The large-scale failure in the Russian segment of the Internet on April 3, which prevented millions of users from making payments and transfers, could have been caused by an overload of technical means of countering threats (DPIs) — deep traffic inspection systems that Roskomnadzor uses for blocking. This was reported to Forbes by two sources from the cybersecurity and telecom industries. According to them, the DPIs could not cope with the number of accumulated blocking rules and failed under load, which disrupted network connectivity. As of publication, there has been no official confirmation of this version from Roskomnadzor or telecom operators. By the evening of the same day, the services had resumed operation.
What happened to banking services on April 3
Around noon on April 3, Sberbank customers recorded massive failures: payments, the Faster Payments System (FPS), cash withdrawals, and the mobile application were not working. Complaints numbered in the thousands. Soon, similar problems appeared for customers of other large banks. Non-cash payment, including QR codes, was unavailable for about two hours.
Sberbank confirmed the failure and announced the restoration of services. VTB, Alfa-Bank, and T-Bank announced the normal operation of their systems, mentioning possible difficulties in operations with cards of third-party banks.
Two versions of the reasons: DPIs and blocking of bank IP addresses
Forbes sources call the overload of DPIs the main reason. These systems are installed at the nodes of Russian Internet providers and filter traffic according to Roskomnadzor's lists.
The massive failure may be a "side effect" of blocking in Russia, as their scale is already so huge that serious errors occur, and network connectivity is constantly degrading
The publication's source emphasized that he is building assumptions on indirect evidence, without having access to data from inside the infrastructure.
The Telegram channel Mash, citing its own sources, calls a different version: the failure could have been caused by blocking IP addresses used directly in the banking infrastructure. Both versions have not been officially confirmed.
