Recently, fraudulent groups have become a lot more active in Kazakhstan, victims of which are cardholders. The most common fraud scenario is related to illegal collection of personal data, payment card details, codes and passwords over the phone when a fraudster presents himself to a potential victim as a bank employee and tries to find out the data for conducting online transactions on accounts.

In order to prevent fraud, the Association of Financiers of Kazakhstan (the AFK), as well as Altyn Bank, ForteBank, Halyk Bank, Jýsan Bank, Kaspi.kz, Nurbank, Alfa Bank Kazakhstan, VTB Bank (Kazakhstan), Eurasian Bank, Sberbank of Kazakhstan, Home Credit Bank, CenterCredit Bank strongly recommend that the following security measures be followed:

1. Do not tell anyone the code (password) from a text message, including the person who introduced himself as a bank employee.

2. Do not connect someone else’s mobile phone number as a trusted number (including via an ATM).

3. Do not tell anyone the details of your payment card: number, expiration date and CVV/CVC (3-digit code on the back of the card). Do not post your card details on the Internet and do not forward them in instant messengers.

4. If you receive suspicious in-coming calls (even from numbers similar to the Bank Contact Center numbers), you should immediately interrupt the conversation and inform about the incident calling at the phone number provided on the back of the Bank payment card.

In case of transfer of the card details and SMS codes to the third party, theft of funds may occur.

“A card is a secure payment tool with many degrees of protection, which are constantly being improved and allow you to remotely manage your funds”, says Konstantin Pak, Director of the AFC Center for Financial Technologies and Innovations. “It should be remembered that the Bank’s protection of the customer is effective until the moment the customer discloses his confidential info (personal passwords, codes, etc.). Scammers know this and therefore their actions are aimed exclusively at cardholders in order to gain confidence in them and find out card details and info required for making payments and transfers. Stay alert and keep all your data private. Your SMS codes are the keys to your money.”

More detailed safety measures can be found at the websites of financial institutions or the AFK website, where customer notes are posted.

The most frequently fraud schemes used by cybercriminals:

1. False Bank Employee.

A potential victim receives a call (from a number similar to the Bank Contact Center number), the attacker appears to be a Contact Center employee or a Bank Security Service employee and reports on an unauthorized transaction carried out with a payment card. To cancel the transaction, the fraudster offers to inform the details of the payment card (number, expiration date, CVV/CVC code and codes from a text message). A real Bank employee never requests this information (he needs only the full name, date of birth and the code word provided in the contract when issuing the card account).

A similar scheme is used in social networks (for example, VK, Facebook), where banks maintain their official pages. Fraudsters fake a page, contact a potential victim, pose as Bank employees, and ask to provide the card info.

2. Advertisement for sale of property (apartments, cars, etc.).

By the advertisement for sale of property (apartment, car, furniture, clothes, etc.), a fraudster calls who says that he is ready to make an advance payment to the card and asks the seller to provide the card details (number, expiration date, CVV/CVC code), codes from a text message received to the seller’s mobile phone.

3. Paid surveys.

In social networks, fraudsters on behalf of the Bank create a page with an offer to take a survey and get a reward for this. The victim is required to follow a fraudulent link, answer questions and make the so-called “fixing payment” from his card, allegedly to receive a reward (cash prize). The victim provides the details of his payment card, sends the money to the fraudsters’ card or electronic wallet, and gets nothing in return.

4. Fake broker.

Today, there are quite a few proposals on the Internet about the possibility of generating large incomes from trading binary options or trading on the FOREX stock exchange. A significant part of such websites does not actually provide brokerage services.

A potential victim is registered on the broker’s fraudulent website, opens a personal account and leaves his contacts. After that, a fraudster contacts the victim and convinces him to replenish the account in his personal profile to start trading. After the customer transfers the money to the account in his personal profile, the attackers withdraw it to their account.