Help / General and Your Wallet Security

Security

What do I do if I cannot access the site under my login?
If that's the case, then your login details might have become known to scammers. Contact our Support Service immediately:
+7 (495) 974 3586

If you forgot your payment password, you need to restore it:
  • if your cell phone number is linked to your account, request a text message with a recovery code;
  • if your cell phone number is not linked to your account, enter your recovery code (you created it when opening your account);
  • if you don't remember your recovery code, file an application to link your cell phone number to your account.
 
Is Yandex.Money safe?
Yes. We do our best to make the service safe and secure. But fraudsters are as active on the Internet as they are in real life. If you give them money of your own accord, we can’t guarantee that we’ll be able to return it to you. However, we will do our best to try and help you.
 
How do I protect myself from fraud?
Be sure to read the ‘Security’ section thoroughly. There we describe the most common types of fraud. But remember that fraudsters are very inventive. Your best protection is common sense.
Keep your computer secure: install anti-virus and other security software and update it regularly.
Don’t share your passwords with anyone. Don’t keep your passwords in places that can be easily accessed by hackers.
Don’t enter your payment password on unknown websites or from unknown computers. If you want to maximize protection of your account, make use of one-time passwords. They are impossible to intercept or figure out.
 
I received an email from Yandex.Money. How do I know if it’s real or fraudulent?
If the letter is fraudulent, you may be asked to follow a link to an unknown site or to enter your login and password. Fraudsters sometimes tell you your Yandex.Money account has been blocked. But these signs aren’t always enough to help you recognize a fraudulent letter; sometimes it’s next to impossible to know a fraudulent letter from a real one.
That’s why you should study the ‘Security’ section thoroughly and be extremely careful.
Remember: Yandex.Money will never ask you for any of your passwords.
 
What are pyramid schemes and what do they have to do with Yandex.Money?
If you are invited to send money to several accounts at a time and wait until a larger sum is returned to your account, it’s a pyramid scheme. Such activity is a violation of the Yandex.Money User Agreeement and falls under Article 159 of the Penal Code of the Russian Federation, ‘Fraud is the stealing of other people's property or the acquisition of the right to other people's property by deception or abuse of trust.’ Yandex.Money blocks the accounts of all pyramid scheme participants that we become aware of.
 
Does Yandex.Money provide user information to third parties (e.g. to public authorities)?
We will only share user information with a third party when presented with a legally-grounded, official order. Acting in accordance with such an order is our obligation as dictated by the requirements of the effective legislation.
Furthermore, Yandex.Money can share the recipient’s details with a sender, but only in the case of a conflict situation and in accordance with the conditions of professional account usage. For more details see the rules for ‘Professionals’.
 

Password Protection

Where can I enter my payment password and where should I not enter it?
Don’t ever enter your payment password anywhere but on the Yandex.Money site. If you accessed the site via a link, be sure to check what is written in the browser address bar. The address of the page where you enter your payment password should start with https://sp-money.yandex.ru/ or https://sauth.yandex.ru/. Please double-check that this is the case even if the site looks just like Yandex.Money.
Never send your password via email or instant message. Don’t ever tell it to anyone, even to Yandex.Money employees (we’ll never ask you to share your password anyway).
 
Why doesn’t Yandex.Money send forgotten payment passwords via email?
First, because it’s not safe. It’s possible for fraudsters to intercept the email. Or they might hack your email, in which case they won’t only get your payment password, but also your Yandex.Money login password. And that means nothing will prevent them from stealing money from your account.
Second, we could only send a password if we knew it. And nobody should know your payment password but you. Yandex.Money employees don’t have access to it. All passwords are encrypted.
 
Somebody hacked my account and changed my payment password. What should I do?
First and foremost, run anti-virus software. After the ‘cleanup’, go to the access recovery page. Create a new, more sophisticated password.
Next, check the information found under ‘E-mail Addresses’ and ‘My Phone Numbers’. Fraudsters could have added their email or phone number to the list to keep control over your account.
 
How do I restore my Yandex account password?
Go to the password recovery page and enter your login. The system will tell you what to do. You’ll either be sent a text message or an email to another address, or have to answer a security question. This depends on the information you specified on Yandex.Passport.
 

Hacking Accounts

How is Yandex.Money protected from fraudsters?
Access to each account is protected by a password. All files containing account details are encrypted in the Processing Center, and payments, transfers, and other transactions are confirmed by e-contracts.
Only Yandex.Money has the right to ‘issue’ money. Of course, there is always the human factor. For instance, a seller can fail to deliver goods and disappear with the delivered money. We advise you to be cautious about who you make deals with and to regularly check the official catalog of stores connected to the service.
Remember: under no circumstances should anyone request your payment password.
 
Are Yandex.Money accounts encrypted?
Yes. Data exchange between the user’s browser and the Yandex.Money web-server is protected by SSL with 128-bit encryption. The server provides a so-called certificate for its own identification: a file, containing its public key and other parameters.
If the certificate is not signed or is signed by an unknown person, the client is informed and the connection fails. After the authenticity of the server is confirmed, one temporary key is generated (which is valid for the current session only). With this key the server and the user further encrypt the information sent.
Each financial transaction in the service is certified by the system’s Processing Center signature.
 
Can hackers gain access to my Yandex.Money account?
We’ve done everything possible to prevent that from happening. Your passwords are stored in encrypted form. No Yandex.Money employee has access to them. Bank card transactions are protected according to international standards. On top of that, we offer additional protection (i.e. one-time passwords, text message and email notifications).
Remember, fraudsters are very inventive. For instance, your password can be stolen using a Trojan virus. Therefore, we recommend you update your anti-virus software regularly. Additionally, follow the advice found in the ‘Security’ section (e.g. make use of one-time passwords).
 

Viruses and Anti-virus Software

What do I do if my computer is infected with a virus?
Run anti-virus software and check your computer (the software program will guide you through what to do). If nothing works, contact a technical specialist.
 
A pop-up has appeared on my screen, and I can’t get rid of it. What do I do?
Run anti-virus software and check your computer. Delete malware files. In the future, observe the following safety rules:
  • use only licensed operating systems and anti-virus software. Update them regularly;
  • install a personal firewall (e.g. Outpost Firewall, ZoneAlarm). Restrict access by all ports and IP-addresses that you yourself don’t use;
  • in your Internet browser, enable the following options: ‘Block all pop-ups’, phishing filter, and ‘Open files based on content, not file extension’;
  • disable the automatic running of programs, scenarios, and unsafe files; disable active content and use of ActiveX management elements, if they are not marked as safe ones;
  • be careful with incoming mail, especially if the sender is unknown to you. Never click on links in such emails or open files attached to them, until you’ve checked them for malware.
 
I have an Apple computer. How do I protect it from viruses?
Apple computers are subject to the same safety rules that apply to PCs.
Use only licensed operating systems and anti-virus software. Update them regularly.