Russia to Implement Sweeping New Measures Against Cyber and Telephone Fraud by September 2026

Escalating Threat Prompts New Legislative Action

The Russian Federation is preparing to implement a new package of measures aimed at significantly bolstering its defenses against cyber and telephone fraud, with a target implementation date of September 2026. This move comes in response to a substantial increase in fraudulent activities, which have resulted in considerable financial losses for citizens and the state. Prime Minister Mikhail Mishustin emphasized that combating cyber and telephone fraud is a shared objective for both the government and the business community, requiring joint efforts to limit criminals' ability to deceive citizens.

According to reports, financial cybercrime has reached record levels in Russia. The Interior Ministry reported losses from cyber fraud surging to 200 billion rubles ($2.2 billion) in 2024, a 36% increase from 147 billion rubles ($1.6 billion) in 2023. The Central Bank also noted that fraudsters stole a record 27.5 billion rubles ($300 million) from Russian bank accounts in 2024, marking a 74.4% increase from the previous year. Incidents of phone and online fraud had risen by more than 35% since 2022, with roughly 677,000 cases recorded annually.

Key Initiatives and Enhanced Protections

The upcoming package of measures, which was submitted to the State Duma at the end of 2025 and includes approximately 20 initiatives, will introduce several key changes. Among the proposed measures are:

• Improved Verification on Gosuslugi: The verification procedure on the 'Gosuslugi' (Government Services) portal will be enhanced, requiring access restoration exclusively through trusted methods such as Multifunctional Centers (MFCs), banking applications or websites, or biometrics. Users will also be able to report cyber fraud directly through Gosuslugi, facilitating quicker responses from banks, telecom operators, and digital platforms.
• Expanded Response to Suspicious Calls: Mechanisms for responding to suspicious calls will be expanded, and international calls are planned to be marked to help citizens identify potentially dangerous communications.
• Stricter Bank Card and SIM Card Regulations: There is a proposal to limit the number of bank cards an individual can hold, potentially raising the cap to 20 cards per person (from a previously proposed 10), while maintaining a limit of five cards per bank. Money transfer operators will be required to check the Unified Payment Card Record System to ensure compliance. Additionally, measures to limit the activities of 'droppers'—individuals who provide fraudsters with access to their bank accounts—are being introduced, alongside the creation of children's SIM cards.
• Unified Registers and Task Forces: A new task force to combat online fraud was announced on January 15, 2026, comprising representatives from federal agencies, the Central Bank, credit organizations, digital platforms, and telecommunications operators. Furthermore, a unified register of electronic addresses for official websites of popular online stores is expected to be created by Q3 2026 to combat fraudulent duplicates.

Building on Previous Anti-Fraud Efforts

These new measures build upon a series of anti-fraud initiatives already implemented or underway. In April 2025, President Vladimir Putin signed a law introducing countermeasures such as a state information system to combat fraud, limits on unsolicited marketing calls, stricter SIM card issuance rules, and new compliance obligations for banks. The government also introduced labeling for incoming business calls, requiring smartphones to identify calling companies. Automated anti-fraud systems in banks prevented over 27 million operations without client consent in the past year.

The Central Bank has been actively involved, blocking over 170,000 scam phone numbers and initiating the shutdown of 1,335 phishing domains in 2024. A unified database of 'digital traces' of cybercriminals, containing data on over 6 million phone numbers, bank accounts, and websites linked to cybercrime, has also been established to track and block fraudulent networks. Lawmakers and Sberbank are also pushing for comprehensive regulation of the cryptocurrency market by July 2026, including a 300,000 ruble annual limit for non-qualified investors, to curb fraud.