WSIS Prizes Contest 2019 Nominee

the Computer emergency response team in financial sphere


Description

Serious surge in money plunders from accounts of private individuals and legal entities in the Russian Federation in 2014-2015 revealed crucial gaps in the sphere of cybersecurity of electronic clearing. To fill in organizational, legal and technical gaps in cybersecurity of the accounts of clients of financial institutions the Computer emergency response team in financial sphere (FinCERT) was established in the Bank of Russia.
FinCERT is aimed at providing it’s partners with the information which can help to increase the level of security of financial transactions, including money transfers. For this purpose, FnCERT is allocated with powers to organize exchange information about cyber security incidents.
Three years later early notification of banks and other members of payment infrastructure significantly reduced losses induced by cybercrimes in financial sphere.
The project KPI is to maintain the percentage of plunders in the total volume of transactions via payment cards below 0,0050% (equal to the limit set by European Banking Authority). In 2015 when FinCERT was created, this indicator encounted 0,0036%, by the end of 2017 it declined to 0,0015%).
In regard of legal entities accounts, unauthorized transactions are construed as actual fraud and fraud attempts via remote banking systems. In 2017 the banks reported of 841 unauthorized transactions amounted of 1,57 billion rubles (20% less compared to the previous year, and more than two times less, than in 2015 (about 3,7 billion rubles). More than a half of the total amount of money falls to the share of the stopped transactions.
In counteraction against telephone fraud FinCERT initiated lock of 27 customer accounts of mobile operators, and also blocked more than 100 mass fraudulent SMS mailings in 09.2017 – 08.2018. Also since September 2017 FinCERT initiated splitting of 38 Internet resources extending malicious software and 1668 phishing domains.

Project website

http://www.cbr.ru/eng/analytics/security/fincert/


Images

Action lines related to this project
  • AL C5. Building confidence and security in use of ICTs 2019
Sustainable development goals related to this project
  • Goal 9: Industry, innovation and infrastructure

Coverage
  • Russian Federation

Status

Ongoing

Start date

2015

End date

Not set


Replicability

FinCERT was built in the structure of the financial regulator of the Russian Federation – Bank of Russia. Similar divisions are being created based on national regulators of some countries of the Eurasian Economic Union. FinCERT provides them with the necessary methodological and advisory support. Thus, similar projects can be replicated based on any national financial regulators, which have the division responsible for developments of information security in financial sphere.


Sustainability

FinCERT work will remain necessary until the cybercrime exists. It is impossible to eradicate completely this phenomenon: criminals adapt to upcoming legislative restrictions and technology improvement of information security systems of the payment infrastructure organizations and invent new ways of receiving illegal access to information systems of banks and to the accounts of their clients. Therefore, the project will remain up to date until the crime exists as a legal category and a form of thinking of certain members of society.


WSIS values promotion

FinCERT helps the financial organizations to build, adjust and quickly stabilize internal information security systems. The data provided by FinCERT is also used by the financial structures to control network integrity and safety of their IT systems, to provide data security and security of online transactions, and to render operational counteraction to unauthorized use of ICTs via response to incidents in real time. To minimize the volume of unauthorized transactions from bank customer accounts is a key objective of FinCERT.


Entity name

the Central Bank of the Russian Federation (Bank of Russia) (CB RF)

Entity country—type

Russian Federation Government

Entity website

http://www.cbr.ru/eng/