russian Federation

125167, Russia, Moscow, 4th veshnyakovsky str., 4, building 2

avosipov@fa.ru
Другие публикации этого автора
 

 
Былевский Павел Геннадиевич

кандидат философских наук

доцент, департамент информационной безопасности, Финансовый университет при Правительстве Российской Федерации; Московский государственный лингвистический университет

125167, Россия, г. Moskow, ул. Leningradskiy Prospect, 49/2

Bylevskii Pavel Gennadievich

PhD in Philosophy

Associate Professor, Department of Information Security, Financial University under the Government of the Russian Federation; Moscow State Linguistic University

49/2 Leningradskiy Prospect str., Moscow, 125167, Russia

pr-911@yandex.ru
Другие публикации этого автора
 

 

DOI:

10.25136/2409-7543.2023.1.39274

EDN:

LWCDNH

Дата направления статьи в редакцию:

23-11-2022


Дата публикации:

30-11-2022


Аннотация: Предметом исследования является выявление эффективных методов законодательной работы по противодействию использованию телефонными мошенниками таких технических средств как незаконная подмена SIM-карт и интернет-сервисов подмены номеров входящих звонков. Использованы общенаучная методология диалектической (содержательной) логики и сравнительная аналитика практической проблематики и законодательной деятельности органов федеральной власти. Мошенничество наносит огромный ущерб обществу и несет огромные расходы государству. Глобальное распространение интернета позволило мошенникам экспортировать свою деятельность на быстрорастущий рынок и привлечь ранее неиспользованных потребителей. Эволюция технологий и распространение мошеннических подходов в Интернете усугубили проблемы, с которыми сталкиваются лица, ставшие жертвами. Результатами служат доказательства, что при выявлении и своевременном пресечении попыток телефонных мошенничеств (приостановке подозрительных транзакций) для взаимодействия финансовых организаций, телекоммуникационных операторов и правоохранительных органов необходимо законодательное сопровождение и формирование подзаконной нормативной базы. Развитие смартфонов и сотовых сетей увеличивает потребность в мобильной рекламе и целевом маркетинге. Однако это также вызывает невидимые угрозы безопасности. Мы обнаружили, что телефонное мошенничество с поддельными телефонными номерами с очень коротким сроком службы становится все более популярным и используется для обмана пользователей. Статья посвящена рассмотрению проблемы правового регулирования по обеспечению информационной безопасности. Поскольку телефонное мошенничество становится все более распространенным, крайне важно понять, как повысить эффективности предотвращения. Делаются выводы о необходимости для повышения эффективности предотвращения телефонных мошенничеств усиливать централизацию противодействия злоумышленникам по примеру создания межбанковской цифровой платформы «Знай своего клиента».


Ключевые слова:

Информационная безопасность, телефонное мошенничество, социальная инженерия, дистанционные финансовые сервисы, идентификация, противодействие, профилактика, нормативно-правовая база, законодательство, фишинг

Abstract: The subject of the study is to identify effective methods of legislative work to counteract the use by telephone fraudsters of such technical means as illegal substitution of SIM cards and Internet services for substitution of incoming call numbers. The general scientific methodology of dialectical (meaningful) logic and comparative analysis of practical problems and legislative activity of federal authorities are used. Fraud causes huge damage to society and incurs huge costs to the state. The global spread of the Internet has allowed scammers to export their activities to a fast-growing market and attract previously untapped consumers. The evolution of technologies and the spread of fraudulent approaches on the Internet have exacerbated the problems faced by victims. The results serve as evidence that when detecting and timely stopping attempts at telephone fraud (suspending suspicious transactions), legislative support and the formation of a subordinate regulatory framework are necessary for the interaction of financial organizations, telecommunications operators and law enforcement agencies. The development of smartphones and cellular networks increases the need for mobile advertising and targeted marketing. However, it also causes invisible security threats. We have found that phone fraud with fake phone numbers with a very short service life is becoming more and more popular and is being used to deceive users. The article is devoted to the consideration of the problem of legal regulation to ensure information security. As phone fraud becomes more common, it is extremely important to understand how to increase the effectiveness of prevention. Conclusions are drawn about the need to strengthen the centralization of countering intruders in order to increase the effectiveness of preventing telephone fraud, following the example of creating an interbank digital platform "Know your Customer".


Keywords:

Information security, telephone fraud, social engineering, remote financial services, identification, counteraction, prevention, legal framework, legislation, phishing

Статья подготовлена в рамках государственного задания правительства Российской Федерации Финансовому университету на 2022 год по теме «Модели и методы защиты текстов в рамках противодействия телефонному мошенничеству» (ВТК-ГЗ-ПИ-30-2022)

Introduction

Countering telephone fraud is an important direction in ensuring the security of financial services for organizations and citizens. The subjects of protection against telephone fraud are government agencies and commercial organizations, primarily financial ones, and banks among them. A feature of their activities to protect citizens from telephone fraud is the need for legal instruments for organizational measures and the use of technical means. Successful legislative innovations in recent years have resulted from the complex interaction of financial industry entities, proving the need for further effective application of this organizational principle in the development of legal tools to respond to telephone fraud attempts.

Countering the substitution of SIM-cards and numbers of incoming calls

It seems optimal semantic division of the legislative support to combat telephone fraud and a number of other related types of crimes in the financial sector into two areas, tactical and strategic. Tactical includes the prompt response of legislators, as well as agencies issuing by-laws, to already identified, mature criminal threats. It implies the elimination of regulatory barriers to the centralization of databases not only of defendants in criminal cases in which court decisions have been made, but also of citizens and organizations involved in such types of offenses, as well as suspicious parameters of financial transactions, devices, locations and a number of other characteristics [6].

Increasing the efficiency of this activity is largely determined by the coordination and interaction of the efforts of industry entities, information security specialists in the financial sector. On the one hand, these are practitioners, employees of specialized divisions of financial organizations and law enforcement agencies, on the other hand, they are the creators of the regulatory framework, legislative and by-laws.

The urgency of strengthening the fight against telephone fraud is due to the increase in recent years in the amount of damage from such offenses, their number and variety of fraudulent schemes. Measures and tools to prevent telephone fraud are an important area of counteraction along with detection, blocking and elimination of consequences. Normative, primarily legislative support is an important aspect of preventing such offenses along with organizational measures and technical means [1].

The most highly specialized legal tools to prevent telephone fraud, both by voice calls and via mobile Internet, are new legislation that tightens procedures for verifying information about SIM card holders and preventing phone number spoofing [8]. The technical tool of a widespread fraud scheme was the illegal replacement of a SIM card, which the attackers carry out without notifying the legal owner of the phone number.

Thanks to such an operation, fraudsters could gain access to financial transactions with a client’s account through a mobile banking application, intercept SMS messages with one-time passwords, and illegally transfer funds to the accounts of their accomplices or dummies. Until a legal client realizes and contacts the bank, he does not receive bank notifications about debits from his account either in SMS or push messages. To counteract the use of this technical tool by fraudsters, a legal framework has been developed to create a unified information system (UIS) to verify the authenticity of subscriber information.

Such a system should be available to credit and other financial institutions for timely verification of the legality of the use of SIM-cards by citizens, organizations and individual entrepreneurs. For this purpose, the State Duma of the Russian Federation adopted a draft law “On Amendments to the Federal Law “On Combating the Legalization (Laundering) of Proceeds from Crime and the Financing of Terrorism” and other legislative acts of the Russian Federation (on the creation of an information system for verifying information about a subscriber)”.

This bill creates a legal framework to counter attackers who seek to commit theft or gain access to financial services by passing identification, illegally using someone else's SIM card. Mobile operators are obliged to ensure prompt provision of information to credit institutions about the replacement of customer SIM cards. Having received such information, the bank or other financial organization has the opportunity to check whether the client or the attacker has replaced it. It took a lot of time to agree on the amendments to discuss the comments and objections, including those received from the Government of the Russian Federation and the Bank of Russia, regarding the mandatory participation in the use of the UIS, as well as the rates for the service on checking the legality of replacing a SIM card by a subscriber.

Another common tool used by phone scammers is phone number spoofing; this is not yet banned low-cost service, widely advertised on web resources. To imitate the phone number of an incoming call, attackers use services that use the SIP protocol for Internet telephony [3]. Thus, an outgoing call can be made both from a mobile phone and using an Internet browser. The subscriber receiving the call can have both a random incoming number and a substitution service user-defined number.

Thanks to the use of such a service, the phone number identifiers of potential victims show not the number from which the attackers call, but a fake one [2]. Depending on the fraud scheme, on which organization the scammers represent, a fake incoming phone number is determined. The phone number of a relative or acquaintance, customer service or bank security, a television show or lottery, a medical or legal service center, or even law enforcement agencies can be imitated to the addressee of the call.

The legal basis for the use of technical means and the application of organizational measures to counter the abuse of this service by telephone scammers was created by the Federal Law "On Amendments to Certain Legislative Acts of the Russian Federation" No. 429 the federal law of December 8, 2020. Organizations of various profiles are involved in the implementation of the new norms, primarily mobile operators and telecommunications companies subordinate to the Ministry of Digital Development of the Russian Federation. Preliminary work at the stage of the bill was carried out with the active participation of the Bank of Russia, and coordination was carried out with a number of relevant federal executive authorities.

Ensuring the suspension of transactions as a rapid response measure

Operational or tactical prevention - prevention of telephone fraud is to protect individuals and legal entities, clients of financial organizations from ongoing attacks of telephone fraudsters [7]. Telephone frauds are predicted, their signs are highlighted in the monitoring of information security events and incidents, identified, blocked or localized. These measures help to prevent the completion of the attack, the withdrawal and cashing out of stolen funds.

The peculiarity of the warning is to prevent the development and final success of telephone fraud attempts by identifying, suppressing and then entering data about the incident into databases and possibly transferring it to law enforcement agencies for initiating criminal cases. The prevention of telephone fraud attempts can be carried out at the early stages of the offense, from the "far frontiers" - for example, by identifying and identifying the phone number from which the call is made as a fake one. The “last frontier” of fraud prevention, the late, penultimate stage of an already committed crime, is blocking the ability to dispose of stolen funds, already stolen, but not yet cashed, with the possibility of returning them to the rightful owner.

Information security divisions of banks have repeatedly raised the issue of insufficient powers in the field of suspension of suspicious transactions before legislators. The legislation limited the period of temporary suspension of such transactions to five days, the application of this procedure was allowed only if the affected client, from whom the funds were stolen, disputed the transaction before these funds were credited to the recipient's bank account.

Representatives of the banking community have developed and proposed amendments to the legislation that increase the period for blocking transfers between bank cards of different customers up to 25 days in case of contesting the transaction. Such an extension allowed for a more thorough investigation into the legality of the contested monetary transaction. A customer disputing a transaction was given the opportunity to submit a relevant application to their bank no later than the day following the incident. In turn, the recipient of the disputed transfer or payment was asked to provide documentary confirmation of the legality of receiving the blocked amount of money within five days. If this condition is not met, the disputed transaction will be returned to the account from which it was sent.

When a suspicious recipient provided supporting documentation, it was assumed that the bank could freeze the received funds for a period during which the payer could challenge the transaction in court. At the same time, the transfer of personal data of the recipient of the disputed transaction to its sender was provided. To remove these personal data from the law on bank secrecy, the authors of the amendment proposed amending the law on the national payment system, adding an exception for cases where the sender disputes the transaction. As an example, a similar right granted by law to an arbitration manager in bankruptcy was indicated.

The development and clarification of the norms of federal law-152 of July 27, 2006 “On Personal Data” and 395-1 the federal law “On Banks” serve to create legal instruments for the return to legitimate owners of blocked funds stolen from them, but not cashed. and banking activities. Further events developed in such a way that they showed significant flaws in the accepted requirements. The peculiarities of the wording either made it difficult or even prevented the exchange between different banks and with law enforcement agencies of information about the accomplices of telephone scammers who were withdrawn cash of stolen funds. In the course of the development of legislation, a legal basis was created for the formation of a database that includes cases of telephone fraud - illegal transfers as a result of deceiving customers, both unsuccessful attempts and completed crimes.

The provisions of paragraph 4 of Art. 27 of the Federal Law of June 27, 2011 No. 161the federal law “On the National Payment System”, the possibility of suspending and exchanging data with other banks and law enforcement agencies about transactions made by a client under the influence of telephone fraudsters. The creation of new legal instruments resulted in the formation and maintenance by the Bank of Russia of the database “On cases and attempts to transfer funds without the consent of the client”, which combines up-to-date information received from financial institutions of various types.

Changes in legislation were required to formulate criteria not only for the legitimacy of transactions, but also for signs by which illegal payments can be identified [4]. Without such criteria, it was impossible to suspend suspicious transactions upon receipt of the results of the proceedings, and, based on the results of long-term statistics, determine suspicious details of bank accounts and their owners. This measure is important in relation to both telephone fraud and other acquisitive crimes in remote banking.

To eliminate this vulnerability in the legislation, which does not allow building organizational and technical mechanisms to counter the use of bank accounts to withdraw stolen funds. Amendments to the federal laws the federal law 161 of June 27, 2011 "On the National Payment System", the federal law 395-1 of December 2, 1990 "On Banks and Banking", the federal law 86 of July 10, 2002 were developed, discussed and adopted. of the year "On the Central Bank of the Russian Federation". Similar changes were made to the Arbitration Procedure Code of the Russian Federation. All proposed corrections were approved by the Bank of Russia and were also successfully agreed upon with the Government of the Russian Federation.

Centralization of databases of signs of telephone fraud

The share of fraudulent debits and thefts from citizens' accounts using bank cards, mobile and Internet banking, and telephone communications in 2015 increased from 66% to 74% of all thefts in remote financial services. The new norms legislatively formalized both the rights and, in certain situations, the obligations of banks to temporarily block transactions with funds when there are signs of its commission without the consent or as a result of misleading the legal owner. The formulation of the list of signs of suspiciousness of transactions was delegated to the main state regulator of the financial sector, the Bank of Russia. Opportunities were created to delegate to banks the independent identification of additional signs of fraudulent activities and theft.

Countering telephone fraud requires the creation and operation of a specialized unified centralized updated database of suspicious details, with the participation of various parties - state regulatory control and supervision, law enforcement agencies, financial organizations, with partial access by citizens. Such a structure can combine the already emerging specialized databases of information about suspicious clients and other citizens, bank accounts, details, etc., formed on the basis of operational-search activities, based on the results of court cases, internal investigations, etc.

An example of such a specialized database can be lists of organizations and citizens in respect of which there is information about involvement in extremist activities or terrorism. Such lists on the basis of paragraph 2 of Art. 6 of the Federal Law "On counteracting the legalization (laundering) of proceeds from crime and the financing of terrorism" dated August 7, 2001 No. 115 the federal law is compiled by Rosfinmonitoring and transferred to operators of funds or other property.

To form an important element of such a database to combat telephone and other fraud, which has received the conditional name of the “know your customer” platform, the necessary legislative framework is being created [5]. Federal Law No. 423 the federal law dated December 21, 2021 “On Amendments to Certain Legislative Acts of the Russian Federation” granted the Bank of Russia the authority to rank corporate banking customers into “risk groups” from July 1, 2022 in accordance with the likelihood of them conducting suspicious transactions. A number of criteria have been defined by which the degree of risk is determined: low, medium and high; this is information about the founders, beneficiaries, managers, employees, the state of their bank accounts and the nature of the operations and transactions carried out.

The Bank of Russia was able to use its own regulatory documents to determine the parameters and list of such information, as well as the procedure for accessing them - on its website, through the personal accounts of credit institutions, etc. Testing of the banking platform "know your customer" was carried out by the Bank of Russia from the end of 2021 to the spring of 2022. At this preliminary stage, 40 connected credit institutions participated in the operation of the platform, with prospects for further expansion of the number of participants and availability for all credit and other financial institutions.

Banks and their internal control units are also allowed to rank clients according to various risk groups, taking into account the information and estimates contained in the centralized database of the Bank of Russia. Depending on the assignment of the client to one or another “risk group”, he may or may not be refused to conduct certain financial transactions. The “Green Corridor”, the impossibility of refusing to transfer funds to a Russian legal entity or individual entrepreneur, is provided for clients classified as a low risk group.

In this case, bank employees will be able to refuse only by transferring the client to a higher risk group. Clients ranked in the group of both high and medium risk, in case of suspicion of involvement in laundering of illegal income or financing of terrorism, may be denied opening a bank account, a deposit, as well as a deposit. A banking service agreement with clients from high-risk groups can be terminated on the basis of at least two decisions per year to refuse to conduct financial transactions.

Conclusions

The analysis of the problems of combating telephone fraud in Russia, as well as works reflecting foreign and international experience in this area, allows us to formulate proposals that can optimize and increase the efficiency of the development of legal instruments at the legislative level. The identified features of the preparation, development, adoption of federal laws in the field of security of remote and electronic financial instruments, counteraction to crimes in this area using computer and telecommunication technologies lead to the conclusion that it is possible to enhance the predictability and strategic nature of this legal and regulatory activity.

An analysis of the development of regulatory tools for information security in the financial sector demonstrates the successful improvement of federal legislation that creates the legal basis for the creation of a centralized interbank platform "Know Your Client" under the auspices of the Bank of Russia, as well as countering the substitution of SIM cards and incoming phone numbers. Further implementation and development of the principle of complex interaction between industry entities can increase the effectiveness of legal support for combating telephone fraud.

Библиография
1.
2.
3.
4.
5.
6.
7.
8.
References
1.
2.
3.
4.
5.
6.
7.
8.

Результаты процедуры рецензирования статьи

В связи с политикой двойного слепого рецензирования личность рецензента не раскрывается.
Со списком рецензентов издательства можно ознакомиться здесь.

Предмет исследования. Статья "Фактор комплексного взаимодействия в реагировании на телефонные мошенничества" посвящена проблемным вопросам противодействия подмене SIM-карт и номеров входящих звонков, обеспечения приостановления операций в качестве меры быстрого реагирования и централизации баз данных признаков телефонного мошенничества.
Методология исследования. В ходе выполнения работы использовались современные методы исследования, как общенаучные, так и частные. Методологический аппарат составили следующие диалектические приемы научного познания: абстрагирование, индукция, дедукция, гипотеза, аналогия, синтез, исторический, теоретико-прогностический, формально-юридический, системно-структурный правового моделирования, а также, применение типологии, классификации, систематизации и обобщения. Применение современных методов позволило изучить сложившиеся подходы, взгляды на предмет статьи, выработать авторскую позицию и аргументировать ее. В работе использовалось сочетание теоретической и эмпирической информации.
Актуальность исследования. Актуальность усиления борьбы с телефонным мошенничеством обусловлена увеличением в последние годы размера ущерба от подобных правонарушений, их количества и разнообразия мошеннических схем. Противодействие телефонному мошенничеству является важным направлением в обеспечении безопасности финансовых услуг для организаций и граждан. Субъектами защиты от телефонного мошенничества являются государственные учреждения и коммерческие организации, в первую очередь финансовые, в том числе банки. Особенностью их деятельности по защите граждан от телефонного мошенничества является необходимость правовых инструментов для организационных мер и использования технических средств. Успешные законодательные новшества последних лет стали результатом сложного взаимодействия субъектов финансовой индустрии, что доказывает необходимость дальнейшего эффективного применения этого организационного принципа при разработке правовых инструментов реагирования на попытки телефонного мошенничества.
Научная новизна. Новизна данной темы исследования объясняется новизной самих общественных отношений и соответственно отсутствием должных юридических и технических (технологических) инструментов противодействия подмене SIM-карт и номеров входящих звонков, обеспечения приостановления операций в качестве меры быстрого реагирования и централизации баз данных признаков телефонного мошенничества. Обосновывая научную новизну данной темы, необходимо обновить статистические данные на сегодняшний день, приводимые автором для иллюстрации актуальности поднятой им проблемы (в статье по состоянию на 2015 г.: "Доля мошеннических списаний и краж со счетов граждан с использованием банковских карт, мобильного и интернет-банкинга, а также телефонной связи в 2015 году увеличилась с 66% до 74% от всех краж в сфере дистанционных финансовых услуг"). Хорошо было бы показать динамику этих преступлений. Может быть показать, влияние антиковидных мер на рост этих общественно опасных деяний.
Стиль, структура, содержание. В целом статья написана научным стилем. Однако, есть стилистические ошибки в построении предложений, повторы слов и словосочетаний в предложениях. Например, в заключении статьи оба вывода начинаются со слова "анализ" (analysis) и др. Дважды повторение словосочетания "Федеральный закон" в предложениях, относящихся к названиям нормативного правового акта некорректно: Federal Law No. 423 the federal law dated December 21, 2021 “On Amendments to Certain Legislative Acts of the Russian Federation...”, "..of paragraph 2 of Art. 6 of the Federal Law "On counteracting the legalization (laundering) of proceeds from crime and the financing of terrorism" dated August 7, 2001 No. 115 the federal law...". "Federal Law "On Amendments to Certain Legislative Acts of the Russian Federation" No. 429 the federal law of December 8, 2020..." и т.д. Необходимо тщательно вычитать текст статьи с целью устранения стилистических и иных грамматических ошибок. Проверить правильность употребления артиклей (замечание технического характера). Хотя статья структурирована, и по содержанию отвечает заявленной теме. И в целом материал изложен последовательно, грамотно и ясно.
Библиография. Полагаем, что автором изучено недостаточно источников по теме исследования. Обычно предъявляемое требованию к количеству библиографических источников доля научной статьи не менее 15.
Апелляция к оппонентам. В статье для аргументации собственных выводов автор обращается к мнениям других ученых, обращение корректное, в форме цитирования.
Выводы, интерес читательской аудитории. Статья "Фактор комплексного взаимодействия в реагировании на телефонные мошенничества" написана на актуальную тему, отличается элементами научной новизны, имеет практическую значимость и при условии ее доработки может быть рекомендована к опубликованию. Данная работа может представлять интерес как российским ученым и практическим работникам, так и зарубежным специалистам, занимающимся проблемами компаративистики.
Ссылка на эту статью

Просто выделите и скопируйте ссылку на эту статью в буфер обмена. Вы можете также попробовать найти похожие статьи


Другие сайты издательства:
Официальный сайт издательства NotaBene / Aurora Group s.r.o.