Starting from October 1, 2023, banks are required to offer insurance against fraudulent debits to their customers. This demand was made by the Central Bank. The new risk is part of a voluntary policy that previously protected bank customers from card loss or damage.
The regulator's decision looks logical, according to Cyber Media's interlocutors. Card fraud in Russia is growing at lightning speed. And in terms of quantity, quality, and volume at the same time. How dangerous carding is today and what tools are used against it, we will tell you in this article.
In recent years, there have been more and more cases of cardsharing. Both card users and banks, as well as law enforcement agencies, are sounding the alarm.
Modern carding is usually divided into two types – physical and remote. In the first case, the attacker has physical access to the victim's card or ATM. In thefts, special skimming devices are usually used. Often, criminals are employees of banks or service organizations.
Remote carding is when attacks are carried out remotely. The main thing here is to get your bank card details. In order for the carder to continue performing operations, they only need to find out the number, date of service completion, and CVV code.
Multi-factor authentication is one of the most important tools in protecting bank customers from criminals on the Internet. Moreover, many customers in the pursuit of security decide to use at least three forms of authentication rather than two. And there are reasons for that.
In general, the methods of combating carding have changed significantly, and especially over the past five years, experts say. Biometric identification has been added. And banks have also actively started using AI-based solutions. These include machine learning for analyzing behavioral patterns.
Monitoring and analysis of abnormal activity is quite an effective tool in the fight against carders. Companies are actively improving their network perimeter intrusion protection systems, applying restrictions on the number of users, and installing additional layers of protection. The latter often include solutions of the NGFW, IDS, and IPS classes.
There are more methods and measures of struggle every year. Companies invest millions of rubles in funds that protect customers from theft online. However, in practice, huge investments are of little use – many victims transfer bank card data to fraudsters on their own initiative. That is why it is still very difficult to significantly change the carding statistics in Russia, experts say.
In any case, there will be at least three ways to counteract carding in Russia. As before, banks, payment system operators and the state will continue to protect potential victims, experts say.
New payment methods may appear in the future. And the regulatory framework should be ready by that time, " explains Sergey Polunin.
Now it is not retailers and banks that suffer from carding, but people – cardholders and customers. How many years will pass before they learn how to protect themselves from scammers and whether this is possible in general is an open question. Although often the user only needs to use antivirus programs on their devices, update the software in a timely manner, do not click on questionable links, and monitor notifications from mobile banks. According to experts, these four rules are quite enough to avoid being left with zero on the account.
The regulator's decision looks logical, according to Cyber Media's interlocutors. Card fraud in Russia is growing at lightning speed. And in terms of quantity, quality, and volume at the same time. How dangerous carding is today and what tools are used against it, we will tell you in this article.
What is carding?
Recall that carding is one of the most common types of fraud on the Internet. The victim is the owner of a bank card that is used without their knowledge. Carders are behind such crimes – they are criminals who steal funds from other people's cards.In recent years, there have been more and more cases of cardsharing. Both card users and banks, as well as law enforcement agencies, are sounding the alarm.
Modern carding is usually divided into two types – physical and remote. In the first case, the attacker has physical access to the victim's card or ATM. In thefts, special skimming devices are usually used. Often, criminals are employees of banks or service organizations.
Remote carding is when attacks are carried out remotely. The main thing here is to get your bank card details. In order for the carder to continue performing operations, they only need to find out the number, date of service completion, and CVV code.
What does security consist of?
Potential victims are actively protected from both types of carding. Although the methods and tools used are different.Multi-factor authentication is one of the most important tools in protecting bank customers from criminals on the Internet. Moreover, many customers in the pursuit of security decide to use at least three forms of authentication rather than two. And there are reasons for that.
In general, the methods of combating carding have changed significantly, and especially over the past five years, experts say. Biometric identification has been added. And banks have also actively started using AI-based solutions. These include machine learning for analyzing behavioral patterns.
Monitoring and analysis of abnormal activity is quite an effective tool in the fight against carders. Companies are actively improving their network perimeter intrusion protection systems, applying restrictions on the number of users, and installing additional layers of protection. The latter often include solutions of the NGFW, IDS, and IPS classes.
There are more methods and measures of struggle every year. Companies invest millions of rubles in funds that protect customers from theft online. However, in practice, huge investments are of little use – many victims transfer bank card data to fraudsters on their own initiative. That is why it is still very difficult to significantly change the carding statistics in Russia, experts say.
What's next
Carders quickly find ways to bypass card protection. The growing volume of thefts confirms this. Nevertheless, the race continues. And the defense side is preparing new obstacles that criminals will still have to face in the future.In any case, there will be at least three ways to counteract carding in Russia. As before, banks, payment system operators and the state will continue to protect potential victims, experts say.
New payment methods may appear in the future. And the regulatory framework should be ready by that time, " explains Sergey Polunin.
Conclusions
Carding is a story that began with the deception of online stores in the 1990s. Malefactors bought goods using fake cards – they entered random data in payment forms. Fraud was discovered when banks received invoices for non-existent customers.Now it is not retailers and banks that suffer from carding, but people – cardholders and customers. How many years will pass before they learn how to protect themselves from scammers and whether this is possible in general is an open question. Although often the user only needs to use antivirus programs on their devices, update the software in a timely manner, do not click on questionable links, and monitor notifications from mobile banks. According to experts, these four rules are quite enough to avoid being left with zero on the account.
