Antifraud. Law. Cellular: my questions
Recently, often faced with antifraud solutions. They are not only in banks and EPS (electronic payment systems), but, say, and in:
Interestingly, some of the most prominent and major players in the market — the cellular operators — do not actually have antifraud solutions.
More precisely, since 2012, many of them have introduced antifraud solutions to prevent annoying advertising mailings: someone implemented it a little better, someone a little worse, but on the whole, spam traffic fell twice in the first month of entering filters.
')
But in Russia, the charges of a new misfortune - the illegal replacement of sim cards to which Sberbank is tied, as a rule, are not ceased to beat, a little less often - EPS, even less - other fin. institutions.
Today, I was able to analyze a little more than 100 decisions and about 2000 complaints from open sources on different OSS (for some reason, they are sometimes reduced as OpSoCy).
Below I would like to convey to the staff of these very OSS that, in general, there are legally established requirements for the provision of Safe (yes, just like that - with a capital letter) and Quality Service. In addition, the operator is often obliged to imperatively recheck subscriber data in the event that the agent processes the primary information.
For example:
What in my opinion can be implemented and relatively simple?
1. What OSS do when they take roaming charges from subscribers, that is, determine the location of the client . When can this be needed? For example, when a SIM card is tried to be replaced in one city, and the subscriber is in another. Say, the subscriber is at 20.00 in Irkutsk, and at 20.15 comes to the office in the city of Taishet (distance - more than 600 km) - it looks a bit strange, isn’t it? The most strange thing is that it absolutely does not bother the OSS and their employees. And yes: the thesis that “we do not have the right to monitor subscribers” - does not take a soul, I confess honestly: are roaming and similar services implemented? This means that it is possible for customers to work in the same direction. By the way, on Habré you can immediately read how not to tune antifraud solutions in geography .
2. Recently, many, but not all, began to send out “Last hope SMS”, that is, when replacing a SIM with a number where this very SIM is changed, an SMS comes with the text following the example: “Uv. Subscriber! Currently, a SIM card is being replaced, if it is not you, contact us. ” The problem is that these SMS can come at the wrong time; or in a place where even SMS does not reach; or SMS can be noticed too late (for example, a person went to the store and left the phone at home - how many reasons could there be?). And yet, even this, impossibly banal, method helps in many cases. What else to add? For example, if a person has several SIM cards, you can send notifications to each (say, in a modem or tablet), and also, if technically possible, contact them to verify identity. Yes, it will cost operators 10-15 seconds to communicate and some incredible money to send SMS, but this is what the law requires, gentlemen.
4. The easiest and most common way of “hacking” is when a SIM is changed to a front person (by proxy, using a “temporary ID”, etc.), and then immediately begin to search for services that can be connected: 900 - Sberbank , 7494 - Qiwi and so on. Of course, the Mobile Payment service is used (debited, say, from Qiwi to the balance, then from the balance to the virtual card). Therefore, the mail.ru filter (yandex? Is a good post, but I could not find it) is very well suited to Habré: if a person did not use a mobile payment, but he also had a ban on paid content, and then “suddenly” after replacing SIM cards, I began to sharply cash money from various sources - it's time to call him and clarify the information, at least a code word, and better - something more original. This again takes time OSS, but believe me, otherwise they all spend one thing in the endless courts and state. bodies, responding to numerous claims and complaints of angry customers.
5. Another simple filter is learning : you can identify the main patterns and tell employees about them (just like OSS teach the same employees in their stores to trade).
For example: if a person comes to the communications salon just before closing, with a temporary ID / power of attorney and asks to “immediately change the SIM card”, it is not necessary to refuse to provide this absolutely important service, but you can be extremely vigilant: ask to fill out an application for replace sim; open the provided document (power of attorney); send "SMS last hope" is mandatory until the moment of sim replacement; check photo
By the way, you may not believe, but most OSS still do not have such a function: in the sense of when you enter into an agreement and then - when you pay a lot and spend a lot of time in the office, they can take your photo, but in 90% of cases when replacing sim the fraudster will not even look at him. Yes, it is expensive again. Sure - it's expensive.
In general, to be honest (not as an it-lawyer, but as an ordinary user): OSS just amaze me with impossibility!
Receiving, in general, quite good profits and making quite smart turns, having a partnership with different IT companies and introducing quite interesting features in services, they are still not ready to fork out for a good antifraud. And most of all, it is surprising that this is not somebody's whim - but the requirement of the legislation (by the way, to the above, I would look at the Federal Law “On Counteraction ...” and the Federal Law “On Licensing ...” at the goals of these laws in the first place).
Perhaps now the habro-resident will tell me: “why all this on such an advanced resource as Habrahabr?”
I answer: there are three tasks:
From observations:
Why do I need this? The topic is painfully acute. Quite a lot of calls. I would appreciate any help.
And yes, one more, the last for today, appeal to the OSS: in your hands - contractual relations with banks. At least the largest and most technologically advanced. It is not difficult: not at all difficult - to notify when replacing the SIM for additional checks. However, the whole question: who needs it?
PS And yes - OSS is still far from facing the client .
- Taxi services like Uber, Maxim, Yandex.Taxi, etc .;
- Mail services;
- Online stores;
- Logistics companies ...
Interestingly, some of the most prominent and major players in the market — the cellular operators — do not actually have antifraud solutions.
More precisely, since 2012, many of them have introduced antifraud solutions to prevent annoying advertising mailings: someone implemented it a little better, someone a little worse, but on the whole, spam traffic fell twice in the first month of entering filters.
')
But in Russia, the charges of a new misfortune - the illegal replacement of sim cards to which Sberbank is tied, as a rule, are not ceased to beat, a little less often - EPS, even less - other fin. institutions.
Today, I was able to analyze a little more than 100 decisions and about 2000 complaints from open sources on different OSS (for some reason, they are sometimes reduced as OpSoCy).
Below I would like to convey to the staff of these very OSS that, in general, there are legally established requirements for the provision of Safe (yes, just like that - with a capital letter) and Quality Service. In addition, the operator is often obliged to imperatively recheck subscriber data in the event that the agent processes the primary information.
For example:
- Art. 4 and 7 of the Consumer Protection Act (RFP);
- Art. 44 of the Federal Law "On Communications"
- p. 53 of the Decree of the Government of the Russian Federation "On the procedure for the provision of telephone services";
- Art. 19 of the Federal Law "On Personal Data" ... etc.
What in my opinion can be implemented and relatively simple?
1. What OSS do when they take roaming charges from subscribers, that is, determine the location of the client . When can this be needed? For example, when a SIM card is tried to be replaced in one city, and the subscriber is in another. Say, the subscriber is at 20.00 in Irkutsk, and at 20.15 comes to the office in the city of Taishet (distance - more than 600 km) - it looks a bit strange, isn’t it? The most strange thing is that it absolutely does not bother the OSS and their employees. And yes: the thesis that “we do not have the right to monitor subscribers” - does not take a soul, I confess honestly: are roaming and similar services implemented? This means that it is possible for customers to work in the same direction. By the way, on Habré you can immediately read how not to tune antifraud solutions in geography .
2. Recently, many, but not all, began to send out “Last hope SMS”, that is, when replacing a SIM with a number where this very SIM is changed, an SMS comes with the text following the example: “Uv. Subscriber! Currently, a SIM card is being replaced, if it is not you, contact us. ” The problem is that these SMS can come at the wrong time; or in a place where even SMS does not reach; or SMS can be noticed too late (for example, a person went to the store and left the phone at home - how many reasons could there be?). And yet, even this, impossibly banal, method helps in many cases. What else to add? For example, if a person has several SIM cards, you can send notifications to each (say, in a modem or tablet), and also, if technically possible, contact them to verify identity. Yes, it will cost operators 10-15 seconds to communicate and some incredible money to send SMS, but this is what the law requires, gentlemen.
4. The easiest and most common way of “hacking” is when a SIM is changed to a front person (by proxy, using a “temporary ID”, etc.), and then immediately begin to search for services that can be connected: 900 - Sberbank , 7494 - Qiwi and so on. Of course, the Mobile Payment service is used (debited, say, from Qiwi to the balance, then from the balance to the virtual card). Therefore, the mail.ru filter (yandex? Is a good post, but I could not find it) is very well suited to Habré: if a person did not use a mobile payment, but he also had a ban on paid content, and then “suddenly” after replacing SIM cards, I began to sharply cash money from various sources - it's time to call him and clarify the information, at least a code word, and better - something more original. This again takes time OSS, but believe me, otherwise they all spend one thing in the endless courts and state. bodies, responding to numerous claims and complaints of angry customers.
5. Another simple filter is learning : you can identify the main patterns and tell employees about them (just like OSS teach the same employees in their stores to trade).
For example: if a person comes to the communications salon just before closing, with a temporary ID / power of attorney and asks to “immediately change the SIM card”, it is not necessary to refuse to provide this absolutely important service, but you can be extremely vigilant: ask to fill out an application for replace sim; open the provided document (power of attorney); send "SMS last hope" is mandatory until the moment of sim replacement; check photo
By the way, you may not believe, but most OSS still do not have such a function: in the sense of when you enter into an agreement and then - when you pay a lot and spend a lot of time in the office, they can take your photo, but in 90% of cases when replacing sim the fraudster will not even look at him. Yes, it is expensive again. Sure - it's expensive.
In general, to be honest (not as an it-lawyer, but as an ordinary user): OSS just amaze me with impossibility!
Receiving, in general, quite good profits and making quite smart turns, having a partnership with different IT companies and introducing quite interesting features in services, they are still not ready to fork out for a good antifraud. And most of all, it is surprising that this is not somebody's whim - but the requirement of the legislation (by the way, to the above, I would look at the Federal Law “On Counteraction ...” and the Federal Law “On Licensing ...” at the goals of these laws in the first place).
Perhaps now the habro-resident will tell me: “why all this on such an advanced resource as Habrahabr?”
I answer: there are three tasks:
- To convey to possible employees of the OSS that their customers are tired of the carelessness that is happening in the field of sim replacement (I do not believe corporations, but I believe in specific people);
- Hearing add-ons from different users - what can be done “simply and relatively quickly” to solve the existing problems;
- Finally, to give food for the mind to those who are looking for an idea for a startup: believe me, in this area of ​​ideas there is the ocean and another half a cup.
From observations:
- Tinkoff did a good bank (I don’t know just how?): When replacing, you now have to call and additionally confirm that “you are you”;
- According to one of the users of Habr - Megaphone implemented a super-simple, but in its own way reliable functionality: replaced with a sim? No SMS 3 days! Who can confirm?
- Sberbank application has not been working for quite some time when replacing a SIM, but this solution, as I understand it, is far from the level of cooperation between the Security Council and the OSS. Similarly, Alpha.
- Further - I am waiting for examples from you, readers.
Why do I need this? The topic is painfully acute. Quite a lot of calls. I would appreciate any help.
And yes, one more, the last for today, appeal to the OSS: in your hands - contractual relations with banks. At least the largest and most technologically advanced. It is not difficult: not at all difficult - to notify when replacing the SIM for additional checks. However, the whole question: who needs it?
PS And yes - OSS is still far from facing the client .
Source: https://habr.com/ru/post/326336/
All Articles