“Payment Gambit” — Anastasia Zibinina for the Legal Information Agency
The Bank of Russia has called on credit institutions to introduce simple measures to prevent fraud. But in practice, they are not implemented, and the blame is often placed on the customers themselves. It is not always possible to bring to justice mobile operators who are essentially condoning attackers. Whereas the federal law guarantees consumers compensation for the damage caused by such theft.
According to the regulator, only 56 percent of unauthorized write-offs are associated with the so – called social engineering-obtaining the necessary transactions for performing operations by deceiving the client. Pensioners and other vulnerable categories of citizens are most often the victims of such fraud. In all other cases, credit institutions are obliged to return the funds stolen without the participation of the account holder.
Anastasia Zibinina, Junior Lawyer of Prime Advice:
The law imposes on the client the obligation to comply with security measures when using the Internet bank and mobile application, as well as to respond in time to suspicious activity and promptly inform the bank about it. At the same time, it is not entirely clear what exactly will be the proof of the client's violation of the rules for using an electronic means of payment, which turned into an unauthorized debit.
Wanting to protect themselves, banks often try to shift the risks to the client. Although it is the credit institution that should ensure sufficient security of remote banking systems, and mobile operators should ensure the safe use of SIM cards. However, the boundaries of responsibility are rather blurred and are subject to assessment in each specific case.
As a rule, standard contracts for banking services provide for the client's obligation to immediately notify the credit institution in case of loss or change of the phone number, as well as the need to contact the mobile operator in case of sudden termination of the SIM card. All these actions not only prevent the risk of unauthorized access to personal information, but also leave the possibility for the client to recover the stolen funds by the bank.