Security of banking operations

Sberbank pays a great deal of attention to economic and information security as well as the provision of security (confidentiality) for its clients.

Economic security

325 attempts to use forged ID documents were prevented during the reporting period (a year earlier, 100 such cases were prevented). Sberbank has introduced a monitoring system to detect the insertion of fake banknotes in the Bank’s self-service terminals. With active assistance from the of economic security divisions, the police detained 16 persons involved in such an offense. Sberbank also contributes to the introduction of changes in the legislation for the criminalization of illegal use of composite and fake banknotes by including the new Article 186.1 in the RF Criminal Code. The existing fraud detection procedure “Red button–Ar” helped prevent the issue of RUB 10.3 bln loans to corporate clients using forged documents.

In the process of concluding and monitoring acquiring contracts, the security subdivisions have automated and made uniform the security checks of sales and service sites and points of service.

Information security

As part of the fight against fraud, Sberbank’s security subdivisions collaborated with law enforcement authorities to put an end to the activity of nine cybercriminal groups, which launched mass attacks against Sberbank clients. Detained and prosecuted over 80 persons, and prevented the posting of more than 1 mln suspicious transactions with potential damages of over RUB 17.9 bln. In addition, fraud attempts at points of sale served by Sberbank in the amount of nearly RUB 6.0 bln were detected and averted. Sberbank will continue its operations on the introduction of modern cross-channel systems of fraud detection and new security systems for remote client service channels, which help provide clients with secure, fully functional, and convenient services on mobile platforms.

Guarantee of client data confidentiality

Sberbank ensures the inviolability of client personal data as part of the framework of the unified, complete system of organizational/technical and legal measures aimed at the protection of information with due account for the requirements of Russian legislation on personal data and the protection of information.

The systems of protection of personal client data and information security of Sberbank underwent improvements during the reporting period in line with the requirements of the international and national standards of information security as well as the top world practices.

A review and assessment of actual threats to the security of personal data have been performed, and the designed Model of threats to the security of personal data in Sberbank’s information systems was agreed with the Federal service for technical and export control of Russia.

The security of Sberbank’s automated systems underwent evaluation in accordance with the established levels of personal data security in the course of the development and commissioning of automated systems as part of the framework of delivery acceptance testing.

A training course on the procedure of procession and protection of personal data was designed for the purpose of expanding Sberbank’s employees’ practical knowledge and reducing risks related to the violation of procedures on the processing and protection of personal data.