in this exchange are ready, because in my opinion. this, of course, is critically important, the speed of exchange and the speed of decision-making, because after all, now many attacks are going on large participants, the market, small ones. while they look like this, but it will reach everyone and everyone should participate in this and everyone should ready for it. and of course. e fig financial literacy must not be forgotten. uh, at this stage, it is important that people are more resistant to these various hmm fraudulent initiatives. thank you thank you but still however, i am a representative of the people who actively work with banks trust him with their funds. naturally. i want my funds to be protected, among other things, if i accidentally transferred money under the influence of some external persons.

to another bank, and it turned out to be a thief, naturally, the question arises about compensation for damage, which i understood, so i would like to ask all participants in the discussion one question very briefly answer it, how would you feel about compensating for damage, or part cases that your client, well, and then deal with it yourself, uh, with the one who stole money from the account. vladimir yes, let's start answering from the other side, because we won't have to compensate anyone for money from our accounts. this is rather painful for banks, perhaps, but even in stanislav 11 , we will have to talk more about this here. and what would i like to say that you know the thesis that there should be people's own responsibility and awareness of the commission of certain actions. i think this is a very important thesis

and financial literacy. understanding. what you are you doing? that's why, there is only one such aspect so that it does not harm in the sense that now i know that no matter how much money i transfer to someone. i'll still be reimbursed for everything, so that it doesn't lower. here is this degree of some normal healthy responsibility among citizens. this is aspect. it seems to me that one should not let out attention. it's clear? the social pessimist means, and my answer in this sense will be what? yes, imagine you have issued a mortgage big big mortgage. so this client comes in 2 weeks and says, you know, i'm here under social pressure, as if i took a loan from you, then i won't return it. well, how would we then risk, probably, to turn into some kind of social. uh. well, there is a period of cooling, strange as it were, well.

organizations, therefore, it seems to me, here , uh, where it would be more correct to have water divisions, yes, so, if you accordingly warned nine times that you shouldn’t do this, it means that you still went to the cashier and took it off. yes? and, that is, if the technologies have worked correctly and actually the organization has all the traces of the fact that the actual client was there, a repeatedly warned. so, respectively. there is confirmation that he, as it were, rejected this help in various forms, yes, then i don’t understand, er, the justice of this compensation arises, as it were. well, of course, what a-ah. it seems to me the position, as far as the bank can prove that it warned in time, a explained, and so on. here, i would suggest to move some such. ah, logic. yes, in general, i didn’t say that i was against it, but that’s what,

i understood, your thought is clear, what is needed work with your own to separate the wheat from the chaff. i said this, stanislav yes, my colleagues are also a very important issue. just started to raise the first microphone. say yes, it's an important question. you raised anatolyevich as a representative of the people and i would like to say the following first. uh, if the bank is at fault for not protecting the customer. our position is that the bank must return the money if, after all the warnings of the seventh time, the client independently withdrew the money and only the logic told to him, took the money to the typewriter, independently banks should not be held responsible. this is such an approach, however, in the second part. we have the opportunity to help the client to return this money, and we have these opportunities.

as a credit institution, we have the opportunity today, under law 115 , to help the client return this money in the event of a 10-day freeze. this project is already on the wings in relation to our clients, when clients give us a power of attorney and we spoke during the microphone when customers give us powers of attorney. we within 10 days, but actually provide a refund to customers. eh, that's their fault incurred. uh, there uh, the costs of transaction transfers. uh, well, we really hope for 161 laws, and now the central bank team has developed it together with banks. e anatolyevich and you pull. and here it is sure to tell you in plain text the speed, the speed , faster, please, the law. givers help.

us community did not come tools. arm us with tools. we could here in within 161, when for 2 days it will be possible, according to the information of the central bank, to block these funds to return to our customers. this is also very necessary and important, and yet we started speed. it is now important in these conditions. elvira yes, i will not please the banks. i believe that banks should be responsible to their customers, banks that we have, advanced with models of anti-fruit protection systems and everything else. they must do this . a person is more defenseless than a financial institution with such power in front of a fraudster. and by the way, this is not only a question of knowledge, when the person gets in. here under the influence of scammers, this and some psychological readiness.

yes, a person may be psychologically vulnerable at some point in his life. knowledge does not always save. you and i are well aware of many examples when e even managers of advanced financial organizations fall for the duck of scammers. the question is not only the knowledge of the system such protection. you see, financial literacy, i can't say just the financial institutions themselves that provide these services uh and uh. for me, definitely. eh, this law needs to be passed. that is, if money is transferred to an account, mm to the account of a fraudster, and to fraudsters mm a fraudster. why is it yes, that is, the central bank has a database and it shows that this account is a fraudster, firstly, this is a fraudster's account. we need to block faster. secondly, there is a person's money, but he should not transfer at least two days to take the rap. this is for me , of course, but the questions that are related here, when a person is admonished to know such cases

, are the heads of banks. uh, constantly to tell that they even tell and ask not to transfer money, the person insists. i know that i need to transfer money there, what should i do in this situation? i think that we should also be here and think about these decisions. that is, if we know that this site is a scam. it is in the database, it is necessary to block the receipt of funds for it. and not so let's e man think for 2 days, well, this system. you also need to think about the second one. i know that yesterday was already discussed in the margins. uh, insurance questions forums from cyberlisk - this is a tricky question about cyberlisk insurance. uh, it's hard to assess the risks. e, but in principle it is possible to think about this with a limit of liability with some conditions, of course, of the relationship between e, the bank and the client. especially if this anti-fraud system, which is underway by law, will be created, it will be

easier for insurers to assess risks. and, of course, these self-prohibitions, oh, that we are talking about, they should also work, but, but i think, we will not achieve the turning point that we talked about in the first question if we cannot achieve breakpoints in this issue of damages. all the same, compensation for damage by banks. encourages banks to more actively engage in antidote will feign those actively engage in anti-rode. sorry if you weren't happy. stanislav i return to you and, in principle, to the same discussion. you have already begun to talk about the principle of suspending transactions, if they cause you not transactions, but transfers, yes, if they cause suspicion, obviously, if a law on compensation is adopted. e cut to a citizen who translated himself. as for the criminal, his

funds, then this work activates, as your experience is, there are credit organizations, respectively, they can act effectively, but this probably requires a legislative legal framework. here tell us about your experience and what you need to do to make this experience possible. well, thank you, anatol

gennadyevich, you are talking now, of course , about the fact that the deputies will soon adopt amendments to article 161 and we will still have the opportunity. here for these 2 days. we support against them if the heads will realize anatolyevich if the banks will transfer, uh, money to these accounts, uh, the banks will be obliged to return this money to the client , this is what she said, elvira is mandatory. we support this approach. before that, i said that we have additional opportunities. and that's what you say stimulate lending institutions. this is probably the right approach, because it is a search for new solutions. this is a search for new knowledge and interaction with telecom operators with law enforcement agencies with a mincert. well and so on and so on. as for the transformation of fraud phones, this is also a topic that, uh, vadim touched on, look, if before the twentieth year they stole money from customers. basically, transactions from the twentieth

became the twenty-first, probably the twentieth -twenty-first transaction plus loans. by the end of the twenty-first, we already had about 20-25%, e losses in telephone fraud on loans, the question arises to antifraud. and you only monitor transactions, uh, or you and other channels should monitor. after that it happened to us that since the twenty-second year of the transaction, housing loans have been a whole problem for housing. but from the end of 22 to 23. here we have a new trend in general, which is generally incomprehensible. how to approach this transaction plus plus. yes, and terrorism, when they began to set fire to it. uh, military registration and enlistment offices, we have three cases when they deliberately set fire to these telephone machines with ukraine under duress or threat, by the way, uh, our three zones are there 24, office and so on. we believe

that this is still a crime and the riga ladies. i'm here not ready to agree, so here are the people who commit this kind of crime. this is in fact terrorism and it is necessary to take this into account as well and look for some forms of application of appropriate measures against these people. uh, in my opinion, yesterday or the day before yesterday there was another kind of arson of someone, there were structures. that's exactly according to the same scheme, but anatolyevich is very beautiful to call for today. they talked about droppers. we call them drops. these are the same people who are involved in phone scams that remove money transfers them further, more precisely, that's not what removes them transfers. here is the money his task is 30 seconds, minutes, maximum to send another person, breaking this money into several transactions at those next stages. here are the drops. all are named one, two, three, and so on. this year, my team and i decided to create a whole program

to combat drop pumps, initially our study of this problem. this is a whole, it turns out, here are the industries in russia we counted at least 50080.000 active drops in russia, someone is acting deliberately someone unconsciously, but unfortunately, this is a whole such phenomenon, with which also all our entire community all cybersecurity industries. we need to do something , we need to fight, and now a few conclusions that we also need too, well, to comprehend, they cash out, as a rule, at atms, sometimes in offices. and now what happens next. here, uh, vadim valeryevich knows well, there are high-rise buildings in the network , in some of these buildings there are crypto-exchanges. and this cash money without presenting passports is carried to the crypto-exchange receives kodi or a long number drives to ukraine and there it is filmed in any currency and used during military operations already

against our country. here in september is on our radars. we have fixed in these high-rise buildings on these few cryptos that work legally. uh, the record figures for transferring money to crypto in the form of bitcoins is 500 million rubles. and here you are as representatives of the people. of course, it will be necessary to think about at least showing their passports. these people are theirs. either they are there somehow fixed we asked, such as a passport. yes, law enforcement agencies should also come looking. wait, who are you, how do you finance in general? the war on the other side it exists openly today. and unfortunately, we all urgently need to do something about this. well, here's the fight with drops. eh, it’s also possible, provided that we join our efforts together, we, frankly, are determined to put things in order together. with all our partners and the ussr, there is also order in

this direction, but we are at the beginning of the road. vadim well then, the continuation to you. approximately the same question, are you ready, together with the savings bank, with other banks? well, first of all, the largest ones will unite to create some kind of structure , an institution that will send out. just the fight against droppers. there are problems on the one hand. it would seem that it would be possible to legislatively prescribe e, blocking all these accounts, but suddenly there will be conscientious persons. it is this mechanism that needs to be thought through and here we jointly work out a solution. we here i will add we do not think that there is good faith. we have brought experiment, and in one day 119,000 dropper cards were blocked, one hundred percent got no complaints and all the names, then the next ones were already glued and already they have no opportunity to continue to deal with each other, but

i have a lot of appeals, strange to our voters of citizens about the fact that their accounts are blocked and they complain to the bank that this was done illegally. vadim , please give me the floor, i’m here, probably, where would i start the answer with the fact that, uh , we definitely need some kind of information, online system and we are ready for it invest together with the savings account and, probably, the most correct place in this system. it’s somewhere, after all, like a centralized infrastructure, so it’s more likely that this should be done on the basis of a fincert, and so on, but this is not only about droppers. here, so that i would like to emphasize the amount of data that is consumed there, e.g. our artificial intelligence is artificial intelligence, and in the collection it is large and moreover, the number of different models that we add there, it

is growing. for example, now we have uh, there in this year, in fact, everything that concerns how a person types. in what state what buttons does it use similar? or the putter doesn’t look like, yes, that is, but there is already some kind of artificial intelligence that will measure the psychological state of the client, but remotely, and these models, of course. uh, well, a bad word, but they eat a lot of different data, including, for example, the print pattern e. yes , but without this, uh, hmm, bring it like this, well, from the savings, and there 99 with a tail. uh, we have 98 -plus and so far. uh. well, actually, we are moving to mm already indicators. e, including uh, shot down, that is, it is impossible to say, as here is the first question, that i did nothing for this. no, it's not like we're aiming. yes , but what is important is that this information resource should

be online. it should contain different data classes, confirmed unconfirmed, as well as additional data for your own, well, this simulation on the fly, therefore, yes, of course, and we are ready to share, maybe even transfer some of the models that would spin on the merged data and as an element of development in order to to actually, well, by combining these neural networks, and on two sets of data from the savings and ours we will get. maybe there is 99.8. yes. e, the accuracy of the model, and then the whole market will be able to use this one, and the model that works on two sets, and there are already even technologies, uh, that can combine data there, but at the same time not compromise or reveal them to another participant, that is so wrap the cell. yes, well, to conditionally

save. fully revealed to vtb and vtb before the collection, but at the same time modeling was possible, yes, therefore, actually, uh suggestions here yes, definitely technologically. we are financially ready, and it seems to me that this should be right for us this year. eh, well, the main task. it's good that the two largest banks have, in principle, agreed on the need to create such a system. now it is important to move from an agreement to real actions. and, of course, the material action will probably start. this is the regulator. elvira, you have a question about uniform standards for combating social engineering. how do you feel about it? we are also in my opinion. these unified standards, including those that could encourage banks to join forces

faster in order to fight evil together, this market should be not only in the field of social engineering, but we are talking about information security, in general, because we talked about technology are changing. what is the problem with these unified standards, not all participants in the financial market. have experience have experts have database based. which just many methods are used, which we talked about today, plus there is a problem, uh, that you've already raised in many organizations and, uh, small and large. uh, often the business unit dominates the information security divisions and profitability comes first. and information security matters. on the second third fourth fifth and so on, of course, financial institutions that think about their

long-term profitability. but the long-term is not right now u get it they have a conflict of interest, maybe not here, but unfortunately, uh still in many financial organizations. this is such a focus on profitability, of course, for commercial organizations, it also gives, uh, so there should be minimum standards. and uh in doing so, we certainly applaud, uh, their own voluntary efforts, uh, financial institutions that set higher standards for themselves. and there are those who are more advanced in this matter, and therefore we invited financial organizations to participate, who can share their experience and, of course, the introduction of mandatory standards that not everyone can do now should be supported, a supported than primarily infrastructure and data exchange fees.

this is probably the most basic frames too, but uh working with data here in order to build effective antifraud models without data it is impossible to do so these platforms should be uh hmm i am also very welcome to what we are discussing today and i i hope this will be a practical solution. this will be the practical result of our our. forum , we will also discuss with fincert how to use the platform of the central bank in order to facilitate, uh, the exchange of such data, but what sounds like one of the fears here is that suddenly we will block honest ones in the fight against scammers. but this is probably understandable to all fears. we don't want conscientious members to suffer, but in my opinion. uh, after all, the methods of technological fight against fraudsters, namely platforms based on data with artificial intelligence with online data,

yes, uh, and what stanislav was talking about, they drastically reduce the probability of error here. here is an example of blocked cards. we have such the same example as in russia on the platform. uh, we see that, yes, there are practically single calls for welding. hmm, and those companies that are in the red, zhenya zone, uh. er, this minified data should be shared with this data. it seems to me that this is important, but in my opinion it is better to think about how to build a system for the quick restoration of the rights of conscientious people. otherwise, we will stand like this, you understand, not to use the most effective methods of blocking. e scammers. and this is a huge problem, so i would be here here i would go on this at the same time thinking about how we quickly, quickly, in the most efficient way , restore the rights of conscientious people in the event

of a minimized error. she is very minimal. vladimir a question for you. we had to participate the minister of digital development. well, unfortunately, i couldn't . he was supposed to answer a question about the possibility of a technological solution to combat this evil in the financial market and, accordingly, from your point of view. can we use all the technologies in including here is the impoverishment of the efforts of the largest financial institutions to ensure the protection of our citizens. here is theft and money. i think it's a technological solution. i am more than sure of this, look even before, let's say , before they left, international payment systems from the russian market. after all, we are more in this area, we are working now, but in general, the russian payment market was to a very large extent. here he was based

precisely on russian domestic solutions from processing, including e, there are a little more problems with this and on certain hardware software systems. and after the departure of a number of even providers of operators on the market, some serious ones. e, here are such indignations, what is called was not and the market did not sink. it seems to me that according to no indicators , there is a fairly active replacement of those elements that initially, perhaps , were used here, but to a greater extent. probably it concerns hardware systems. e encryption. eh, all these ta talis and so on. and now i think we're getting really close even this rather specific segment is used e russian production. em. in general, if we talk about what happened in general, maybe even after i'm talking,

the topic is close to me, um. this is not really about the ministry of digital development in general, but about payment systems. and after the departure of international operators of international payment systems, nothing like that happened with the level of fraud in card projects. moreover, this level was quite low, up to 20. uh, there is the second year. he stayed. here, i see, just the payment system of the world is absolutely and numbers, and front-line operations are fraudulent operations. they remain the same as they were in previous years. despite the fact that even in the past year , the volume has more than doubled, that is, relative. uh, the level of fraudulent transactions. it has almost dropped by more than two times, and i think that these are today the figures for the whole market as a whole, for the payment market and for other payment cards and other payment systems. i'm talking about sbp now, and to a greater extent, and the standard is generally

russian, and in terms of the level of fraud at the level, it is set at the level of semi-basis points. that is, this is one fraudulent operation, for a maximum of 20,000 operations. this level of e come is supported by the participants and, so to speak, this border was not made not in the 21st, not in the twenty-second year, not now, and this figure is absolutely objective, er. 5-6 times lower today than a well in such most developed , let's say, western countries, where kashina and transactions exist much longer and where e cards are used in even greater volumes than the level of fraud in the russian federation. we have 5-6 times lower both normatively and in fact, and was and remains. or maybe now a few words. i would like to say specifically about the system of fast payments, because, you know, you hear such bursts of information that st. petersburg and safe in st. petersburg

have the same level of fraudulent transactions as set by the regulatory maximum allowable, and it is maintained in the same way. it's the same secure system. i must confess. sometimes cases. these cases due to the fact that the system is developing very quickly, not all banks have time to complete some of their own systems, maybe we are actively helping them with this, but the system itself is safe here too. uh, here, too, so that there is an understanding that there are no systemic systemic issues and systemic problems. so ah and technological. i think i'm operational and uh, the software machine is uh, the market is coping. today i don't see. here are some problem points that have already been outlined there or should vladimir is about to surface, well, uh. donna of the recent period were competitors for a serious mastercard visa, they naturally had their own

developments and a decent development of life is moving forward, they were talking about it today and criminals are developing finding new options for their work, so the question arises. here, without such competition. well, you can rest on your laurels, using what is what was created in the conditions of competition. this is the moment you take into account your work and report somewhere how you will provide, the appropriate level of security, taking into account the development of cybercrime, e their activities, can share some examples. i am definitely ready. there's a lot to talk about here, especially when it comes down to it. it was a live broadcast from yekaterinburg , where the cybersecurity finance forum is being held. now the floor is being passed. the fifth studio is joining me. dmitry. they also say, dima. good morning, what will we talk about today? good morning speech. today will, of course.