"We crossed the line when buildings were set on fire": will the new law save Russians' money

"The state in the role of a catch-up"

— The new law provides additional tools to combat telephone and Internet fraud. They should protect citizens, but will it really be possible to change the situation?

Pozharskaya: - Not a single law, even the most thoughtful one, will work if its norms and rules are not observed. Over more than 10 years of working with citizens' requests and combating fraud, I see that our consumers are generally infantile. There are tools for protection, but if they are not used, they will not work on their own. No matter how many new laws are adopted, without the interested participation of the citizens themselves, nothing will change. The new law introduces important restrictions, sets rules for market participants, but without the vigilance of consumers, it will not produce results.

Yanin: - In short: laws are written for "awake" citizens, and in Russia, for the last 20 years, most have been "asleep." Laws are usually passed under pressure from above. Therefore, you should not expect quick and effective results - we have already been through this. Officials report successes, but fraud is only growing. Why? Because in Russia, personal data is easy to steal. There is already a dossier on every active citizen - from how often they get up at night to what applications they use. At the same time, I have never heard of any official being held responsible for a data leak. Fraudsters are always one step ahead of those who write laws. Therefore, people can only rely on themselves: be more careful and use the protective tools offered by providers.

Safiullin: - I will still try to stay positive. Although almost 700 thousand crimes in this area were registered in the first 11 months of last year. In reality, of course, there are more - not everyone goes to the police. Nevertheless, the bill should be welcomed. Yes, it will not come into force immediately, and yes, fraudsters are already studying it and looking for loopholes. But this is not a reason to give up. The law provides for about 30 measures, and gives Russians a chance to show that they can resist fraudsters.

—Why did the law appear now? How large-scale is the problem of telephone and Internet fraud in Russia?

Pozharskaya: - There is no need to even provide statistics here. The line was crossed when fraudsters began not just to deceive, but to force citizens to commit illegal actions using social engineering methods. This became a signal for both legislators and public figures that it was time to take serious measures. Unfortunately, the state is always in the role of a catch-up, and we fight only those tools that are already used by criminals. But the consumer is always the weak side in the market, and the state is obliged to protect his rights. After all, people not only lose money, but also, under pressure, commit acts for which they later bear criminal liability. Their lives are ruined - they lose property, freedom, health ... If steps to protect citizens were taken in time, there would be fewer such cases.

Yanin: - I remember the discussion about the law obliging banks to return funds stolen from cards - it was about 15 years ago. Then everyone turned a blind eye to the situation, and regulators kept saying: "The main thing is not to give out your PIN code." And the fact that money was withdrawn without a PIN code did not bother anyone. The line was crossed when deceived citizens began setting fire to buildings and other crimes that can no longer be ignored. People lost billions - and no one really cared. Why am I skeptical? Because I saw how this happened in other countries where the problem was solved earlier. There, the police really look for stolen money, and the return is tens of percent. Here - 2-3%, no more. If you are robbed by fraudsters, consider that the money is lost. At the same time, fraudsters are constantly improving their methods. Yes, it has become easier to receive services through "Gosuslugi", but security remains at the same level. Fraudsters are now working even with those who have no money - they offer (or rather, force) them to take out a loan and leave them both without money and with a debt. What, did the Bank of Russia only learn about this problem yesterday? Online services are developing, and fraudsters are using them to reach new victims. Fraudsters have already collected data on almost every Russian - unless he lives without a SIM card somewhere in the forest.

Pozharskaya: - By the way, about the forest. You know, there is a hermit Agafya Lykova, who lives without electricity and even without a passport. But she also became a victim of scammers. People came to her, introduced themselves as volunteers, made a film, and then allegedly collected money for her needs. Technology has nothing to do with it - scammers deceive even those who live without phones. Many of our victims say: "We have push-button phones, we are protected." But this is not protection. Trust is the main risk.

"Self-prohibition is not a panacea"

- But measures are being taken, especially recently: both "cooling off periods" for loans and self-imposed bans on loans. Will they really not work?

Yanin : - If we talk about measures, then from September 1, 2025, a "cooling-off period" will be introduced when issuing loans: up to 200 thousand rubles - 4 hours, over 200 thousand - 48 hours. This will give people a chance to come to their senses and cancel the application if the loan was issued by fraudsters. In addition, you can already set limits on account transactions - for example, limit one-time transfers to 30 thousand rubles. This is a good tool. For most citizens, this is a significant amount, and such a measure can really protect against large losses.

- Will the self-prohibition mechanism work? Who will actually use it, and how aware are people of this possibility?

Yanin : - Many have already used the self-prohibition - as far as I understand, we are talking about tens of millions of people. I think that those who wanted to have already done so. I really hope that banks will connect the self-prohibition to their systems to automatically offer it when applying for a new loan. For example, you come to the bank, sign a contract, and in small print they offer you to tick the box: "Do you want to self-prohibit until the loan is repaid?" If this becomes the norm, the measure will cover a significant part of the population. Moreover, market participants are interested in the client not going broke, but continuing to pay. Such a mechanism of conditional consent of the borrower could further increase the number of those who take advantage of it. I think there is potential for this, especially if adult children begin to convince elderly parents to issue a ban to protect them from financial losses. This is a good measure, but it is not a panacea - it will not completely protect against fraud.

Pozharskaya : - The idea of ​​voluntary self-prohibition appeared back in 2020. Then, after the pandemic quarantine, people began to use deliveries en masse and link cards to marketplaces - we already recorded a surge in fraud. We suggested starting with protecting the most vulnerable - the elderly, for example, giving them the ability to disable unused card functions. We discussed this with the Bank of Russia, the Ministry of Finance, and telecom operators. The Central Bank was skeptical at first, but the mechanism worked, and we got it going.

A new initiative is already being discussed - the ability to appoint a trusted person who will not be able to spend money, but will be able to authorize transactions. Millions have already used self-prohibition, but there are those who are afraid - they think it is difficult. Of course, this tool will not solve the problem completely. Banks do not disclose data on the number of blocked fraudulent transactions - this is closed information of their anti-fraud systems.

The problem is huge: losses from fraudsters amount to trillions of rubles, and banks, according to various estimates, prevent thefts of 150-200 billion rubles per year. I would like the ratio to be better. New tools - self-prohibitions and other measures - are needed to protect people before the money leaves the bank. Then it is almost impossible to get it back - especially if it went abroad or was transferred to cryptocurrency. The law enforcement system is still poorly coping - there are not enough personnel and technical resources for this kind of investigation.

Safiullin : - The figure of 10 million self-prohibitions has already been reached, and perhaps it will not grow so quickly. Moreover, fraudsters have already learned to manipulate this tool: they call people and "correct" their self-prohibitions. But I believe that this tool has a future. I was recently in China - biometrics are actively used here. People are not afraid of it: without it, you can't get on a bus or ride the metro. Yes, we have concerns about data leaks, and there have been cases in Russia. But biometrics will still develop, and I believe that there is no need to be afraid of it, the main thing is to ensure data protection.

Yanin : - Yes, biometrics are the future, and we have no choice: personal data leaks are already occurring in large volumes, especially from government agencies. And there will only be more... But there are also simple measures. For example, it is possible to legally prohibit issuing microloans to those who receive social benefits - pensioners, low-income people. After all, it is they who are most often signed up for microloans by fraudsters. In international practice, this is a common measure. If such bans are introduced, we will be able to protect at least the most vulnerable part of the population. Although only individual cases of multi-million dollar scams are known, the average theft is now about 20 thousand rubles: this is what a person has in their account plus some small loan. It is necessary to limit fraudsters' access to these tools and, at the same time, develop other methods of protection.

"The basic rule is don't trust anyone"

- Another direction of the fight against fraudsters is restrictions on the registration of SIM cards. It is assumed that citizens of the Russian Federation will be able to have no more than 20 SIM cards, and foreigners - up to 10. Will this help?

Yanin : - There are also measures to limit the circulation of SIM cards. We are talking about a ban on issuing "gray" SIM cards. For an ordinary person, 3-5 cards per family is quite enough. On average, there are about five SIM cards per household, and if someone else has connected a gate or an alarm system - well, let it be 10. This is a reasonable limit.

Pozharskaya : - Small mobile operators are now surviving as best they can - they rent towers, and this is expensive. Therefore, many of them sell SIM cards "in the grey". There is also the problem of inactive SIM cards: the number remains in the operator's database, even if the client has long since stopped using it and has not closed the contract. Fraudsters buy such numbers through insiders - "moles" inside the operators - and gain access to accounts in social networks, State Services, mail.

And the operators' employees are ordinary guys and girls who are paid little, and they do not always check documents, sometimes even sell packs of SIM cards using photocopies without photos. There were cases when fraudsters issued a duplicate SIM card for a deceased person and withdrew all the money from his accounts. Therefore, restrictions on the registration of SIM cards are a necessary measure. And I completely agree: for an ordinary city family, 10 SIM cards are more than enough.

– What measures do you consider most effective against this epidemic of fraud?

Safiullin : - I hope that with the introduction of the digital ruble, each transaction will become transparent, and fraud will be greatly reduced. This will make it easier to receive social guarantees and control by the state. In addition, modern technologies are important: artificial intelligence and biometrics. For example, in China, 80% of transactions are already carried out through local payment platforms without bank cards - only by biometrics. So the future is in technology. They will defeat fraudsters. And, of course, financial literacy and digital vigilance are needed.

Yanin : - And I would remind you of a simple rule - you shouldn't answer incoming calls from unknown numbers at all. That's the main thing. You shouldn't talk to anyone on the phone - not to "prosecutors", not to "investigators", not to "banks". These are all traps.

Therefore, we actively protect ourselves: we set limits on cards, introduce self-prohibition on receiving loans. We ignore any "winnings", "surveys" and "unique goods at a low price". Even the free cheese in a mousetrap has become worse in quality. We do not trust anyone who calls or writes with offers - this is basic cyber hygiene.

Pozharskaya : - The first rule is to always remember that there have been and will be scammers. Vigilance is the key factor of protection. The second is to always check the information: stop, think, double-check.

As for biometrics, yes, it is promising, but deepfake technologies are developing so quickly that today “your friend” can call you via video link and ask you to transfer money. Therefore, you should always be on guard and use all available means of protection.

And another important point: do not post too much information about yourself on social networks. Most of the data for scammers is taken from there. You need to limit the circle of people who can see your information, and clearly distinguish between those you trust and those you do not.