Cybersecurity and Lab Work

Hacking into a top-secret, super-powerful system or an entire government system in a matter of minutes certainly sounds cool, but thankfully is completely unlikely. Most movies that I’ve seen show the work of cybersecurity specialists in an unrealistic way. Emergencies do happen, but more often than not it requires a meticulous and thorough approach.

Our lab has two major tasks. One is providing regular information security and protection from all types of cyber attacks. The other is combating cyber fraud. I focus on the latter; together with the anti-cyber fraud department we come up with ways to make sure Sberbank clients’ money doesn’t get stolen.

Here’s the most common scenario: you post an ad to sell something online, after a while someone calls you and says they want to buy it and are ready to instantly transfer money. The fraudster assures you that in order to do so they need all the card details, they say, ‘You’ll receive a text in a minute, let me know the code in it so I can verify the transaction…’ Credulous and elderly people easily fall for this. The bank’s anti-fraud system detects such transactions and notifies the client, ‘This is a fraud’, but fraudsters keep abreast of the situation, they take advantage of all sorts of new technologies, methods and tools. The lab is challenged with coming up with new countermeasures, searching for, developing and testing new anti-fraud methods.

New Fraud Detection Techniques

We know a lot about our clients, the entire transaction history, what they buy and where they buy it, where they go, what devices they use, and so on. At the same time our clients can be the clients of other companies, that also have a huge amount of data about our clients’ behaviour and who also fight fraud. Working together, we can detect fraud cases more accurately. One of our goals is to find new data sources to further populate the anti-fraud system. These data sources can be mobile operators, online ad platforms, forums, online shops and other common information spaces. Obviously, cooperation like this must be in line with legal requirements, we are obliged to comply with the bank secrecy law, the personal data law, the secrecy of communication law and others. Here’s a case in point. Imagine a mobile operator informs us that our client has received a text containing a virus. Then we keep a closer eye on the client’s activity and do our best to protect him or her.

My lab and department colleagues and I are motivated by knowing that we do the right thing. We help spot criminals and protect clients. Our work helps fight fraudsters and secure clients’ funds, which can’t help but make me happy. Clichéd as it may sound, it’s true.

Security of Sberbank Systems

Our cyber security service ran a comparison study of Sberbank and some European and US banks and we were happy to learn that Sberbank’s fraud detection rate is way higher. We’re pretty positive that Sberbank provides virtually maximum security to the clients, and in comparison with other banks, it places greater focus on this issue. Though information technologies take longer to arrive in Russia, Sberbank instantly recognizes them.

Sberbank Today and Tomorrow

My father used to work in Sberbank. His job was quite routine with little room for development. When I got a job offer from Sberbank, I was hesitant. I imagined Sberbank to be an outmoded, over-regulated and inflexible organization. I thought I would become entangled in processes, procedures, corporate policies and other things that scare young people off. I shouldn’t have been worried though. When I first arrived at the office I saw a lot of young people and I noted a great focus being placed on their development. If someone in the lab comes up with a great idea, it is put into action. The AI lab, blockchain lab, robotics lab and others are next door to ours. And you can see how passionate these guys are about what they are doing.

What Would I Recommend to Students?

I was born and raised in a small town in the Voronezh region, studied in the Voronezh Polytechnic Community College, my major was Information Systems and Technologies. After I completed military service I moved to Moscow and got a job in IT in line with my degree. As part of my job I interacted with the Security Department guys, I became fascinated by it and made a shift towards security. After working in cyber security I moved on to work in the Sberbank Anti-fraud Department. I realize looking back that those were wise decisions. I’d encourage my old self and today’s students to embrace change, to try new jobs, to change from within, to always look for growth opportunities. As I see, Sberbank provides them, which is amazing! Sberbank is already developing quickly. We don’t know what new technologies will arrive in the future, but I think Sberbank will immediately notice them and make use of them.