A resident of Kostanay, Yevgenia Bragina, fell victim to fraudsters who took out a loan in her name via the Jusan Bank (now Alatau City Bank) mobile app after gaining remote access to her phone. According to available information, the bank did not block transactions upon detecting the remote connection — a duty that the National Bank introduced back in 2023. The court of first instance later declared the loan agreement invalid, but the appeal overturned the decision, placing the responsibility on the victim herself.
According to Hronika.kz, court materials confirmed that the criminals installed the Webkey Android Remote Control app on Bragina's smartphone, allowing them full control of the device: viewing the screen, reading confirmation codes, signing documents, and bypassing geolocation security.
On the same day, the fraudsters opened accounts in Bragina's name via the Jusan Bank app, issued a virtual card, and then submitted a loan application. The bank approved a loan of 2.6 million tenge with a ten-year term. The money was withdrawn from an ATM in Bratislava (Slovakia) several days later, while Bragina's phone was located in Kostanay.
That same evening, the fraudsters also attempted to take out a loan with Narodny Bank of Kazakhstan JSC, but the anti-fraud system detected the remote control of the device and automatically blocked the loan application.
Jusan Bank, on the other hand, argued in court that the client had independently completed biometric verification and voluntarily provided the fraudsters with data and confirmation codes. The bank claimed that no third-party interference was detected by its system, and the loan was issued in accordance with legal requirements.
However, the case file includes a conclusion from the Financial Market Regulation and Development Agency (FMRDA), stating that as early as October 2023, the National Bank had obliged financial institutions to block remote services upon detecting remote control of a smartphone.
In May 2024, agency specialists found that Jusan Bank was not complying with these requirements. The violation was only rectified in January of this year. Experts noted that it was precisely the absence of this blocking that created the conditions under which the fraudsters were able to take out a loan in Bragina's name.
The court of first instance took the regulator's conclusion into account: it declared the loan agreement invalid, stating that the breach of security requirements had caused harm to the client.
In turn, the appeals panel of the Kostanay Regional Court overturned this decision, placing the responsibility on the victim herself. The appeal considered that no evidence of wrongful acts by the bank had been presented, and that the woman had been careless in granting access to her smartphone. At the same time, the panel did not assess the National Bank's findings regarding Jusan Bank's violations.
The contract is now in effect, and Yevgenia Bragina is obliged to pay monthly instalments of approximately 84,000 tenge against an income of 359,000 tenge, while having two children and other loans. She is preparing an appeal on points of law, a process that could take several months.