On the afternoon of May 7, 2014, the SIM card stopped working for the Novosibirsk resident Maxim Erofeenko. In the evening after work, the man drove into the MTS office and received a duplicate SIM card for his phone number.
The next day he went to Sberbank Online and found that 180 thousand rubles had been transferred from his debit card and credit account to various electronic wallets.
“I turned to Sberbank, they told me:“ We will conduct an internal investigation and return everything if we establish that it was indeed a fraudulent scheme, ”Erofeenko recalls.
Maxim went to the police. It turned out that on the afternoon of May 7, a man with a fake power of attorney came to the office of OJSC RTK, which is the official partner of MTS, and received a duplicate SIM card to Erofeenko’s phone number. According to the victim, the perpetrator was not found. The NGS correspondent failed to confirm this information in the press service of the Main Directorate of the Ministry of Internal Affairs for NSO.
Erofeenko filed a claim with the Central Court against Sberbank and MTS. The court found no violations on the part of the bank, but concluded that MTS provided the client with services of inadequate quality. “We have been in litigation with MTS since December 2015,” explained the victim’s lawyer Mikhail Spiridonov. – Only recently, on May 28, we received a decision in our favor. We went through several instances, satisfied the requirements in the Central Court, then refused to appeal, we appealed. On April 26, the Novosibirsk Regional Court satisfied our claim and the decision came into legal force. We haven’t received money from MTS yet, we plan to do it in the near future. The court established that MTS was guilty of unlawful issuance of a SIM card to an unauthorized person, which entailed causing losses. They collected 281,500 rubles from MTS in favor of the subscriber. ”
According to Erofeenko, at the same time he had to sue Sberbank due to the fact that he could not return the money that was stolen from the credit card.
“I had one hundred thousand in my checking account, eighty thousand – this is a credit account,” the victim explained. – Through the bailiffs, my property was arrested, everything in general – a car, an apartment, a salary card, up to a mortgage account. I was almost left without an apartment. As a result, I had to return the money, pay the delay and forfeit. I also have a bad credit history. I just tried to get a loan for the sake of interest – they refused.
The press service of MTS Siberia explained that MTS strictly controls customer identification requirements.
“In this case, when replacing the SIM card, all legal requirements and rules were observed – a passport and power of attorney were presented. It should be noted that replacing a SIM card cannot be the reason for debiting funds from a bank account, since for this it was necessary to have access to the personal account of the bank’s client, which in turn requires knowledge of the login and password of the personal account in the banking application, which cannot be recognized by simply replacing the SIM card. Thus, MTS cannot be held liable for the banking services provided to the subscriber, namely, for the turnover of funds in his bank account. Previously, there were no such incidents in MTS showrooms in Novosibirsk, ”the company explained.
At the same time, MTS stressed that it is possible to counteract this kind of crime thanks to cooperation between credit institutions, telecom operators and law enforcement agencies.
“In addition, we are discussing with market participants the possibility of creating a hotline that will allow banks and telecom operators to effectively interact on the facts of suspicious actions or fraud,” added a company representative.
In Novosibirsk, this is far from the first time when money disappears from the account of a bank client due to a duplicate SIM card. In November 2014, about a million rubles were withdrawn from the city council deputy academician Nikolai Lyakhov – the amount of grants for scientific research. And in October of the same year, from the account of the deputy of the Berdsk City Council Vitaly Shaprana, unknown persons transferred from the card more than four hundred thousand rubles. The bank returned the money to the deputies. The family of pensioner Alexander Skoropupov, who lost 55 thousand rubles, lost the court to Sberbank, but the money was returned with the help of the police, who found scammers. In June 2015, one and a half million from a Sberbank bank card was stolen from a pair of Novosibirsk bloggers Oleg and Anna Chernyakhovsky.
In all cases, the victims’ SIM cards were blocked, fraudsters made duplicates using forged documents and stole money through a mobile bank or the Sberbank Online system.
“In accordance with the terms of banking services, the introduction of a one-time SMS password to confirm transactions sent to the mobile phone number specified at the conclusion of the contract is analogous to the client’s handwritten signature,” the press service of the Siberian branch of Sberbank PJSC explained to the NGS correspondent.
The bank emphasizes that for the safe use of the mobile bank, customers should notify the bank about the change of their phone number, do not click on suspicious links, do not transfer passwords received by SMS messages from the bank to third parties, and block the card if there is a suspicion that the information from the card is available to third parties.
A representative of one of the large Novosibirsk banks, on condition of anonymity, explained to the NGS correspondent that
most large banks understand the risks associated with using a mobile bank and do not allow the user to log into the Internet banking system if a duplicate SIM card has been made.
“If you lost communication on your phone, it is important to inform the bank about it. Unfortunately, many people forget about this, which leads to unpleasant consequences. At Alfa-Bank, when changing a SIM card, a customer identification procedure through a call center is mandatory. Otherwise, it is impossible to enter the mobile bank, ”the press service of Alfa-Bank confirmed this information.
However, the head of the group of companies “Edge of Security” Sergei Goncharov believes that even in this case, fraudsters can gain access to online banks – for this they do not need to know the login and password of the bank’s client, there is enough information written on the card itself, to find it when desire is not difficult.
“And this is a big problem,” the expert is sure. – Banks should strengthen their work with customer identification. For example, you need a digital signature. You cannot perform operations using SMS messages. SMS can only be notified. It is unreliable to perform operations, there is a risk in any case. Take the service of legal entities – the key of electronic signatures works there, which is much more difficult for fraudsters to get to, this is a more reliable technology. And from individuals, banks accept SMS messages as a client’s signature. This is in any case associated with a risk for the client. “
