Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
alotofQ2021-11-14 21:35:42
Internet banking
alotofQ, 2021-11-14 21:35:42

Is there a hole in the interbank system of fast payments (FPS)?

My wife and I are clients of Tinkoff Bank and VTB. Today I transferred some money from Tinkoff to Tinkoff to her. The transfer was made by phone number, selecting a number marked as "Tinkoffsky" in the mobile application. The transfer was successful.
At the same moment, she received an SMS from VTB stating that a transfer had been made to her, but VTB Bank could not credit it.
To which she said: - "Now I'm sure that I receive such a message from VTB every time you make a transfer from Tinkoff to Tinkoff for me."
I triggered.
I checked several recent translations. The date and time of the transfer from Tinkoff to Tinkov coincides with the date and time of the SMS from VTB.
It turns out that VTB is aware that I am making internal transfers in another bank? They do not write the amount or any other details in SMS, but it is not a fact that a third-party bank does not know about the internal movement of funds in another bank.
He wrote in support of Tinkoff on his own behalf, like, "what the hell are you doing, they crept up behind you and hooligans? But only VTB knows, or all the other 100,500 Russian (and not only) banks too? Do the scammers know too?"
At first, support was smeared that everything was in order with their security, the data did not leave the bank and offered to contact VTB (!?!?! what!?!?), after which they were hit on the head with a couple of screenshots - my transfers and SMS from VTB that match in time. As a result, along the way, I reached the security officer, and they assured me that in a couple of days they would provide an answer about the reasons for the data leak (at least the fact and moment of the transfer became known to the third-party bank).
I wrote from my wife's phone in support of VTB. He did not explain the whole situation, but simply asked what kind of SMS this came and why. They offered to connect the SBP (they are connected in Tinkoff, but not in VTB). They also said that the bank does not know the details of the transfer, since the transfer did not go through. Darkness. They suggest to go to the branch and find out the information there. Rude, in short.
Is VTB lying about not knowing the details of the transfer? That is, they heard that someone wants to transfer money to their client, but they don’t know who? I do not believe in this. They know the details, and their system did not filter the translation correctly and instead of silence, they sent a notification about the failed translation.
How did VTB even learn about the transfer that took place in another bank between clients of this other bank?
Which system has a hole, or who has too pancake hands and a stupid head?
I understand that the secret services and the tax authorities have access (albeit at the request of the court) to the SBP (is it generally a single system? state?), but why does one bank have access to information about internal transfers in another bank?
Whose cant? Does it make sense to bring the case to the courts?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

5 answer(s)
Report
V
Vladimir Dementiev, 2021-11-14
@alotofQ

I participated in the implementation of the SBP for VTB Bank. In short, all SBP transfers go through the NSPK system. And she, by phone number, is looking for a client in the recipient's bank you specified. Probably the jamb is there.

Report
S
sanchez1408, 2021-11-15
@sanchez1408

In fact, 99% of things happen like this.
Because in Tinkoff, the form of transfer by phone number is general, then when you enter a phone number, Tinkoff automatically makes SBP requests to banks connected to the SBP in the background, this is necessary to display banks in the Tinkoff interface in which the recipient's client still has accounts.
And according to the requirements of the NSPK, if there is an attempt to transfer to a bank that is connected to the SBP, but the client has not given his consent to receive transfers within the framework of the SBP, the recipient bank must notify the client (not all banks follow this requirement - the example of Sberbank) that he was tried make a transfer and he needs to "connect the SBP".
Therefore, if you look for the guilty, then the problem is rather in Tinkoff, that he is trying to provide customer service, contrary to the recommendations / requirements of the NSPK, and makes background requests.
VTB does everything honestly here.

Report
E
Evgeny Koryakin, 2021-11-15
@zettend

SBP is an independent system from any bank. The bank processes the request from the SBP only when it comes from the SBP. If there is any failure, then it can be caused exclusively by the SBP itself.
And I honestly don't understand why you're so surprised. Neither our state, nor the special services, nor the banks themselves have ever hidden the lack of security and privacy of payments. We are often told almost literally "we know how much money you have, where and how much you send it."

Report
P
Puma Thailand, 2021-11-16
@opium

If you make a payment via SBP, then there is just a request to the SBP where a list of all banks associated with the number is taken and they receive information that there is some kind of payment and notify that they could not and connect the SBP.
It is logical to transfer within the bank only by account number or card number. And once again in SBP do not burn

Report
R
ravencrow, 2022-04-14
@ravencrow

There is a hole in the banks and apparently not small. There was a case with me. I applied for an Alfa-Bank card for the first time and literally the next day some people who introduced themselves as Alfa-Bank employees started calling me, called me by my first name and patronymic, said that there was a request for a loan for a tidy sum to my account at Alfa-Bank, and asked do I approve the operation? Before that, no one called me from Alfa-Bank. I immediately had doubts about the authenticity of the call, and I asked to give the full name of the "employee", as well as to name the Alfa-Bank branch in which he works. He named all this, and after that I told him that I would call this department myself and check this information, to which he quickly hung up. Then I checked my personal account, of course, there were no applications for a loan. Personally, I did not tell anyone at all, that he issued a card at Alfa-Bank. Then some people called, tried to impose an installment card of some unknown bank, while they already knew from somewhere that I have a card of a certain payment system of a certain bank. Where did they get this information from? I'm sorry, but I don't believe in such coincidences. There is clearly a gap in the banks, or someone promptly leaks information to third parties and these are the largest banks in the country.

Similar questions
C
Cheabatto2021-02-24 12:15:15
Getting information on your Sberbank card? 1Reply
A
arenami2019-09-25 19:57:02
How can I top up a bank account from a foreign card by payment? 2Reply
B
blantcat2019-11-10 23:21:16
Which bank to choose for a bank account of an individual entrepreneur and how to cash out funds correctly? 2Reply
A
Arseny Sokolov2015-07-08 23:22:17
How to receive extracts from SBBOL automatically? 1Reply
Z
Zhandev2017-07-15 16:03:03
Is it possible to register Russian paypal in another country? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question