Methodology for identifying indicators

(RISK CATEGORIES) IN THE ‘STOP-PIRAMIDA.KZ’ DATABASE

1. General Provisions

1.1. This Methodology establishes the general approach for assigning informational risk categories (“indicators”) to entries listed in the STOP-PIRAMIDA.KZ Website Database (hereinafter referred to as the Database).

1.2. A risk indicator (risk category) is an informational label reflecting the presence of identified indicators typical of the corresponding risk patterns and/or dishonest or improper conduct.

1.3. The assignment of indicators is for informational and preventive purposes only and does not constitute:

• a statement that an offense (crime) has been committed;

• an official legal qualification;

• a court decision or determination of an authorized body;

• financial, legal, or investment advice.

1.4. The lists of risk indicators and categories are typical and non-exhaustive; indicators may appear in combination, and context is important.

1.5. Information in the Database and the applied indicators may be updated or corrected as new data becomes available.

2. Evaluation Objects

2.1. The objects of evaluation include, but are not limited to: projects, organizations, websites/domains, applications, social media and e-commerce accounts/pages, advertising materials, offers and public proposals, as well as associated payment details and other identifiers.

3. Data Sources

3.1. Evaluations are conducted based on:

a) open sources (official websites, public registers, publications, domain data, blockchain explorers, public announcements, etc.);

b) user-provided materials and inquiries (with supporting evidence, such as links, screenshots, correspondence, payment documents/details, etc.);

c) information from government authorities, regulators, or public organizations, if such information is obtained and/or published.

4. Indicator Categories and Typical Indicators

4.1. “Fraud Indicator”
Definition: A “Fraud Indicator” is an informational risk category indicating the presence of patterns typical for fraudulent schemes.
Typical indicators (non-exhaustive):
a) documents/licenses/certificates that cannot be verified in official registers;
b) identity substitution, brand imitation, use of third-party images (photos/logos);
c) receipt of funds with signs of concealing the ultimate recipient (payments to third parties, frequent changes of payment details);
d) unrealistic promises of income/earnings without disclosure of the source;
e) absence of an identifiable counterparty when receiving funds (no verifiable legal or payment details).

4.2. “Indicators of a Financial Pyramid”
Definition: “Indicators of a Financial Pyramid” is an informational risk category indicating the presence of patterns typical for a pyramid scheme.
Typical indicators (non-exhaustive):
a) dependency of payments on recruitment of new participants (including multi-level referral payments);
b) promise of returns without a verifiable source of income generation;
c) focus on “packages/levels/statuses” and mandatory contributions for participation;
d) guarantees of fixed returns without a transparent model or risk disclosure.

4.3. “Dropper Activity”
Definition: “Dropper Activity” is an informational risk category indicating the use of third-party payment details and/or other methods to conceal the ultimate recipient of funds, including cryptocurrency transactions (third-party crypto addresses, P2P transfers, frequent changes of addresses/networks/payment details).
Typical indicators (non-exhaustive):
a) receiving payments to individual accounts while claiming to operate as a company or platform;
b) frequent changes of payment details, provision of multiple cards/accounts and/or crypto addresses;
c) mismatch between the payment recipient and the declared brand/counterparty, and/or absence of a verifiable link between the crypto address and the declared counterparty;
d) requests to transfer funds “to a private individual” and/or to a third-party crypto address under the guise of top-ups/payments/investments, including P2P top-ups;
e) connection of payment details and/or crypto addresses with other high-risk offers based on open-source information or user reports.

4.4. “Phishing”
Definition: “Phishing” is an informational risk category indicating patterns characteristic of unauthorized access to user data and/or assets.
Typical indicators (non-exhaustive):
a) domain/page substitution, imitation of service interfaces, “mirror” sites;
b) requests for passwords/codes/seed phrases/card data outside secure procedures;
c) redirection to third-party resources/payment forms not corresponding to the claimed service;
d) signs of malicious activity (suspicious scripts, hidden forms, non-obvious downloads);
e) reports of compromised accounts/wallets after interacting with a resource;
f) maliciousness of a link/resource: signs of hidden data collection, unauthorized account/wallet access, and/or initiation of actions without clear and informed user consent.

4.5. “High Risk of Loss”
Definition: “High Risk of Loss” is an informational risk category indicating factors that increase the likelihood of financial loss.
Typical indicators (non-exhaustive):
a) disproportionate promises of returns and/or “guaranteed profits” without justification;
b) lack of transparent conditions for calculations/fees/fund withdrawals or the presence of significant restrictions;
c) absence of verifiable information about the counterparty and the source of income.

4.6. “No Required License (Registration/Authorization/Certification)”
Definition: “No Required License” is an informational risk category indicating the absence of verified licenses/registrations/authorizations/certifications that may be required for the declared activity in the relevant jurisdiction, or the lack of verification of declared information in official registers.
Typical indicators (non-exhaustive):
a) no confirmation of license/registration/authorization/certification for the declared activity in open sources and/or official registers;
b) declared license/registration information cannot be verified (missing number/authority/register, or data not confirmed);
c) references to unofficial registers/regulators and/or use of forged documents.

4.7. “Unfair Sellers”
Definition: “Unfair Sellers” is an informational risk category indicating the presence of typical indicators, identified based on user reports, open-source analysis, and/or information from government authorities, public organizations, or other sources, suggesting possible violations of the Republic of Kazakhstan consumer protection laws and/or potentially false or fictitious activity by the seller (provider/manufacturer), as well as associated websites, online resources, and accounts.
Typical indicators (non-exhaustive):
a) absence or incompleteness of verifiable information about the seller/sales conditions (contacts, payment details, rules for payment/delivery/return);
b) inconsistencies in public information about the seller/conditions;
c) confirmed complaints about non-delivery/non-performance/non-refund (with supporting evidence);
d) signs of potentially fictitious activity and/or misleading information regarding material terms;
e) non-transparent payment/delivery/return conditions that significantly increase consumer risk.

5. Data Correction and Methodology Updates

5.1. Individuals who consider the information about themselves and/or their brand/object to be inaccurate may submit a correction request with verifiable supporting evidence.

5.2. The Operator may modify and supplement the Methodology. Reasons for changes may include, but are not limited to emergence of new schemes and trends, regulatory changes, expansion of sources and verification tools, and clarification of formulations to improve accuracy and neutrality.

5.3. The current version of the Methodology is published on the Website with the effective date and in three languages (Kazakh, Russian, and English).

Effective date: “__” __________ 2026