Izvestia writes that the new service will work as follows. The cardholder through the mobile application generates a QR code for receiving a specific amount of money and transfers it to the recipient of cash. The recipient scans the code by which he receives cash at the ATM of the card holder's bank. Moreover, the recipient may not be a client of this bank.
According to Izvestia, Tinkoff's clients make about 40 thousand transactions a month for 3.5 billion rubles through this service. In 2022, the service will start operating at Otkritie, SKB-Bank and UBRD, as well as at VTB.
The service, as experts believe, is fraught with many pitfalls. At least three possible variants of fraud have been named: an attempt to intercept a QR code during transmission, the presence of a criminal in the bank, which will allow him to generate a key and pass it on to accomplices, as well as the ability to pick up the code itself.
Security experts suggest limiting the lifetime of a QR code to a few hours and limiting the amount of cash withdrawn.
In an interview with Sputnik radio, the president of the consortium "Inforus", an expert in the field of cybersecurity, Andrey Masalovich, noted:
"There are a lot of situations for 'creative' scammers. They can conspire to send a QR code, and then refuse the perfect one. Such scammers can start saying, for example, that their smartphone was stolen and could not know what to do with it. Here is the question security is not so much technical as organizational. We must first foresee the situations that come to minds of fraudsters".