Since the beginning of July, the citizens of the Russian Federation are able to receive any banking services remotely upon submission of their biometric data, which will be stored in the Unified Biometrics System.
Some experts warn about a number of risks involved. However, Russian banking industry is only following a global drive towards the use of biometric data. The most recent development in Russia’s banking industry was first announced during the June 29th meeting of the Council of the Association of Banks “Russia” by the first deputy chairman of the Central Bank of Russia (CBR), Olga Skorobogatova. She announced that, starting from July 2nd, about 400 branches of banks in 140 cities across Russia would begin collecting biometric data of their customers. The system should be employed by 20 per cent of Russian banks by the end of this year, and by all Russia’s banks by the end of 2019, the Russian business daily Kommersant informed.
Biometric data – in this case a voice and a face image – make it possible to uniquely identify a person and open up a variety of opportunities for remote provision of banking services. In order for a Russian citizen to be able to use these services, he or she needs to pass an initial identification in one of the authorized banks (authorized by CBR). An authorized bank will scan its customers and send their biometric data to the Unified Biometrics System. Then, once in the system, a client can receive any service (open a deposit, receive a loan, etc.) by confirming his biometric data via a smartphone, tabled, laptop, or a personal computer equipped with camera and microphone.
The Unified Biometrics System was developed by Rostelekom, Tinkoff Bank, and VTB Bank at the request of the Ministry of Communications and Mass Media and the CBR. The build-in security mechanisms are designed to deny any attempt for authentication in the event of a too low match score against the reference biometric data stored in the system.
The digital platform will run on Rostelekom’s cloud infrastructure made accessible for the commercial banks via special communication channels of the Interagency Electronic Interaction System. In the course of the data transmission to the Unified Biometrics System, they will be protected by the use of domestic encryption algorithms, according to Russia’s leading online bank, Tinkoff Bank.
However, despite the high level of security accompanying the process of manipulation with biometric data, some experts warn about a number of risks involved. “Biometric data are directly connected to the individual. Some extraordinary security measures will be needed to prevent the possibility of information leakage at any stage of the data gathering and usage process,” head of the OTP Bank’s information security department, Sergei Chernokozinksy said in an interview for Kommersant.
Moreover, a bank employee must be required to check the authenticity of the passport, and thoroughly examine it with the use of the ultraviolent lamp. However, according to Sergei Korolev from Renaissance Credit, most banks do not have all the necessary equipment and personnel to carry out all those tasks necessary to assure that the whole procedure is secure.
Inadequate security measures could allow criminals to register their biometric data using someone else’s passport. Once in the system, there will be no other protection mechanism preventing them from conducting any bank operations under a different name.
Towards data-driven banking
Earlier this year, the American multinational financial services company, Mastercard pledged that every one of its customers will have access to biometric authentication services by April 2019. Mastercard said in the statement that all its customers would be able to use their biometric data, including fingerprint and facial recognition, to conduct banking transactions.
It will then be up to the financial institution using Mastercard payment system to support these new identification mechanisms, in addition to the well-established PINs and passwords, to enable their customers make payments remotely.
The trend towards the use of biometric data in banking services is likely driven by the increased capabilities of tablets and smartphones, as well as the EU’s new regulatory requirements for stronger authentication. Moreover, recent studies suggest that consumers of financial products support the use of biometrics. A recent research conducted by the Oxford University, in collaboration with Mastercard, reveals that 93 per cent of consumers prefer biometrics over passwords for validating payments. Further, 92 per cent of banking professionals want to adopt biometric solutions.
The logic behind the use of biometrics is that it makes online services easier for consumers. It is frequently argued that existing methods to prove an identity online can discourage customers from pursuing a purchase on a retailer’s website, as the process is very often time consuming. Thus, according to Mastercard’s press release, the way to solve this problem is to stop relying on what consumer knows (passwords) to what they have (smartphone) and who they are (biometrics).
Mastercard has been investing in biometric security technology since 2014, when it announced that it was developing a payment card with a build-in fingerprint authentication sensor. Only a year after that, it announced a biometric authentication and varication pilot, as part of its efforts to improve its cyber security technology.
Filip Brokeš is an analyst and a journalist specializing in international relations.