Why is this important
Fraudsters gain access to citizens’ personal data (logins, passwords, SMS codes) and issue loans in their names. Delaying the transfer of data to the credit bureau (until the next day) allows you to process several loans in a short time. Instant data transfer will close this window for scammers.
What happened
- The Central Bank developed a draft amendment to the Regulation on the Procedure for Exchanging Credit Information;
- For 9 months of 2024, 8 billion soums of damage was caused through fraudulent schemes with online loans;
- Fraudsters gain access to citizens’ data (logins, passwords, SMS codes) and process loans without their consent;
- The problem: loan data is transferred to the bureau with a delay, which allows you to process several loans in one day.
Objectives of the draft resolution
- Prevent the issuance of online loans without the consent of citizens;
- To exclude the possibility of issuing multiple microcredits to one person in one day;
- Oblige credit institutions to transfer data to the credit bureau in real time.
How the scam scheme works
Fraudsters contact citizens under the guise of employees of banks, services (Click, Payme), or government agencies. Access personal data: logins, passwords, and SMS codes (OTP). They withdraw money from accounts or issue online loans in the victim’s name.
The problem: if a person received a loan in the morning, the other bank only learns about it the next day. During this time, the scammers manage to arrange several more loans in his name at various organizations.
Central Bank Decision
Oblige credit institutions to transfer data on issued loans to the credit bureau immediately — in real time. This will allow all banks and microfinance organizations to see the borrower’s current credit history and refuse to re-borrow if the loan was already issued on the same day.
Context
The growth of online loans and digital financial services has created new opportunities for fraudsters. Citizens often don’t know that SMS codes cannot be transmitted to third parties — even if the caller introduces themselves as a bank employee.
The loss of 8 billion soums for 9 months is just official statistics. Many victims do not report fraud to law enforcement or do not immediately learn about it.
The instant transfer of data to the credit bureau is a standard practice in developed countries. This allows banks and microfinance organizations to assess risks in real time and prevent fraud.
However, for implementation, technical integration of all credit institutions with the credit bureau is required. This can take time, especially for small MFOs with outdated IT infrastructure.
In addition to technical measures, the Central Bank and banks should intensify educational work: explain to citizens that no one — neither the bank nor government bodies — ever requests SMS codes by phone.
