Alfa Bank: green light for fraudsters? Part 1

 


This is the next instalment in my series of posts about fraudulent withdrawal of RUR176k from my Alfa savings account in the Alfa Bank mobile app through the Fast Payment System of the Bank of Russia. It was originally published in Russian as "Альфа-банк - «зеленая улица» для мошенников?" here. My last post is here.

This is also my first attempt at determining the extent of Alfa Bank's responsibility for what transpired. This post focuses on the technical aspect of Alfa Bank's giving the green light to fraudsters.

As Alfa Bank claims on its website,

“The current functionality and capabilities of the fraud monitoring system make it possible to keep fraudulent transactions to a minimum.

Alfa Bank provides a three-tier system for fraud prevention, monitoring and risk management:

• a fraud prevention system that uses multivariate filters to stop obvious frauds;

• a system for monitoring high-risk transactions on the side of the payment gateway with online access for a company employee. The system can be configured remotely, incl. by the company's employee, and makes it possible to quickly identify and analyse high-risk transactions based on a variety of the order's parameters;

• a system for monitoring high-risk transactions on Alfa Bank's side to identify high-risk transactions based on analysis of the transaction profile”.

My account history should have given Alfa Bank's anti-fraud system every reason to flag the transactions being set up as suspicious. For a year and a half, I only made transfers using two templates: to my savings account with Alfa Bank in the amount of RUR10k once a month and to my wife's checking account with Alfa Bank now and again, each usually 20k, as templated. In this case, however, my Alfa account was nearly emptied, with two funds transfers made, each RUR88k exactly, to two different payees – and it all took place in the space of 10 minutes. OK, I accept that the first transfer could have slipped under the radar, but how could the second?

Alfa Bank's mobile app called “Alfa Mobile” is promoted as “The easiest and safest way to access your accounts and cards”.

In point of fact, however, the Alfa Mobile app has been hacked or compromised. It displayed all fake attempts to debit my accounts that the swindlers talked about, as I described in my first post on the subject, which is what eventually persuaded me that what was happening was real and posed a clear and present threat to my savings. But for this, I would never have fallen for the scammers' ploys.

It appears to be clear that, in view of such straightforward and unimpeded fraudulent debiting of an Alfa Bank account as happened in my case, Alfa Bank's vaunted fraud monitoring system failed completely, which is evidence either of false advertising or of yawning gaps in Alfa Bank's security arrangements, and in particular the leak of Alfa Bank's customer database, which will be covered in my next post. #AlfaBankFraud

Comments

Post a Comment

Popular posts from this blog

Alfa Bank (Russia) in bed with con artists?

Image
  #AlfaBankFraud [Originally published in Russian as "Альфа-банк в сговоре с мошенниками?" here ] This is the next instalment in my series of posts about the bank fraud I fell victim to. My last post is here .   As I already reported, on 30 June 2020 I got a call on my mobile, whose number is linked to my Alfa Bank account. The caller addressed me by my first name and patronymic, having introduced himself as a member of Alfa Bank's Financial Monitoring Department, and asked me whether I had made a transfer of 1200-plus roubles to a certain person (whom he named but whose name I don't recall). I naturally said no because I don't make transfers to anybody other than my wife. Then he told me this meant that my account was compromised and invited me to undergo an ID verification procedure using the number of my Alfa bank account contract or the number of my “plastic product”, ending in 5413, in order to install “two-factor protection” for my accounts. Everythin...
Read more

RF CB FPS: the choice of fraudsters

Image
  Fast Payment System of the Bank of Russia #AlfaBankFraud Originally published in Russian as “СБП ЦБ РФ—выбор мошенников” here . This is the next instalment in my series of posts about fraud at Alfa Bank. My previous one in this series is here . Initially I wanted to call this post something like “The Bank of Russia's Fast Payment System: fraudsters' dream come true” because before it went online they had to steal money in chunks up to RUR15k through anonymous accounts with online banks, and the FPS has presumably raised this limit to RUR100k, and possibly has removed it altogether. In my case, the swindlers would have had to talk me into making 12 transfers in order to debit my Alfa Bank account to the tune of RUR176k, and this was hardly doable for them for a number of reasons. But on second thoughts I decided that I did not yet have sufficient reason to describe the FPS as fraudsters' dream come true, and I came up with another title, one that is strictly true. Le...
Read more

Alfa Bank (Russia): Sink or swim - we don't give a f*ck. Part 1

Image
  Alfa Bank customers left to fend for themselves #AlfaBankFraud [Originally published as “ Альфа-банк: Спасение утопающих - дело рук самих утопающих? ” here .] (This post was originally written as a comment on a post by Maria Komandnaya here [translated by me here  and here ], but it turned out to be too long for a comment, so I publish it here.)   My friends, I invite you to take a look at the progress made by con artists in their line of work, admittedly a tough row to hoe, and at how effectively Alfa Bank deals with them after what happened to Maria, and to consider what you would have done in my shoes. On 30 June 2020, I got a call on my mobile, whose number is linked to my Alfa Bank account. The caller addressed me by my first name and patronymic, having introduced himself (I only recall his first name and patronymic: Sergey Vladimirovich) as a member of Alfa Bank ’s Financial Monitoring Department, and asked me whether I had made a transfer of 1200-plus ...
Read more