Recommendations to banks and the FLN: how to prevent the leakage of customer data by e-mail

The Bank of Russia issued recommendations for banks and non-Bank financial organizations (NFO) on how to check if your email address is the customer to whom they send a letter with confidential information (e.g., information about executed payments, account statements, electronic insurance policies, and so on). This is stated in the information letter of the regulator to the credit and non-credit financial institutions.

Such inspections will help to counteract the schemes in which fraudsters use “captured” or invalid e-mail addresses of real customers, such as forgery of payment orders or information theft. Also it will prevent accidental getting of unauthorized people the confidential information of Bank customers and the FLN.

First of all, the banks and the FLN, it is recommended to check whether stored in their database, the phone number belongs to the client, who is going to send a message, as well as to make sure that the email address where you want to send a message that is not duplicated with the addresses of other clients. It then offers to send the customer to the email address a unique link for verification and an SMS with a password, giving the opportunity to go to this link. An additional measure which will protect information from automated systems of brute force or numbers, is the graphic code.

The recommendations of the Bank of Russia will allow credit and non-credit financial organizations to increase the security of customers ‘ personal data and the safety of their funds.

14 Feb 2020