Translation. Region: Russian Federal
Source: Central Bank of Russia –
An important disclaimer is at the bottom of this article.
From September 1, 2025, banks that issued a payment card to a client are required to check, when issuing cash through ATMs, whether the person is under the influence of fraudsters, and whether the transaction is being carried out by an intruder. The Bank of Russia determined nine signs, which will be used by credit institutions.
If the transaction meets at least one of the criteria, the bank will immediately notify the client and impose a temporary limit on cash withdrawals from an ATM for 48 hours — up to 50 thousand rubles per day. A larger amount can be withdrawn during this period at a bank branch. The method of notification is stipulated by the client's agreement with the bank. As a rule, this is an SMS message or a push notification.
Signs of possible fraud include atypical behavior when withdrawing money. The bank will take into account an unusual time of day, an atypical amount or location of the ATM, as well as a request to issue funds in an unusual way for the client, for example, not from a card, but by QR code or digital (virtual) card. Another sign is the availability of information from the credit institution that at least 6 hours before the transaction, the person's telephone activity changed, the number of SMS messages from new numbers increased, including in messengers.
The bank may decide that the client is under the influence of fraudsters if he or she withdraws money within 24 hours after taking out a loan (credit) or increases the limit on cash withdrawals, including by credit card, and also transfers more than 200 thousand rubles to his or her account via the SBP from his or her account in another bank or closes a deposit for a similar amount early.
The list of suspicious signs also includes a change in the phone number for authorization in the Internet bank, receiving information (including from telecom operators) that the characteristics of the phone with which the client withdraws money have changed, or the presence of malware on his device. Separate criteria are provided for withdrawing money using tokenized cards.
Preview photo: Drazen Zigic / Shutterstock / Fotodom
Please note: This information is raw content obtained directly from the source of the information. It is an accurate report of what the source claims and does not necessarily reflect the position of MIL-OSI or its clients.