Alfa Bank: green light for fraudsters? Part 1

 


This is the next instalment in my series of posts about fraudulent withdrawal of RUR176k from my Alfa savings account in the Alfa Bank mobile app through the Fast Payment System of the Bank of Russia. It was originally published in Russian as "Альфа-банк - «зеленая улица» для мошенников?" here. My last post is here.

This is also my first attempt at determining the extent of Alfa Bank's responsibility for what transpired. This post focuses on the technical aspect of Alfa Bank's giving the green light to fraudsters.

As Alfa Bank claims on its website,

“The current functionality and capabilities of the fraud monitoring system make it possible to keep fraudulent transactions to a minimum.

Alfa Bank provides a three-tier system for fraud prevention, monitoring and risk management:

• a fraud prevention system that uses multivariate filters to stop obvious frauds;

• a system for monitoring high-risk transactions on the side of the payment gateway with online access for a company employee. The system can be configured remotely, incl. by the company's employee, and makes it possible to quickly identify and analyse high-risk transactions based on a variety of the order's parameters;

• a system for monitoring high-risk transactions on Alfa Bank's side to identify high-risk transactions based on analysis of the transaction profile”.

My account history should have given Alfa Bank's anti-fraud system every reason to flag the transactions being set up as suspicious. For a year and a half, I only made transfers using two templates: to my savings account with Alfa Bank in the amount of RUR10k once a month and to my wife's checking account with Alfa Bank now and again, each usually 20k, as templated. In this case, however, my Alfa account was nearly emptied, with two funds transfers made, each RUR88k exactly, to two different payees – and it all took place in the space of 10 minutes. OK, I accept that the first transfer could have slipped under the radar, but how could the second?

Alfa Bank's mobile app called “Alfa Mobile” is promoted as “The easiest and safest way to access your accounts and cards”.

In point of fact, however, the Alfa Mobile app has been hacked or compromised. It displayed all fake attempts to debit my accounts that the swindlers talked about, as I described in my first post on the subject, which is what eventually persuaded me that what was happening was real and posed a clear and present threat to my savings. But for this, I would never have fallen for the scammers' ploys.

It appears to be clear that, in view of such straightforward and unimpeded fraudulent debiting of an Alfa Bank account as happened in my case, Alfa Bank's vaunted fraud monitoring system failed completely, which is evidence either of false advertising or of yawning gaps in Alfa Bank's security arrangements, and in particular the leak of Alfa Bank's customer database, which will be covered in my next post. #AlfaBankFraud

Comments

Popular posts from this blog

Alfa Bank (Russia) in bed with con artists?

RF CB FPS: the choice of fraudsters

Alfa Bank (Russia): Sink or swim - we don't give a f*ck. Part 1