Fraud prevention. In 2013, we achieved the following results in preventing theft of our clients’ funds:
In cooperation with law enforcement agencies, members of two criminal groups were arrested that infected user computers with malicious viruses, including the Carberp trojan;
Fraud attempts worth over RUB 1 bn were detected and prevented at the points of sale that accept bank cards via Sberbank’s payment terminals;
The first mass attacks on Sberbank OnLine mobile app users from mobile viruses were detected and prevented as well as DDoS attacks on our infrastructure from international radical hacker groups;
The loss from skimming operations, worth nearly RUB 5.6 bn, was prevented.
Protecting client personal data.
In 2013, we detected four incidents of disclosing client personal data at Sberbank. All incidents were local in nature and affected an insignificant number of clients. However, we decided to improve the personal data processing policy involving representatives from different departments in its development and expanding it to include a number of additional procedures, designed to protect personal data. In addition, since 2013, regional banks have carried out regular inspections of premises and taken additional measures to protect tangible media.
Licensing, certification, and accreditation of information systems.
In 2013, we carried out mandatory procedures to verify information systems of the subsidiary banks. In particular, we certified information systems in terms of compliance with the information security requirements and obtained certificate of compliance for 20 information facilities.