The State Duma has adopted in the second and third readings a bill containing the second package of measures to combat telephone and internet fraud. The document underwent significant revision: some controversial initiatives were removed, and a number of provisions were softened following consultations with banks, telecommunications operators, and relevant government agencies. As a result, a comprehensive mechanism has been formed that should reduce the scale of fraudulent operations and protect citizens.
Limit on the number of cards and a unified registry
One of the key innovations is the creation of a unified system for accounting payment cards. It will allow for monitoring the number of cards held by a single client. Initially, restrictions were discussed both on the total number of cards and on the number of cards in a single bank. In the final version, only the general limit was retained — no more than 20 cards per person across all banks.
Compensation for victims of fraud
The law introduces a mechanism for compensating losses to victims. If a bank or telecommunications operator fails to meet the prescribed requirements for detecting and preventing fraudulent transactions, the user can demand compensation in the amount of the transfer sent to the perpetrators. At the same time, full responsibility is not shifted to the organizations: if all mandatory procedures were carried out, but the user still transferred money to fraudsters, no compensation is provided.
Control of calls and SIM cards
Users will be able to voluntarily impose a ban on incoming calls from abroad. Such a restriction can only be lifted by applying in person to a MFC (Multifunctional Center). At the same time, mandatory labeling for international calls will be introduced.
To combat schemes using disposable SIM cards, the law includes a mechanism against so-called "revolving replacement" of SIMs. Parents will be able to notify telecommunications operators about transferring a SIM card to a minor, and the government will determine special rules for servicing such numbers.
IMEI database and emergency response service
The document provides for the creation of a state IMEI database. It will be populated by telecommunications operators and authorized bodies. The authors of the bill and representatives of the Ministry of Digital Development emphasized that this does not involve paid registration of smartphones, rumors of which were actively discussed during the preparation of the document.
An emergency response service for victims of fraud will appear on the "Gosuslugi" portal. It is assumed that a special "red button" will allow for quickly reporting illegal actions and promptly launching protective mechanisms.
Regulation of hosting and blocking resources
The bill introduces a ban on providing hosting resources for placing VPN services, as well as provides for the possibility of out-of-court blocking of websites distributing malware. In the final version, hosting providers are prohibited from providing computing power to owners of resources that do not meet the requirements of Article 15.8 of the Law "On Information". This provision affects, among other things, services for bypassing blocks and VPN services, the operation of which is already regulated by current legislation.
What was excluded from the final version
A number of controversial initiatives were removed from the document. In particular, requirements for mandatory registration on significant internet resources only through Russian postal services, confirmation of important actions via the Max messenger instead of SMS, and mandatory linking of TIN (Taxpayer Identification Number) when opening bank accounts were not included.
Effective dates
According to preliminary estimates, most provisions of the second anti-fraud package will come into force in September 2026. This will give banks, operators, and government structures time for technical preparation and implementation of new mechanisms.