ask for relevant information. well , you know, sometimes it causes confidence. i lived in kiev some time ago and, accordingly, i feel the ukrainian dialect well. at one time, they often called from there from ukraine very trustingly, while you asked for information and the phone number from which they called was not ukrainian. although i felt that behind her was a ukrainian, and russian, thank god we passed , uh, at the end of the twenty-first year, a law according to which calls from abroad are a substitution of numbers. now already banned last year. we have adopted a law that, in principle, prohibits use

in the first half of the twenty-second year to zero, respectively, the solution worked. i hope that the solution for calls to change numbers in russia will also work, and as a result, fewer people here will fall for the bait of a machine operator, but at the same time , we see that cyber attacks are growing, and if we talk about the world, they are growing annually by 15% well, according to authoritative publications, there in 2015 spending on cybersecurity amounted to a trillion dollars. in the twenty-fifth year , 10 and a half are predicted, that is, 3.5 times over this period of time, if we talk about our country for different reasons, including political last year. just keeper crime 80% compared to

the twenty-first year, since then growth 8 times were committed by financial institutions, approximately 45% well, here too. i think one reason is, of course, geopolitical factors. but at the same time, the fact that we are an advanced country and that we have, in principle, digital technologies in the financial sector. actively implemented, of course, also affects the number of attacks the larger the scope, respectively, the more e attacks, and it is clear that the company strives to provide as many financial services as possible at lower cost, and well, including financial services, and of course they try less, they don’t try, but implicitly from the point of view business interests

are spent less on protecting. your services e protect the scope of work in digital. well, so there's this conflict of interest that creates problems, well, last year. if we talk quantity attack has doubled compared to a year. initiatives, and of course, we will discuss these initiatives today during the discussion, but i would like to anticipate the discussion, but i still

hope that we will work out together with you and the audience today. eh, those. steps are the arguments for the actions that need to be taken in order to minimize the violation, er, which unfortunately are now developing at a rapid pace. i would like to start a soup of questions for the panelists. first two ask a question. well, let's start first with the market participants, those who work in the market , the first question concerns the outcome of the fight against social engineering in the past year. last year, an increase of 40%, what is preventing us from achieving a turning point in the fight against this evil, the first

would like to ask a question thank you very much. anton gennadievich colleagues good morning. good afternoon. i really would like to thank. first the entire cybersecurity team. e of the central bank which prepared this forum and in fact. so he started at such a very high organizational level in general to collect in one room, leaders of the cybersecurity industry have the opportunity to discuss topical issues. finding a solution , uh, feeling each other to unite is very expensive. this is in the first forum. of course, we are all worried about it , colleagues, what we did in preparation for this forum is also very important, because this is also a whole period. a whole interesting page. when we also had the opportunity to look for some solutions, so thank you very much that this forum took place at all we really hope we

really hope that it will be annual and will be our industry's premier cybersecurity forum. eh, the second anatol gennadievich, i will not immediately agree with you, because calls from ukraine have not stopped. and mostly calls come from ukraine. and we see and hear and understand and know it. e. this is bad news, good news, that calls from penitentiary institutions, that is, different zones, have almost stopped. this is good news, because our efforts, uh, and for all structures and the federal penitentiary service, including law enforcement agencies, have led to a specific result and a general background of about 40% frankly, half the centers that worked against the clients of hmm credit institutions from e. these institutions have ceased, this is

good news, but today there are more than 90 two ninety. percentage of all calls in the format of telephone fraud is made from the territory of ukraine the capital of this telephone fraud is still the city of dnipro in peak in dnipro there were more than 1,100 call centers. now about 150 are working in ukraine. we fix about 800-900. e call centers throughout the area and good new is what we have become today to know dozens of times more about the work of these centers, about what they do, whom they call and even what they are not going to do and what clients they are not going to call. i wanted to clarify. uh, the calls are already with a ukrainian number , or is the number being replaced with russian ones, this is the second topic. look, uh,

four uh, telecom fully complies with the letters of the law, those amendments for which were made, which were prepared long enough and thank god but here are several hundred others. uh, especially regional telecoms. e, unfortunately, admits a violation and continues trade without any documents. eh, you can even buy it anonymously there. uh, there's a dozen or so there are 20 phone numbers on the internet right now. uh, it’s even free to use it there for 2 weeks for free, this is a violation of the law of roskomnadzor knows about it and thank god that roskomnadzor began to fine such telecoms and here are the first facts of such fines, they appeared very large here, uh, work is being done. uh , by the way, the prosecutor's office, including the moscow prosecutor's office, which even all these regional violations are today to the discipline, but to unfortunately, this big problem remains

today at the regional level. and we all need to think about how to solve it in the near future. what about sberbank clients? i want to tell you that indeed, in march, we recorded zero figures for telephone fraud against our customers for about 30 days, and now from 100,000 calls a day there are 90,100,000 calls. in a day. we saw zero numbers , an unusual situation, but at the beginning of april everything began to recover and, in general, telephone fraud today has a trend of continuing to settle in relation to clients of credit institutions, as for us, as you know, we have created an anti-fraud platform, which today, in our opinion, has one of the best performance indicators in terms of efficiency, which are 99 at the end of the beginning of

twenty third year 99.3% where we fix. we stop everything. uh, fraudulent transactions against our customers. in general, following the results of the year, when summing up the results of our work, we came to the conclusion that there was a a turning point in the fight against telephone fraud is the number of calls. e, it was possible to reduce in relation to sberbank customers by 15-20 times at the end of the year. it's a good news. the bad news is that the overall phone numbers in the machine industry don't have such a downward trend. this means that these fraudulent calls simply flow from one credit institution to another credit institution and so on and so on and can return again with new technologies again to those customers. including our clients and in this sense, we of course, we are talking about the fact that

we are ready to share this information. uh, with our colleagues from other credit institutions, in general, the question is now on the agenda. eh, it's a tough question. as a unifier of efforts for us to prevent these overflows in this sense, we also have with my colleagues from other banks. in general, a few suggestions. how to do it? and uh, how do we combine our efforts? we are ready to invest both resources and efforts there in order to create a single such approach to automation so that all banks can use it, and we think that this should be done, of course, on a gratuitous basis, it would be better if this work is led by the central bank, but er, today, it’s just overdue. uh, quite such a union to make, i want to say that we really hope that this will be possible, but our team sees a lot of

calls today. uh, in regards to customers in other banks, and we're still seeing it in the very early stages. we made a decision in may to open access to this information to other credit institutions. absolutely free, when we see that there is a call to some client who can answer one question for so long. and we still have other participants, and we will not worry about you. understood. we believe that fraud has undergone fundamental changes both in the direction of counteraction and in the direction of researching new e, instruments of our actions. uh, but, nevertheless, the percentage of opponents, the percentage of theft, with the help of social technologies, is growing 40% - this is a big figure over the past year. moreover

, the number of the xxi first year was about thirty percent. that is, dynamics, including positive ones. i would like to answer vadim now, just to this question i raised one more topic. i have directly written down what i should ask you, so i would also like to reflect this point in my question. you are in charge of business development. that is for increasing the products that are offered including digital technology and at the same time go security. and accordingly, there are contradictions, because on the one hand you are interested in selling as many products as possible and accordingly, uh, protection comes second, because business profits take over. in such cases or not. or i'm wrong. and if i may, but here’s another question about trends , the difference, what to do since it, well, seems to be general, and then i’ll return to the conflict

of interest. yes, but, it seems to me, look, there is , uh, but there is such an idea that we will break something and, uh, it will become better for everyone at once. it seems to me that this is an illusion, because it is about the same as humanity and disease, yes, both sides and value all the time and yes we are probably now on the verge of, as it were, the invention of antibiotics, which will allow us to conditionally shift this balance, well, in favor of humanity, yes, in this case, in favor of, as it were, systemic organizations, which i mean, there are, well, conditionally three components to be solved and they are close to being solved. uh, the first one is the creation between the members. well, interaction, that is , an individual or a client and an organization , but a trusted trust, yes, on a larger scale, what

is meant trust ivanov must know that he called, and this is true conditionally a bank when vtb communicates, it must be sure that this is ivanov, because, in fact, what happened with the pandemic. yes, well understandable. everything seemed to open. eh, and actually switched to electronic channels of interaction in fact, and corporate organizations of departments and so on. you can now write any organization, as if soaps and write below. i am ivanov, not being an ivanov organization. you, accordingly , begin to give out some information and such methods. uh, phishing for information about an individual is a lot at a fake site for the sale of pizza, yes, and so on, and there are many such , well, conventionally, there are many ways, so the state needs to decide this way, how both sides must understand that for this

they need to start talking just yesterday. there about the electronic passport. we need it there, of course, there are ebes and public services themselves, as such. yes, they decide. e, this method needs to be completed and conveyed to the individual a safe way to communicate and , moreover, add some kind of natural base. uh phone, where it will be clear that this is specifically number 900 belongs. bank number 1.100 belongs to mts and so on, then the individual will know how he can interact safely and solve the problem of responsibility for delivering meaningful information. now the responsibility of the operators is the same, it delivers you a text message. i love you, mom, yes, and uh, in fact, such and such an operation was performed on your card for

the security of this sms responsibility by the operators to challenge. and what happens like this? yes? they deliver it. they say, well, we are not responsible. and probably, there should be some, and there should be a difference between. well actually these messages. it's like here's one second piece. it sounds like this. this is an online exchange. what stanislav said is some kind of system in which we can conditionally feed the necessary data so that our models work online in time from even greater uh, actually accuracy uh, this is blocking. those suspicions that exist at the same time, in order for the final blocking, uh, to work out, point ones will be needed even before uh, well, actually changes in the legislation, so that banks have the right to block

absolutely everything, yes there, well, they are not very big, but nevertheless there are nuances that could be improved. well, the third, no matter how we defend ourselves, no matter how we build a system over a system over a system there. and if a person, as it were, from the ninth time of a conversation and a call to the office with a story, what do you know? you know dear ivanov, how would you be under the influence now, then people we see that you are under the influence. we can even prove it's like at what point means please don't make this transaction. he says, yes, the cashier comes up and withdraws this money and puts it on the account of the car. that is, even actually being re-cleansed, if not the third component is education. uh, like people yes, and actually building a certain form for them, and distrust of such, uh, well, in fact , methods of influencing them, this is the third

component that you need, on which you must definitely deal with, and funny, but n. uh, actually, there is a whole percentage of the client. yes, well, actually. he may not be very big, but nevertheless, who are ready to come, it means to pour them into the department. e employees with green paint, which means that they have heard enough on the phone that they are a participant in special detention operations. so, how can i say terrible bankers who, as it were , are engaged in corrupt activities right here in the bank branch and, in fact , what, well, how to say? now, if they are in the bank, they are not very good. people, so they can be doused. uh, green paint or set the car on fire its bankers, slava prurient, especially those in charge of cybersecurity conflicts of interest. i understand, so look. of course, i myself consisted of conflicts. and

m-m. well, i have a lot of conflict functions inside me, yes, and by and large i'm used to these conflicts, but the short answer is the following, as the goal, indeed, this is profit, but losses for customers, and losses for banks. naturally, it is being reduced, then building secure technologies is a prerequisite for a mandatory goal, so in my opinion. right here no conflict. there is e well, how to say? synergy between these goals? sorry, but practice doesn't show it. i once again return the figures of 40% of the topics simply. in the twenty-first year, 30%. everything, this suggests that the pursuit of profit is the pursuit of income, it is ahead. well, let's just say that the understanding that it is necessary to protect data should

be treated very carefully, including the issuance of loans. well, we will return to this topic now, i would like to ask vladimir to respond to the first question as well. in fact, as a payment system operator and operator. well, in general, some kind of infrastructure for the payment market. mm, in this sense, we see, probably, not that we see other aspects more. here is what sees or vice versa does not see banks on their side. they have a lot of information regarding individuals there. who what where exactly? at what point did you go? we see another aspect e, and now, it seems to me, what is happening here is very important here. in banking connected transactions that are not always visible to banks, because it is very often breaks at the level of cash withdrawals, for example, and transferring them by hand to another atm of another bank. and this

cash they are not visible. uh, what we 're working on right now. and what i think will amount to a certain. well, such a good contribution to the fight against, uh, precisely with this social engineering, which really does not leave russians alone, and we see that the percentage of fraudulent transactions in general is due to social engineering, very high. so, uh, skill due to real and machine learning artificial intelligence work with big data to link one transaction in one bank, where someone withdrew this money and in another. suddenly they are put on the account and understand that this is the same transaction. these are the transactions that we have learned to identify , they show the highest level of correctness and hitting within the framework of a pilot with a number of participants . i do not want to say that we can track all transactions, but those that we have learned to see, there the probability is close to almost 100% and now, uh, the second moment, which is also it is important to note. from such a panel, i don’t want

to go into details, because it’s always a struggle between armor and projectile, then this information very quickly enters the market. and here's how they do it. so we are starting to form some other topics of fraud there. and this is where i disagree . it's not going anywhere. and while there are scammers. and they seem to have been and most likely will continue to improve their means. we are market participants. and those who need to fight it we will be more and more uh, like uh. artificial methods of countering this fraud should also be invented and implemented as quickly as possible, but what should i say? the market is really starting right now. it seems to me to consolidate around the understanding that problems cannot be solved separately with the belief of vtb separately by a separate sec or an officer. it should be a single consolidated structure, which is as technologically automated as possible and able to deal with such calls. here are but and here are the contributions of each, probably, participant.

here they can give very good synergistic effect is very good the idea that one should unite all efforts to combat social engineering. here, one bank, just can not cope. at the same time, if i recall, so to speak, a retrospective, then i remember the period when banks were hushed up, including , by the way, i am the head of the association, as if trying to say less about stealing money, because they were afraid to scare our customers in order to they have not left the banking sector, for example, cash is now in full voice all credit organizations. hmm talk about this problem apply their steps. but at the same time, as i said, 40% , it’s just that this figure is real , according to kaspersky’s laboratory last year

, one and a half billion, in my opinion, data leaked not only from banks, but from various, including large companies, to the market. therefore, the question is why we are not able to turn the tide. the growth rate is unfortunately still negative. yes , good afternoon, dear colleagues. i know that there will be such a question, where we are after all. we are fighting with you. uh, we're discussing it in different forms. uh, each the financial institution is making an effort. we are making efforts as a regulator. er, so where are we anyway? i also looked at all these statistics numbers. well , this seems to be a general answer. the results are not perfect. uh, it was possible not to achieve an explosive explosive growth of some kind of fraudulent services. although such a risk was e, and

here on these figures, because here we have e during the discussion. eh, in fact, we are talking about a banal thing. uh, a glass half empty or half full anatoly gennadievich claims that up to half empty, yes, uh, colleagues with the finance sector, that, here we are still fighting half full ah and ah. that can be seen from the numbers on the qualitative elements, the number of attacks is growing, that is, the challenges are growing. this trend will continue. that's how the number grows, the amount of damage grows, but not at the same rate as the number of attacks, that is, people, in general, unfortunately, there by 4% he loses more money success. attacks are falling, because if you look at the share of fraudulent attacks on non-cash, for example, commodity circulation, then it decreased by 25% this year, there is 1000%.

this is due to the fact that, in general, non-cash turnover is growing technology. uh, social engineering continues to dominate. although her weight has decreased somewhat, we used to talk about two-thirds. now it is also impossible to measure about fifty, but this should not reassure us, but we are fighting social engineering, other technologies will appear . here are the inventors, and in my opinion. of course, the fracture didn’t happen from uh , unfortunately, but the decisive moment here, vadim doesn’t agree that this is an illusion, that will be when you are a turning point we have to achieve it. i will give an example of e, fake coinage. yes, at the right time. uh, the whole country felt that this is a threat if fakery flourishes, the most severe punishment all authorities fought, yes, now it exists, but this is not some kind of socially widespread phenomenon there, and i really did not want financial services for obtaining

financial services. people always associated the risk of fraud in their heads so that he was afraid every time he got a call from somewhere it could be a scammer. it could be a scammer. and now, unfortunately, this trend has appeared in our country ; they are obliged to reverse it with you. and i think we can make a breakthrough here. this is a constant, probably, struggle, but it should be a constantly elusive goal, we can do it, which means that the scammers are as creative as always. yeah, and uh , very focused, and we're acting, uh, disjointed and slow. well, because here all the legislator of the legislative base is involved in the struggle. we are with regulatory supervisory practices, banks , telecom operators, which means, uh, law enforcement agencies need to block telephone sites there. we have learned

to do it faster. yes, many things are faster to do, but all the same, scammers will be faster than us, so the speed and, of course, must be unprecedented. uh, unprecedented level of coordination. this is a real big threat that we have to fight. all this should pass from the awareness of your readiness to be operated on. speed ​​is really very important. and now i'm glad that today colleagues uh and stanislav and uh, vadim supported this idea of ​​information exchange, and that large market participants are ready to invest in it. this is welcome because not everyone can create on their database. uh, so the model with artificial intelligence is not all institutions. if you are ready to share and refine the model, of course, it ’s just fine and we are as a regulator, and we are already imfer to see how it would participate in this exchanger is ready, because in my opinion. this is of course critical.

the speed of exchange and the speed of decision-making, because after all, now many attacks are going on large participants, the market, small ones. for now , they look like this, but it will reach everyone and everyone should participate in this and everyone should be ready for this. and of course, financial literacy. do not forget. uh, at this stage , it is important that people are more resistant to these various hmm fraudulent initiatives. thank you. thank you, elvira sakhizadovna, but nonetheless. as a representative of the people who, uh, are actively working with banks, i trust him with my funds. naturally. i want my funds to be protected, among other things, if suddenly by chance, under the influence of some external persons, i transferred money to another bank. and these turned out to be thieves, the question naturally arises, and compensation from