A fraudulent way to withdraw money through the SBP was named

As explained to the publication by a source familiar with the situation, the attacker obtained customer account data through a vulnerability in one of the banking systems.

Then he launched the mobile application in debug mode, logged in as a real client, sent a request to transfer funds to another bank, but before making the transfer, instead of his account of the sender of funds, he indicated the account number of another client of this bank.

RBS (remote banking), without checking whether the specified account belongs to the sender, sent a command to the SBP to transfer funds, which she carried out.

The Central Bank stated that "the problem was identified in the software of one bank (mobile application and remote banking system) and was of a short-term nature."

It is noted that the problem was promptly eliminated.

The Central Bank stressed that the SBP itself is reliably protected and the vulnerability did not relate to the system software.

Earlier it was reported that the function of transferring funds by phone number may appear in ATMs of some Russian banks. According to Izvestia newspaper, in 2020 VTB Bank intends to provide customers with the opportunity to transfer money through an ATM using the fast payment system (FPS). The service is only planned, so it is too early to talk about tariffs for the service, said a bank representative.

Transfers by phone number using SBP in Rosbank ATMs will become available to customers in the short term, Vladimir Korobov, director of the department for development and efficiency of retail business of the credit institution, confirmed.

The new SBP service is also being studied at Dom.RF Bank, said its representative. He noted that the planned launch date for the functionality is early 2021.

Ak Bars Bank is also ready to consider the implementation of the service in ATM.

Several banks reported that they do not intend to introduce the SBP functionality in ATMs. In particular, PSB explained this by a low demand from customers, and UBRD said that such transfers are easy to make using a mobile device, so a large demand for transfers via ATM is not expected.