Ensuring security

To ensure the privacy and security of personal data and clients’ funds we take organisational and technical measures covering all service channels (face-to-face as well as remote). In 2014, we achieved the following results in fighting fraud at Sberbank:

  • 71 attempts of theft of corporate funds and 87,000 attempts of theft of individuals’ funds were prevented and the amount of prevented damage equals to RUB 2.9 bn;
  • in cooperation with law enforcement authorities Sberbank suppressed the activity of some cybercriminal groups that made mass attacks on Sberbank clients’ funds; the criminals were arrested and prosecuted;
  • attempts of fraud for a total of RUB 0.8 bn were detected and prevented in trade outlets that accept credit cards for payment through payment terminals of Sberbank.

Antiskimming measures

Due to an increasing number of self-service machines we focus on antiskimming measures. During the year we were implementing our preplanned technical security for self-service machines against skimming. We installed more than 13,000 sets of active antiskimming equipment and developed a system of interaction among Sberbank branches to be used while checking reports of suspected skimming. As a result, 702 cases of possible skimming were prevented, 142 sets of skimming equipment were confiscated and about RUB 4.7 bn of financial damage was avoided.

We also continued to work on raising the level of security of our information systems to protect the personal data of our clients. In particular, Data Leak/Loss Prevention (DLP) system was introduced in 2014 and a certification audit of the main processing centre of Sberbank was conducted to comply with the international safety standards of the payment card industry PCI DSS.

Subsidiary banks and affiliated companies of the Group implemented the following measures in order to secure clients’ personal data in 2014:

  • Cetelem Bank implemented access control systems on the bank premises, limiting employee access to the premises where customer information is processed and stored, and obtained a licence to work with cryptography;
  • BPS-Sberbank replaced magnetic strip cards with cards with EMV standard chip cards and activated a secured payments service via Verified by Visa and MasterCard Secure Code;
  • Sberbank Kazakhstan modernised its surveillance system in the cashier’s offices (in particular, the archiving period was increased and the quality of recording was improved) and opened a centre for monitoring technical security systems (fire and emergency alarm);
  • Yandex.Money was audited according to PCI DSS, improved the procedure for fighting fishing and introduced a 24-hour surveillance system in its offices;
  • DenizBank was certified in accordance with ISO 27001, ISAE 3402, and COBIT standards, and others.