Amendments to the Regulation “On Minimum Requirements for Managing Operational Risks in Commercial Banks of the Kyrgyz Republic” have been proposed and submitted for public discussion.
According to the proposed changes, banks will be required to implement systems to counteract internet fraud. These systems will monitor every transaction and assess the presence of suspicious circumstances. As a result, the system must assign one of three risk levels to each financial operation:
- Low Risk: The transaction is safe.
- Medium Risk: The operation is suspicious and may be fraudulent.
- High Risk: The operation is fraudulent.
If suspicions arise, bank employees must immediately verify the transaction either automatically or manually. Following the verification, the bank is required to contact the client and confirm that the operation was intentional and free of fraudulent intent.
The transaction will be suspended until such confirmation is received.
When Is Fraud Risk Assessed?
- Issuance of loans.
- Use of electronic QR codes.
- Transfers within the bank and between banks.
- Use of Gross/Clearing systems.
- International transfers (SWIFT and other international transfer systems).
- Cash withdrawals.
- Payments via POS terminals.
- Transfers to crypto wallets and accounts on foreign cryptocurrency exchanges.
- Loan repayments from unusual sources for the user.
- Use of prepaid cards for purchases of goods and services.
- Fund deposits via cash-in devices.
- Transactions using virtual cards.
- Transfers to accounts of online casinos, gaming services, and betting sites.
- Operations defined by the bank under its internal fraud prevention policy.
Factors Used to Assess Fraud Risk
- A sudden increase in the number of transactions.
- A sharp rise in the activity of a group of clients performing similar transactions.
- Payments in categories of goods/services unusual for the client.
- Unusual geographic location (IP address), registration from a new mobile device, use of VPN or proxy servers.
- Transactions conducted at abnormal times (unusual time of day or day of the week for the client).
- Multiple unsuccessful login attempts.
- Frequent changes in contact information, especially before significant transactions.
- Alignment with known fraudulent schemes.
- Frequent reversals or cancellations of transactions.
- Transfers to accounts of suspicious recipients.
- Distribution of funds to a large number of recipients.
- Account replenishment from atypical sources for the client.
- Frequent changes of linked payment cards or accounts.
- Use of new authorization methods or atypical login methods.
- Discrepancies in profile data (e.g., unemployed status or homemaker profile) with the frequency and amounts of transactions.
- Client participation in splitting or pooling funds, followed by transfers to other accounts.
Internet Fraud Statistics
According to the National Bank, the institution receives up to 500 complaints from victims each month. Most complainants report that internet fraudsters took out online loans in their name. In September, 200 individuals contacted the National Bank in a single day with such issues.
The Ministry of Internal Affairs received 77 complaints in one month, with victims reporting losses of 43 million Kyrgyz soms due to internet fraud.
Don’t Fall for Scammers’ Tricks!
- Do not click on suspicious links!
- Protect your personal data!
