|Date of the premiere of the system:||2018/02/19|
|Last Release Date:||2019/12/23|
|Branches:||Financial services, investments and audit|
|Technology:||Cybersecurity - Biometric identification|
The Single Biometric System (SBS) is the digital platform developed by Rostelecom company at the initiative of the Ministry of Telecom and Mass Communications of the Russian Federation and the Central Bank of Russian Federation, identification on a voice and the image of the person. Since July 1, having registered in a system and having handed over to biometric samples, citizens of Russia will be able to open remotely accounts in the Russian banks. Adding of remote authentication and in other spheres is considered over time: distance learning, telemedicine, etc.
Use of remote identification of clients in the financial sphere is regulated by Federal law No. 482-FZ of December 31, 2017 which makes changes to the Federal law of 8/7/2001 No. 115-FZ "About Counteraction of Legalization (Washing) of Income Gained in the Criminal Way and to Terrorism Financing" and of 7/27/2006 No. 149-FZ "About information, information technologies and on data protection".
The State Duma froze the bill on collecting of biometrics in banks
On January 14, 2020 it became known that State Duma suspended adoption of the bill on collecting biometric data Russians- clients of banks. Said it Chairman of the State Duma Committee on financial market Anatoly Aksakov.
According to him, in 2020 the authorities will not make cardinal decisions on a question of use of biometrics. He also emphasized that the Bank of Russia insisted on the fastest adoption of this bill.
At the same time, according to Vedomosti, Aksakov reported that deputies expect to adopt the bill of biometrics in February, 2020. He also noted that by preparation of the document for the second reading it caused a number of questions in security agencies and in business, in particular, at banks which oblige to use biometrics for rendering services and to incur expenses on equipment procurement.
| ||"We suspended adoption of the bill because accurately we try to treat adoption of digital laws. It is known, as financing of the digital direction in national projects goes more slowly, than in other directions, and many bills are more slowly adopted. It is connected with the fact that the subject difficult, first of all is connected with protection of the rights of citizens, personal data protection, and with protection of business too",|
noted Anatoly Aksakov, the Chairman of the State Duma Committee on financial market
The document which adoption was postponed indefinitely represents amendments to the law "About Counteraction of Legalization (Washing) of Income Gained in the Criminal Way and to Terrorism Financing". His authors are the group of deputies and members of the Federation Council, and their number includes Anatoly Aksakov. The bill was adopted by the State Duma in the first reading on July 16, 2019, and at the time of the publication of material its consideration stopped at this stage.
The proposed amendments to the law provide collecting of biometrics directly when opening accounts and deposits in banks and their branches. Also in the bill it is told about need of a specification of internal divisions of bank in which banks will be obliged to provide collecting of biometrics. In addition to it the bill grants to banks right to use by information about the biometric these clients received from the single biometric system (SBS) for carrying out any banking activities and transactions with individuals clients.
According to Anatoly Aksakov, in Russia as of January, 2020 it is impossible to call collecting of biometrics mass. Among Russian clients of banks this service is not really demanded that is confirmed also by statistics of collecting of such data. According to the Central Bank, for December 1, 2019 the collecting of biometric data was performed less than in 40% of departments of credit institutions.
According to the statistics Rostelecom, for the beginning of January, 2020 in EBS about 110 thousand people were registered.
Aksakov emphasized that the mandatory fee of biometrics can be expensive for banks. According to him, banks with the basic license should be exempted from this duty, as well as systemically important banks, "if it does not lead to the benefit for citizens who will use this service".
CNews noted that banks can not always provide reliable protection against leak of biometric data. So, at the end of October, 2019 on the Internet the archive containing in addition to other personal information, still a call recording of clients of Sberbank with technical support of bank was detected, and these are, actually, samples of their voice. Sberbank denied the leak fact, but the authenticity of a part of information which is contained in archive was confirmed by the staff of RBC.
Mobile application Biometrics received light information design
On January 10, 2020 the company "Rostelecom" announced start of upgraded version applications "Biometrics" for the mobile devices working on operating systems Android and iOS which allows to open the account, a deposit or to obtain the credit, without visiting bank. Upgraded version differs in light information design and clear structure. In more detail here.
the Number of users of a Single biometric system grew up by 47 times
The number of users of a Single biometric system in 2019 grew by 47 times — to 109,987 people since 2317 the previous year. It is reported in the annual report of the Central Bank of the Russian Federation.
As of the end of 2019 the registration in EBS is available more than in 11 thousand points of bank service in 228 banks (increase since the beginning of year more than by 3.7 times) and out of offices of banks in all regions (express model).
The regulator in the report also reminded that in 2019 the Federal law No. 476-FZ3 drafted within the national program "Digital Economy" providing a possibility of use of a Single biometric system for receiving and use of the "cloud-based" electronic signature and also the Federal law No. 480-FZ4 providing use of a Single biometric system by notaries for identification of the citizen who addressed for commission of notarial action was adopted.
The president Vladimir Putin charged to the government and the Central Bank to prepare on May 11 the plan of transfer to a remote format of a part of banking services, including identification of the client by June 1, 2020.
The State Duma is going to adopt in June, 2020 the law on use of biometric data when rendering financial services. The bill gives banks the right to perform any banking activities and transactions with natural persons without their personal presence at a case of carrying out remote identification of the client using EBS.
As the Chairman of the Committee on financial markets Anatoly Aksakov reported, ensuring collecting of biometric personal data will demand change of infrastructure of banks for the purpose of ensuring their security, reliability of collecting and storage. However, according to him, at credit institutions with the basic license not enough financial and technology resources for fast changing of infrastructure.
The Russian banks did not implement the plan of the Central Bank for collecting of biometrics
On January 10, 2020 it became known that the Russian banks do not implement the plan of the Central Bank for collecting of biometrics. Registration in the Single Biometric System (SBS) by December 1 of the 2019th is performed in 11,270 departments of banks or less than in 40% of a total quantity of offices, Vedomosti with reference to data of the operator of EBS writes — Rostelecom.
According to the information letter of the Bank of Russia published on the regulator website by December 31, 2019 the banks had to provide collecting of biometrics in 100% of the departments working with retail clients. At this Central Bank treats lag from the diagram calmly.
| ||Step-by-step equipment of departments of banks which we observe now is connected with implementation of requirements for information security which takes certain time — the representative of the Central Bank reported the edition.|| |
In the further Central Bank expects to acquire the right to set criteria to departments which need to be equipped with the equipment for collecting of biometrics — this regulation it is going to enter to the second reading of amendments to the anti-money laundering law. The regulator also plans from collecting of biometrics operational cash desks out of point of sale and mini-offices of banks with one employee as for data collection two persons are necessary.
According to Rostelecom, by the beginning of January, 2020 in EBS more than 110 thousand people are registered. The company noted that the number of departments where biometric data are collected, can be more than 11,270 as it only those offices where the biometrics was registered successfully are among.
As to the beginning of 2020 Sberbank equipped 6724 structural divisions of mass service (except for offices with restrictions, for example, mini-offices of bank where one employee works) and 148 VIP-offices for collecting of EBS, told Vedomosti in the press service of bank.
The announcement of mobile application Biometrics for iOS
On December 23, 2019 the company "Rostelecom" provided mobile application "Biometrics" for the devices working on to the operating system (OS) iOS. The application is intended for deleted identifications clients using the Single biometric system. Earlier similar application was started for owners smartphones based on OS Android. "Post Bank" became the first financial organization which implemented remote identification through mobile application of Rostelecom. In more detail here.
Registration of 100 thousand Russians
By the beginning of December, 2019 in a Single biometric system about 100 thousand Russians are registered. The first deputy chairman of the Bank of Russia Sergey Shvetsov said it, speaking at a forum of National financial association.
| ||I hope that the quantity of financial institutions which on the basis of biometrics will offer the services will grow" — he reported.|| |
According to Shvetsov, the mechanism of remote identification which should help EBS to develop was started.
Over 180 banks about more than 10 thousand departments are connected to a Single biometric system (by the beginning of December, 2019).
To stimulate the project, the Central Bank is going to provide to banks special privileges. So. they will be able to create reserves under unsecured loans in smaller volume, when using biometrics.
Besides, the possibility of implementation of remote identification in the system of fast payments is studied. Also will connect to data collection MFC and departments of Russian Post. In the last, Post Bank will work with clients. Some banks consider the possibility of interest rates reduction on the credits for the clients using remote identification.
As the mechanism of remote identification works
Integration with the system of face recognition of IVA CV
On November 8, 2019 IVA Technologies reported that the system face recognition IVA CV Russian of the developer of solutions based on artificial intelligence and neural networks IVA Cognitive (enters into High tech Group) passed integration, testing Rostelecom of PJSC also is applied as a part of the Single biometric system (EBS). In more detail here.
Rostelecom starts the system of face recognition in ATMs
On November 8, 2019 it became known that in Russia ATMs with face recognition function will appear. The appropriate technology is created by Rostelecom which is an operator of the Single Biometric System (SBS) and intends to use it in the new project.
As the director of digital identity of Rostelecom Ivan Berov told Izvestia, for identification in the ATM the client will not need to have at himself either the card, or the mobile phone: the camera will be built in the bank equipment and recognizes the person only by his face mold which is stored in EBS.
It is expected that banks will be able how to buy new ATMs with face recognition function, and to convert already operating. The cost of re-equipment can be about one thousand dollars, or 15-20% of the ATM price. At the same time some credit institutions are going to use only own databases, without addressing EBS.
In "Tinkoff bank" told the edition that already test such ATMs on employees, and will use in the future the base of photos of clients in which more than 10 million molds of persons are stored. Also a possibility of implementation of technology confirmed in Promsvyazbank and "the Ak Bars Bank".
Use of biometric methods of identification and authentication first of all is more convenient and simpler for clients, the director of the department of the PromsvyazbankaAleksandr payment cards Petrov said.
According to the president of the National Financial Association (NFA) Vasily Zablotsky, by November, 2019 the biometric technologies did not become widespread in Russia as clients of banks reluctantly hand over the molds of the person and voices. EBS will become popular when the number of the services using a system extends, and ATMs are capable to make a certain contribution to distribution of the biometric platform, the expert considers.
Rostelecom: The word "yes" does not open access to financial services through EBS
Due to the increasingly frequent cases of telephone fraud Rostelecom explained: to draw money from account or to use any other financial service by one word through a Single biometric system it is impossible. Such information contains in the message of Rostelecom of November 5, 2019.
As it was reported, for identification of the citizen and receiving banking services using a Single biometric system it is not enough to pronounce any separate word, for example, "yes" or "I confirm". Identification in a Single biometric system is based on a combination of a voice and the client's person. When receiving banking service the user confirms the personality on biometrics — looking in the camera says accidentally generated sequence of digits. This sequence cannot be written in advance, it differs at each request.
| ||In a Single biometric system increased requirements to information security and comfort of citizens at remote receiving services are put. Deceive biometric algorithms and obtain data from base where biometric control templates of citizens are stored, it is impossible. I want to calm active users of banking services: by words "I confirm" or "yes" at the response to phone call about which very much for November, 2019 write to media, to obtain data for remote biometric identification or it is impossible to draw money from account. I will emphasize that it is about a Single biometric system, but not about the local biometric systems of banks. A single biometric system works only with a combination of a voice and the client's person.|
told Ivan Berov, the director of digital identity of Rostelecom
For identification of the client a Single biometric system should not only hear as the person says a certain set of digits, but also to see how he does it. Rostelecom uses a special algorithm of identification of counterfeit which allows to define that in front of the camera there is a living person, but not the photo or record of a voice, checks it for compliance of a microfacial expression and naturalness of behavior.
VTB creates an analog of EBS
Aeroflot: the airports need to use biometrics of clients
At the end of October, 2019 it became known that Aeroflot is interested in use of biometric data by the Russian airports for their use at registration of passengers. TASS with reference to the deputy CEO of airline on ITKirill Bogdanov reports about it.
| ||There are two trends, the first is a biometrics to collect in bank, in this case the biggest collector of biometrics is Sberbank, he is interested in sale of access to those biometric data which they collected from the clients. And the second is the state on behalf of Rostelecom. In my opinion, it is more correct to have relationship with the state — Bogdanov within the forum "Future Wings" noted, speaking about what company can become operator of the IT system of personal data for start of pass of control services at the airport by means of biometrics.|| |
The representative of Aeroflot also reported that the issue of use of biometric data which are collected by Rostelecom was discussed with Sheremetyevo Airport.
The head of project office "Digital Identity" of Rostelecom Eduard Segal at a conference in the Moscow technopark Skolkovo of Russian Tech Week 2019 reported that the operator tests new types of services and services using a biometric system. In particular, the company wants to use biometrics for a safe input to buildings of the airports that then passengers could pass freely to an airplane ladder.
FSB approved the platform for data protection in a Single biometric system
In turn, the Central Bank of Russian Federation delayed implementation of changes in security systems of biometrics of clients of banks thanks to what they had an opportunity to install either an encryption system of own development, or development of Rostelecom, or "cloud" option.
The representative of Rostelecom says that all market participants as soon as possible need to pass to one of solutions which conforms to requirements to enciphering: own, cloud or standard which was developed by the company. The standard solution will cost approximately by 3-5 times cheaper, than development of the edition, own, said in the publication.
As reported the newspaper in Home Credit bank, biometric identification allows to avoid a number of frauds as for confirmation of the personality not only documents and passwords which can be spotted or stolen, but also individual physiological data which to forge much more difficult are used.
Even if to assume that molds of the person and a voice will get into strange hands, the probability to suffer from actions of swindlers much below than risk of social engineering, the head of the center of projects and innovations of "BKS of Premieres" Ivan Mazov is sure.
Nevertheless a basic reason of reluctant delivery by Russians of biometric data — misunderstanding of a new system and lack of advantages in its use, he considers.
Rostelecom noted that the first organizations will be connected to EBS after installation of new security systems already not later than the beginning of November, 2019.
Providing "the Ak Bars Bank" a face recognition algorithm for EBS
On October 11, 2019 Ak Bars Bank reported that it will become vendor of a Single biometric system, the operator and which developer is PJSC Rostelecom and also bank where the expanded set of services of biometrics will be applied. Corresponding the agreement on cooperation was signed the director of digital identity Rostelecom Ivan Berov and vice chairman of the board Ak Bars of Bank Merab Gogichaty.
Rostelecom and Ak Bars Bank intend to implement joint projects on biometrics: customer service in bank department with use algoritmaraspoznavaniye of persons, carrying out bank payments with biometric confirmation of transactions, primary identification of the client in online channels and other projects directed to support and development Single biometric system.
| ||a Single biometric system actively develops. Recognition algorithm
allows to strengthen persons of Face2Action which developed Ak Bars Bank possibilities of a Single biometric system. It can also be used in different scenarios of application of biometrics, as for remote identification clients of banks, and for payment of goods at the checkout without presentation bank card, commission of bank payments, confirmation suspicious transactions at remote banking, pass to the building,
| ||We are ready to scale biometric solutions, to implement them in
daily cases and business activities. Use of biometric technologies in business processes will allow to simplify the user way the client and to optimize costs. Thus can appear absolutely different ways of interaction of bank with clients and partners,
Possibility of payment of purchases in the System of fast payments using data from EBS
On October 10, 2019 Rostelecom and Bank announced Russian Standard implementation of service of payment of purchases in shops using a sensing technology of the person. For the first time using the System of fast payments the cup of coffee was purchased. For payment confirmation of purchase by the World prepaid card of Bank Russian Standard the image of the person of the client received from a Single biometric system was used. Read more here.
Rostelecom, Norvix-technology and IDM Lab agreed about expansion of the industries of application of EBS
On October 11, 2019 Rostelecom company together with Norvix-Technology and IDM Lab agreed about expansion of the industries of application of a Single biometric system. The corresponding tripartite agreement was signed by the president of Rostelecom Mikhail Oseevsky, the CEO of Norvix-technology Dmitry Yakushin and the CEO of IDM Lab Alexander Bogatkin.
The main direction of cooperation of the companies is support of projects and initiatives of development of domestic technologies in the field of a Single biometric system, such as: the organization of access control, the automated time recording, access to objects using biometrics.
| ||For a year of existence of a Single biometric system we completely debugged registration procedure, together with banks started services of remote identification, now we start scaling of a system in other industries. We calculate that a Single biometric system gradually will become the conductor in convenient and safe digital city services. Fast pass at the airports without documents and tickets — only one of possible scenarios which foundation we laid with Norvix-technology company,|
told the director of digital identity of Rostelecom Ivan Berov
| ||Norvix-Technology as the integration engineering company, using solutions of different divisions of ProSoft group, is ready in interaction with Rostelecom to propose on the market the universal solution — the system of biometric identification integrated with a Single biometric system ('SBI-NT'). Possible scopes of the systems of biometric identification are objects of key infrastructure, such as transport, communication, medicine, power and others,|| |
Conclusion of FSB about compliance of the standard solution to requirements of information security
On October 2, 2019 "Rostelecom" reported that received the positive decision FSB Russia on the standard solution on security when processing biometric data. The corresponding letter No. 149/3/2/2-2110 of September 30, 2019 was sent to the licensed laboratory of the company "Krypto-PRO". The standard solution allows to fulfill the requirements of the regulator during the work with biometrics at stages of registration of biometric data and remote identifications. The solution of FSB became result of case studies which Rostelecom and Crypto Pro completed in August.
| ||A single biometric system — one of the first digital infrastructure platforms which demands from all participants of interaction of implementation of difficult technical solutions, including on information security support. The standard solution on information security will allow banks to reduce costs and to considerably reduce time for fulfillment of requirements on information security during the work with a Single biometric system,|| |
| ||We care for that banks could fulfill the requirements of the regulator in the terms established by the law. The standard solution of Rostelecom can be used in infrastructure of banks and allows financial institutions to interact with a Single biometric system in full accordance with security requirements,|
emphasized the director of digital identity of Rostelecom Ivan Berov
| ||the Received decision of FSB on the standard solution of Rostelecom — an important milestone for development of a Single biometric system. Allows to pass this decision both registration of biometric data, and remote identification and authentication in full accordance with requirements of the system project which is earlier approved with FSB of Russia and the methodical recommendations of the Bank of Russia. At its development and researches, tasks which allowed to fulfill in full the requirements of the regulator were solved,|| |
A single biometric system gives to banks the chance to accept clients on service remotely. Remote identification happens to the help of biometric data, the login and a parolyaportal of state services. For safety of data collection banks which register citizens, are responsible for safety of data storage — Rostelecom, the operator of a system. The Crypto Pro company provides cryptographic information security tools and the analysis of security of the created solution. The authorized integrators which build in it infrastructure of banks are engaged in implementation of the standard solution.
The Central Bank gave to banks of a privilege for collecting of biometric these Russians
On September 18, 2019 it became known of the solution of the Central Bank of the Russian Federation to provide to banks of a privilege in exchange for collecting of biometric these Russians. The corresponding draft of amendments is published on the regulator website.
According to RBC, on condition of collecting biometrics banks will be able to reserve the unsecured credits to individuals issued since 2014 at the smaller rate. For the credits on which there are no overdue payments the rate will decrease from 3% to 2%, for loans with delay no more than 30 days — from 8% to 7%.
Besides, the Russian Centrbank intends to allocate the credits issued using biometric identification to individual entrepreneurs in separate category. On them reserves will make 1.5%.
The experts polled by the edition consider that privileges on reservation are not enough for more active collecting of biometrics. The problem is not in number of biometric samples or the discount size on reserves, believe in Alfa-Bank.
| ||Biometric identification occupies only a small part of credit process. The main risks of banks are connected not with fraud, and with a non-return of the credits. In other words, key risks lie in the area of assessment of solvency — this initiative does not touch on this issue — the press service of bank reported.|| |
Also the associate director of group of ratings of financial institutions of AKRA Mikhail Polukhin agrees with negative assessment of amendments of the Central Bank. According to him, amendments will not provide to large banks enough incentives for more active collecting of biometrics.
| ||Regulation of reservation decreases not really significantly, and volumes of portfolios should be rather big in order that the effect of reduction of reserves was noticeable — he notices.|| |
Turning on of phones and e-mail of Russians in EBS
In the middle of September, 2019 it became known that the Single Biometric System (SBS) switches on phones and the e-mail addresses of Russians. The relevant resolution approved the Government of the Russian Federation.
| ||Add the scope of information placed in the unified information system of personal data providing processing, including collecting and storage, biometric personal data … with the point "d" of the following contents: control data of the individual (number of the subscriber device of mobile radio telephone communication, the e-mail address) , said in the resolution published on the website of the cabinet.|| |
According to RIA Novosti with reference to the press service of Rostelecom (operator of EBS), inclusion of phone numbers and the addresses e-mail will allow to inform citizens on registration in a system, the made transactions with use of its data and also on removal of biometric data. At the same time adoption of the document will not demand selection of additional resources from the federal budget, specify in the Ministry of Digital Development, Communications and Mass Media.
This department developed a draft resolution on addition of EBS with directory numbers and the e-mail addresses. The ministry considers that innovations will allow to improve interaction between the interested bodies and the organizations and individuals, data on which contain in the unified information system.
Along with phones and the e-mail addresses in a Single biometric system the following data are placed:
- the image of the person received using photo video of devices;
- these votes of the person received using sound recording devices;
- the insurance number of the individual ledger account of the insured person in the system of the personified accounting of RPF;
- the identifier of an account in a single system of identification of an iautentifikation;
- primary state registration number of record about creation of the legal entity.
Rostelecom will start a payment system of goods according to the image of the person based on EBS
On September 5, 2019 it became known of plans of Rostelecom to start technology of payment of goods for the image of the person. It is the joint project with Russian Standard based on the Single Biometric System (SBS). Read more here.
Alfa-Bank spent $1.5 million for biometric technologies which were not necessary to clients
"The Renaissance the Credit" ahead of schedule implemented EBS at all the offices
On August 2, 2019 it became known that Renaissance of the Credit ahead of schedule completed the project on implementation of the Single Biometric System (SBS) in departments. Now service is available at all 133 offices of bank located in 62 regions of Russia. Read more here.
The directory of available services for natural persons and the register of products for business
On July 15, 2019 Rostelecom announced optimization of work of the portal of a Single biometric system, having added function both for citizens, and for representatives of banks. In upgraded version of the portal the directory of available services for individuals and the register of products for business appeared.
Now citizens can issue a number of financial services without visit of bank. On the portal it is possible to examine available services and to pass to the website of bank for their receiving. In the future users will be able to receive the offered services online on the portal. Through the directory of the portal it is possible to open the debit card "Tinkoff of Bank", the savings account in "Post Bank", credit card "Sovcombank" and also to issue the credit for purchase of the equipment. Further the directory will be replenished with wider list of services.
There were updates and in the section "For business". Representatives of banks can get acquainted with an ecosystem of products of Rostelecom for work with a Single biometric system, select necessary parameters of products and send a request of the commercial offer directly on the portal. Use of this ecosystem will allow to start services of registration of biometrics and remote identification of clients of banks in the minimum terms.
Also content of the portal was structured. Now users of a Single biometric system will see only that information which is relevant for their tasks. Moreover, pages for citizens adapt now according to the status of biometrics which is reflected in the main screen. It allows the user to receive the instruction for further actions quickly.
| ||We update the portal of a Single biometric system that using modern solutions design to provide to our clients the best user experience. The portal should become the convenient guide for citizens and business, to provide all necessary tools for work with a Single biometric system. Further we are going to update a personal account of credit institution and mobile application for users according to a design system and also to create modern services,|
told Svetlana Ozeretskovskaya, the head of promotion of a Single biometric system
A single biometric system in Russia began to work since June 30, 2018. It is one of elements of the mechanism of remote identification which allows citizens to receive financial services remotely. For July, 2019 the remote identification can be undergone in 156 banks located in 450 cities of Russia.
OTP Bank connected all the offices to EBS
Since July 1, 2019 "OTP Bank" connected biometric 100% of offices of bank (134 points of presence) to the Single system (EBS). Now anyone will be able to create an account on Gosuslug portal, to confirm, recover access or to update data for the existing account and to hand over the biometric data at all offices of bank on everything Russia, reported in OTP bank on July 3, 2019. In more detail here.
Large number of defects
At the end of May, 2019 it became known of a large number of errors in the Single Biometric System (SBS). To increase quality of the collected data, the Ministry of Digital Development, Communications and Mass Media introduced new requirements to quality check of the collected biometrics.
Department offers in the automated mode using the equipment of Rostelecom to control collected samples and a minimum weekly to carry out inspections of "proper functioning" of the systems of collecting.
Innovations should solve a problem of rejection of poor removed images of the person and records of a voice. As the director of biometric technologies of Post Bank Andrey Shurygin told Kommersant, at photography it is very important to observe the requirement for the size and provision of the person in a frame, they are described in the order of the Ministry of Digital Development, Communications and Mass Media, at violations the samples can be rejected by EBS.
According to the representative of VTB, frequent rejections of the biometric image can speak about the incorrect scheme of data collection in the bank. It can be connected with the objects which are accidentally getting into the shot.
Rostelecom confirmed that in the course of collecting of biometrics in bank departments quite often there are failures — the received pictures and samples of a voice do not conform to regulatory requirements, and they should be remade therefore process of service performance is dragged out up to 30–40 minutes.
The operator connects these problems among other things with incorrect settings of the equipment and lack of quality control of samples on the party of banks. Rostelecom assured that defective biometric materials do not get to a system so users should not repeat data.
By the end of May, 2019 of 146 Russian banks collect biometric data of clients in 5.2 thousand departments. Until the end of the year all Russian banks should implement a possibility of collecting of biometrics.
Partnership with Infosecurity and Crypto Pro
PJSC Rostelecom selected Infosecurity and Crypto Pro companies as the authorized partners in information security support of a single biometric system of the Russian Federation.
Since June 30, 2018 in Russia became effective law No. 482-FZ which made changes in a row of legal acts for the biometric identification of citizens providing creation of uniform base of biometric these Russians. Development of the Single Biometric System (SBS) was charged to PJSC Rostelecom.
On February 15, 2019 Rostelecom announced approval in FSB of Russia of the system draft of the standard solution on information security during the work with EBS. The system project includes requirements to architecture of a hardware and software system, the list of the hardware and special software approved to use, the scheme of their interaction with each other and also the basic principles of integration of the standard solution into information systems of bank. The Crypto Pro company within the project acts as the developer of means of cryptographic information protection and testing laboratory, and the Infosecurity company as the authorized integrator is responsible for delivery, implementation and maintenance of the hardware and software system intended for protection of biometric these citizens.
Implementation of a biometric system will significantly simplify interaction with banks: to the individual will be once to undergo registration procedure enough then it is possible to receive remotely services in any bank using EBS. At registration the reference sample of biometric data is created, and in the course of remote identification the biometric data provided by the client are compared to this reference sample. Banking services will become more available to handicapped citizens and also inhabitants of remote regions where the choice of banks is limited or at all is absent.
To banks connection to EBS will allow to lower costs due to cutting of costs for development of a branch network and also will give an additional flow of clients from the remote regions. At the same time implementation of the standard solution will help to fulfill the requirements of the legislation regarding security of the transferred and obtained data from a Single biometric system. Eight complete sets of delivery of a HSS differing in functionality and cost are developed.
Collecting of biometric data in 270 bank departments of VTB is organized
On March 18, 209 VTB announced ensuring data collection of clients within a Single biometric system in 270 departments in all regions of presence of bank in Russia. Until the end of 2019 the necessary equipment will equip all network VTB. Read more here.
The Central Bank issued recommendations about registration in a Single biometric system
The Bank of Russia issued the recommendations for banks about improvement and optimization of their operational processes about registration of citizens in the Unified identification and authentication system (Unified identification and authentication system) and also in the Single Biometric System (SBS).
So, it is recommended to banks in case of lack of the Insurance Number of Individual Ledger Account at the client to carry out search of its account to a Unified identification and authentication system on passport data and also to perform their updating in a Unified identification and authentication system in case of need. In addition, it is regularly recommended to banks to perform check of readiness of the equipment before each working day. It in general will allow to reduce time for registration of clients when preserving its proper quality.
Besides, it is offered to inform the client on the fact of registration of its biometric data in EBS at the end of such procedure at once.
In the information letter there are also recommendations of need of accurate explanation to clients to what biometric system their data are transferred: in EBS or own system of bank. It will allow to avoid cases of false representation of individuals.
Let's remind that the mechanism of remote identification allows citizens to receive financial services remotely. For this purpose it is necessary to undergo primary identification in authorized bank which will register the client in a Unified identification and authentication system and EBS, having taken off biometric data (image of the person and record of a voice). Further for remote receiving services in new bank the citizen will need to undergo authorization in a Unified identification and authentication system and to confirm the biometric data with the help of the smartphone, the tablet or the computer using the camera and the microphone.
The card of points of bank service where everyone can hand over biometric data, is posted on the website of the Bank of Russia and is constantly updated.
Collecting of biometric data is provided in 20% of Sberbank branches
Sberbank announced on January 11, 2019 completion of replication of collecting of biometric data in the Single Biometric System (SBS) and personal data in the Unified identification and authentication system (Unified identification and authentication system) for carrying out remote identification of citizens in 20% of the departments, the servicing individuals. Read more here.
Sberbank began collecting of biometric these Russians for EBS
On December 13, 2018 Sberbank announced TAdviser support of an initiative Central bank Russia on deleted identifications clients and start biometric of data collection for "Key Rostelecom" — the Single biometric system (EBS) of the Single system of identification and authentications (UNIFIED IDENTIFICATION AND AUTHENTICATION SYSTEM). Read more here.
"Tinkoff Development center" became one of vendors of EBS
On October 19, 2018 Tinkoff Bank reported that it signed the agreement on cooperation about Rostelecom within a Single biometric system. Signatures under the document were appended by Ivan Berov, Direktor on digital identity of PJSC Rostelecom and Alexander Emeshev, the vice president, a direktor on product development of Tinkoff Bank.
According to the document, "Tinkoff the Development center" will become one of vendors biometric data in a Single biometric system which developer and the operator is Rostelecom. Tinkoff will be responsible for recognition of voice samples of clients at remote identifications.
| ||Before becoming vendor of a Single biometric system, the biometric algorithm should pass test and confirm the performances on the accuracy of recognition and data processing rate. Rostelecom interacted with "Tinkoff Development center" within several months: completion of an algorithm on the speed and accuracy of recognition was conducted. For October, 2018 the algorithm "Tinkoff Development Center" is tested and ready to that with its use the processing of voice biometric data in a Single biometric system was performed. The algorithm of voice recognition "Development center" will be included by Tinkoff in a Single biometric system in the nearest future.|
Ivan Berov, a direktor on digital identity of PJSC Rostelecom.
Rostelecom initially developed a Single biometric system as the multivendor platform which any vendors of biometrics and at any stage can join if the quality of work of their algorithms corresponds to the set criteria. Rostelecom as the operator of a Single biometric system constantly tests solutions of vendors and selects the best of them.
| ||We use own voice biometrics in our call center since 2017 therefore we reduced time for confirmation of the identity of the client through contact center from 60 to 15 seconds, i.e. by 4 times. Especially for integration with EBS we in addition retrained a biometric algorithm to increase even more its efficiency.|
Alexander Emeshev, the vice president of Tinkoff of Bank, a direktor on product development.
Testing of the solution "Tinkoff Development Center" took place successfully, the solution is ready to implementation in a Single biometric system.
Banking services by means of biometrics are not available to Russians yet
At the end of September, 2018 it became known that Russians cannot use services of banks by means of biometrics because of problems with creating applications.
According to Kommersant, the mobile application developed by Rostelecom for verification by banks of clients and remote providing services to them was going to be released to the middle of October, 2018. However with placement of programs in Google Play and App Store there are problems.
If negotiations with app store of Apple are not crowned with success, owners of iPhone will not be able to undergo verification through mobile devices to receive banking services for which biometric data from the smartphone are necessary.
The consultant for Internet security of CiscoAleksey company Lukatsky noted that now certification of means of enciphering in FSB takes not less than a year. It can create problems, he considers: or applications will be used the last, but not certified version of software, or FSB which was outdate software with the certificate.
Problems are created also by discrepancies in regulating documents. According to Alexey Lukatsky, there are requirements of FSB set by regulating documents for means of cryptographic protection (CIPF) which are difficult for executing on the platforms MacBook, IOS , etc.
| ||According to the existing documents of FSB in the presence of access for the violator to operating system source codes (and such opportunity is for Linux and Android), on which software, certification perhaps only on class KA will be started biometric that cannot be executed — Lukatsky noted.|| |
Costs of banks for connection to a single biometric system are called
At the beginning of September, 2018, expenses of banks on connection to the single biometric system (SBS) became known. Costs were defined according to the results of the closed meeting which took place in Rostelecom devoted to fulfillment of requirements of information security when collecting biometric data and sending them in EBS.
According to the head of "Aytubi" Ilya Tarasov to whom Kommersant refers, the price of connection of bank with one department begins with 3 million rubles where a half of costs are the share of cyber defense (one HSM module costs 1.5 million rubles). Other expenses are connected with purchase of the equipment for removal of data and the direction them in EBS. It is necessary to pay in addition 130 thousand rubles from which 30 thousand rubles are means of protecting, 60 thousand rubles — the equipment for removal of biometrics on one workplace, 40 thousand rubles — the employee's computer for each following department.
Besides, at connection for works on setup of the equipment, certification of the EBS system, development of model of threats and model of violations and also it will be required to pay about 1.2 million more rubles for annual service. The cost of annual service is the most part (about 800 thousand rubles).
The list of the basic elements necessary for banks for collecting of biometric data was stated to participants of the meeting (among them — representatives of 20 largest banks, the Central Bank, Rostelecom and FSB). It is about the server (HSM module), the operating system and means of the signature of dischargeable biometrics. Also the antivirus, the firewall and the system of detection of threats is necessary for banks. Precisely certain list of basic elements allowed to calculate the minimum costs.
According to data of the Central Bank of the Russian Federation, from 476 Russian banks collect and transfer biometrics only 50. According to Rostelecom, these 1200 people are loaded into a system.
The list of data on citizens who will store in EBS is approved
The Government of the Russian Federation approved requirements to placement of information about citizens of the country in a unified identification and authentication system and a single biometric system. The relevant resolution of July 14, 2018 is published on July 24, 2018 on the official Internet portal of legal information.
According to the law of 12/31/2017 N 482-FZ, state bodies, banks and other organizations in the cases determined by federal laws after carrying out identification at personal presence of the citizen of the Russian Federation from his consent on a grant basis can place electronically the following data:
- the data necessary for registration of the citizen of the Russian Federation in a unified identification and authentication system, and other data if such are provided by the federal legislation;
- biometric personal data of the citizen of the Russian Federation — in the unified information system personal data providing collecting and storage biometric personal data, their check and information transfer about degree of their compliance to the provided biometric personal data of the citizen of the Russian Federation.
The government decree "About Establishment of Requirements to Carrying Out Identification of the Citizen of the Russian Federation" defines the list of data which the applicant at identification personally submits to the employee of state body and organization:
- a) surname, name, middle name (in the presence);
- b) date of birth;
- c) birthplace;
- d) details of the identity document (series and a document number, date of issue of the document, the name of the body which issued the document, and the subdivision code);
- e) residential address (registration) or residences;
- e) taxpayer identification number;
- g) information on the insurance number of the individual ledger account of the insured person in the system of mandatory pension insurance;
- h) contact information (number of the subscriber device of mobile radio telephone communication and the e-mail address (at its existence).
Also the applicant provides the identity document of the citizen of the Russian Federation. Makes a reservation that if data on participation of the citizen of the Russian Federation in extremist activity or terrorism are received and also if the reliability of the provided data is not confirmed, placement of data in a single biometric system is not performed.
The federal law on a biometric system became effective on June 30. It enters, in particular, the mechanism of remote biometric identification of the client of credit institution. At use of such mechanism to the identified client — the individual without its personal presence accounts (deposits) can be opened and be performed some banking activities.
| ||Biometric identification in general provides higher level of reliability: implementation of fraudulent transactions with it is much more difficult to be implemented — Dmitry Gvozdev, the CEO of Information Technologies of the Future company noted. — But to consider it as ideally reliable is not necessary: episodes when swindlers managed to bypass also biometric authorization are known.|| |
It is possible to study the order of the Government of the Russian Federation of July 14, 2018 here.
Start of a Single biometric system
Since June 30, 2018 in Russia the Single Biometric System (SBS) earned — one of crucial elements of the mechanism of the remote identification allowing citizens to receive remotely financial services was reported in Rostelecom.
User identification in a Single biometric system happens by two parameters — a voice and the person which simultaneous use allows to define the living person. For registration in EBS the citizen needs to come to bank only once. The employee of the bank will help it to be registered with the Unified identification and authentication system — a Unified identification and authentication system) which is used for access to the Gosuslug portal if earlier the user in it was not registered. Then the employee of the bank "will take off" biometric data of the user — the image of the person and record of a voice — and will load them into a Single biometric system.
Registration in EBS allows the citizen to receive remotely services of any bank working with a system. It is enough to client to enter the login/password from a Unified identification and authentication system and to say the short control phrase generated by a system, looking in the camera of the smartphone or the computer. Only Internet access is necessary for the user for passing of remote identification, the smartphone, the tablet or the computer with the webcam, any additional hardware is not required.
Accuracy of biometric identification in a system is provided with algorithms of the Russian software developers in the field of biometrics. The largest Russian banks participated in creation of a system, specified in Rostelecom.
| ||Further a Single biometric system will become the national platform for secure access of citizens to the public and commercial services. In process of data storage in a Single biometric system more and more opportunities of its application in different spheres will appear. The most perspective industries are: financial sector, notariate, receiving public and municipal services, health care, education, retail, e-commerce. A single biometric system will expand the accessibility to digital services by that who lives in hardly accessible areas and to the handicapped population, will reduce their cost and also will increase quality of such services. Use of a Single biometric system is a method to change the relations between the state, the organizations and the citizen — are convinced of Rostelecom.|| |
For the purpose of quality improvement and reliability of registration and identification of citizens on the website of the Single bio.rt.ru biometric system the form of a feedback using which it is possible to send to developers information on any emergency situations, work-related systems is open.
Draft of the order of the Ministry of Digital Development, Communications and Mass Media
The Ministry of Digital Development, Communications and Mass Media submitted in May, 2018 for public discussion the draft of the order on the statement of an order of processing of the biometric personal data used for identification of citizens, an order of their placement and updating in a single biometric system and also requirements to technical means which will be applied to their processing.
The document establishes that it is processed there will be picture data of the person and these voices. The authorized staff of the relevant state agencies, banks or other organizations will collect these parameters.
Data will be processed only after the identity of the person from whom they act was confirmed. Personal presence at the same time is obligatory. The citizen should agree to personal data processing in the form approved by the government.
If the user withdraws consent to processing of the personal data, then its biometric data cease to be used for carrying out identification.
Control of authenticity and quality
Biometric samples of the person and voice which are stored in a system 3 years become result of data processing. The order of the Ministry of Digital Development, Communications and Mass Media sets quality regulations for these samples. Samples using software of a single biometric system which will be installed in state agencies and banks will be automatically checked for compliance to these regulations.
Together with samples date and time of their creation and also the number of attempts when passing quality control will be transmitted to a system. If this control is not undergone, then information on the place and time of creation of such samples will also be fixed. If the employee of state agency or bank was mistaken when checking the identity of the citizen, then and it, and his organization are responsible for it.
Requirements to a sample of the person
Colors of pixels of the image of the person should be provided in the 24-bit RGB color space in which on each pixel about 8 bits are the share of each color component: red, green and blue. The turn and a ducking in the picture should be less than 5 degrees, and the deviation — is less than 8 degrees.
The distance between centers of eyes should make not less than 120 pixels. To this value there correspond 480 pixels for lateral dimension of the person and 640 pixels for vertical. On the image there has to be only one person, it should not be closed by anything, should have neutral expression with the closed mouth and open eyes, should be evenly lit without shadows and flares. The person can be wearing spectacles, but not sun-protection.
The image cannot be retouched or edited, but framing is allowed. It is necessary to save images in the JPEG or PNG format.
Requirements to a voice sample
The sample of a voice should be related a signal noise for a sound not less than 15 dB, quantization depth not less than 16 bits and sampling rate not less than 16 kHz. As a container or a format RIFF (WAV), and as the code of compression — PCM or uncompressed should be used.
Only one audiochannel should be used, it is forbidden to apply noise reduction. At record there has to be only one voice, it cannot be received from record of phone call.
If the algorithm distinguishing a voice is tekstozavisimy, then the user on record should say a password phrase in Russian, being at the same time in adequate emotionally psychological state.
Placement of data
State agencies and banks can place biometric data in a single biometric system, they have the right to update them. Updating of samples happens or after three-year term or if the voice and the person significantly changed. All these actions make sure the strengthened qualified electronic signature of the organization.
In a system it is possible to place data only of those citizens who are registered in a unified identification and authentication system. It is possible to be registered in it as having shown the identity document, and using the strengthened qualified electronic signature of the citizen. A system stores the registration given about a method.
If the citizen is not registered in this system, then the employee collecting biometric data just before their collecting can register him there.
The camera used for shooting of the person should be capable to make the picture with the resolution of 1280х720 pixels. At distance from the face to the camera about 0.3-0.5 m, focal distance should make from 31 to 100 mm. If the distance from the face to the camera makes 0.51-1.0 m, the focal distance should be in range from 28 mm to 100 mm. The white balance of color should be adjusted automatically.
Color temperature of lighters is recommended at the level from 4800 to 6500 K that colors were natural. So it should be luminescence or LED lamps. Illumination in the field of the person should be not less than 300 lx for cameras with automatic correction of illumination, and not less than 100 lx for the camera without it.
For record of a voice condenser, preferably electret microphone without automatic gain control should be used. The ratio signal/noise should be not less than 58 dB, frequency range can vary from 40 to 10000 Hz, the sensitivity should be at the level not less minus 30 dB. The form of the direction characteristic can be omnidirectional, a cardioid, a supercardioid or a hyper cardioid.
The used technical means should be like that that the trial and error method using not original samples required 10 in 4 extents of attempts for each sample.
Authorities: Biometric data of Russians will sell to banks at 200 rub apiece
In March, 2018 the Ministry of Digital Development, Communications and Mass Media officially suggested to make use of a Single biometric system paid for banks — the bank will pay for each successful user identification to the operator of a system 200 rub. Such offer contains in the draft of the order of the Ministry of Digital Development, Communications and Mass Media uploaded to the website regulation.gov.ru for public discussion. If the order will be adopted, it will become effective since June 30, 2018. Public discussion of the project will last till April 3, 2018.
Successful identification means defined, established by the law, extent of coincidence of biometric data of the identified user with a profile which is in a system. If coincidence insufficiently complete, identification is considered unsuccessful and, respectively, is not paid.
The operator of a system, in turn, will report 50% of a reward including VAT to that bank which removed biometric indicators from this user and added to base. Assignments will be paid from each paid identification all that time while the biometric template provided by bank is valid.
Rostelecom is appointed by operator of a Single biometric system
Rostelecom became operator of a Single biometric system. The corresponding order of the Government is published on March 2. The document assumes that Rostelecom will provide collecting, processing and storage of biometric personal data and also check of their compliance to initially handed over biometric samples. Results of check will be transferred to banks for remote identification of citizens when opening accounts.
Rostelecom was selected by operator of a Single biometric system as has experience of implementation of large federal IT projects, such as creation and ensuring operability of the Uniform portal of state services and Unified identification and authentication system. Besides, Rostelecom owns network of the highly productive and protected data processing centers for safe processing and storage of biometric personal data.
Criterion when choosing the operator was also the fact that Rostelecom is a developer of a Single biometric system and takes active part in creation of the normative-right base necessary for its implementation.
In Russia a single biometric system of identification is started
On February 19, 2018 Rostelecom submitted the first working version of the Single biometric system developed at the initiative of the Ministry of Digital Development, Communications and Mass Media and the Central Bank. As developers say, it contains all principal components allowing to implement basic functionality of recognition of the personality according to the facsimile and a voice and is ready to integration by information systems of banks.
First who tests and fills a system with biometric data within a pilot project became 12 banks: Sberbank, VTB, Post Bank, Alfa-Bank, Rosselkhozbank, Raiffeisenbank, Home Credit, Sovcombank, Tinkoff bank, Promsvyazbank, "Ak Bars", SKB-Bank.
Entering of data in a biometric system for bank clients is voluntary. For inclusion in a system the users need to visit the bank departments involved in the pilot to leave there the biometric data.
A system is based in the cloud protected infrastructure of Rostelecom. Data of the user will be transferred to a system on the communication channels protected using domestic cryptoalgorithms. For the solution of this task Rostelecom develops special mobile application with the built-in means of cryptographic information protection.
Modest beginning of the megaproject
At the initial stage the range of transactions which can be carried out in banks with biometric identification is limited, but in the long term they can be expanded on a full range of banking services, up to a design of a mortgage, project participants tell.
| ||In VTB already now the share of sales of some products through digital channels reaches 40%. Work of a Single biometric system will open new opportunities for customer service. Place a deposit, create the savings account, obtain the credit, order the card, issue payments and transfers – the majority of banking products will be available without visit of office. It is sure that it will be absolutely demanded by our clients", – Vladimir Verkhoshinsky, the board member of VTB noted.|| |
The vice president for business development of Rostelecom Alexander Ayvazov told TAdviser that as of February in a system biometric data of only several thousand bank clients are collected. By the end of the year, on the basis of plans of banks for system deployment in the departments, amount of data on 1-1.5 million bank clients is predicted, he says.
In terms of the solutions used in a biometric system Rostelecom adheres to multivendor approach. Alexander Ayvazov told TAdviser that in a system only the Russian solutions for recognition according to the image and a voice are used. The open source, according to him, in a system is not used.
The Russian hardware of required quantity and quality for system deployment was not, but Rostelecom works on it within the import substitution program, the representative of the company in a conversation with TAdviser noted.
Answering a question of TAdviser, Ayvazov also reported that together with the Central Bank and FinTeh association the mode of formation of tariffing of use of a system by banks was worked out. After its full start planned for July 1, 2018 for banks the cost in 200 rubles for one transaction on identification of the client will be set.
A half of this amount will be received by bank which originally participated in removal of primary biometrics, and 100 more rubles will be received by other participants of a system, including the operator of a system and vendors of technological solutions whose algorithms are used in it for recognition.
As of February the issue is almost resolved that Rostelecom will be operator of a system, Alexander Ayvazov in a conversation with TAdviser added.
Access to the system of credit stories is paid for the similar scheme: payment is made for service, explained in Rostelecom.
Alexander Ayvazov also told TAdviser that his company is going to invest in the project about 1 billion rubles of own means in the long term 3.5 years. By February the actual investments from Rostelecom made about 180 million rubles. The company expects "to beat off" investments due to collecting of payment from banks for use of a system.
From banks - in other industries
The Deputy Minister of Telecom and Mass Communications Alexey Kozyrev who was present at the system presentation told that for use of biometric data in different spheres the possibility of their collecting in other places, not only through banks is studied. Banking sector became the first because in banks the strictest control of identification of clients, follows from the words of the Deputy Minister of Telecom and Mass Communications. Afterwards data collection for a single system could be performed everywhere where the citizen appears with the passport: for example, in MFC, departments of Russian Post, etc.
One of the ideas - to tie delivery of biometrics to some basic state service, for example, to obtaining the passport of the citizen of the Russian Federation, Kozyrev in a conversation with TAdviser noted.
| ||When the person comes to the Ministry of Internal Affairs, at issue of the passport he absolutely precisely properly is identified as the citizen and if at this moment to suggest to be registered and hand over it biometric data, it will be convenient as further this person should not go anywhere any more, - explains to the Deputy Minister of Telecom and Mass Communications.|| |
At the same time, when collecting biometrics in other places it is necessary to provide the same reliable control of process, as in banks. According to Alexey Kozyrev, the Ministry of Digital Development, Communications and Mass Media deals with this issue, and one of possible options - to align requirements and responsibility for identification for the whole country.
Alexey Kozyrev told TAdviser that studies the ideas of further collecting of biometrics of the Ministry of Digital Development, Communications and Mass Media jointly, including with the Ministry of Economic Development and the Ministry of Internal Affairs. Based on a bank pilot project requirements to the equipment should be specified, investment volume for system deployment is estimated, for example, in MFC network, statutory requirements on identifications and other moments are analyzed.
Beginning of mass implementation of technology face recognition
In February, 2018 it became known of the beginning of mass use of a sensing technology of persons in the Russian banks. The new system of identification helps credit institutions to prevent fraud for millions of rubles every month, Kommersant writes.
When the client addresses to bank for the first time, its image and passport data are entered in the database. Next time the system of identification of persons compares biometric parameters to available in base and also compares them with information on swindlers. And exact identification of the personality is reached regardless of turn of the head, a make-up, level of lighting or resolution of the camera.
Thanks to the biometric system of face recognition the Post Bank in 2017 could prevent about 10 thousand fraudulent transactions for 1.5 billion rubles. Technologies allows to reject the most part of the fraudulent requests issued by counterfeit passports, reported the edition in Renaissance Credit bank.
In "Tinkoff bank" also told that save thanks to a sensing technology of persons tens of millions of rubles monthly. VVTB reported to the edition that the bank is preparing for project implementation on collecting and use of biometric data. Alfa-Bank tests solutions with biometric face recognition for increase in level of service. Consider a question of implementation of such service and in OTP-bank.
Meanwhile, experts warn that plunder of base of biometric these clients is much more dangerous than theft of passwords or codes.
| ||Eyes and fingerprints — some for the rest of life, they cannot be replaced as the compromised passport or the bank card — the head of the working group "Data Protection and Security of Infrastructure in Payment Systems" of National payment system Alexander Vinogradov noted.|| |
The State Duma of the Russian Federation permitted remote biometric authentication of clients of banks
On December 20, 2017 the State Duma of the Russian Federation adopted in the third reading the amendments to the law allowing banks to identify and authenticate users remotely using biometric supplied and the information from the Unified identification and authentication system (Unified identification and authentication system).
For implementation of remote authentication the user should be once personally in any financial organization with the right to carry out registration of individuals in a Unified identification and authentication system and a single biometric system and to be identified. If the user has no account in a Unified identification and authentication system, the bank will register him in a system, will take off biometric data (image of the person and a sample of a voice) and will enter them into a single biometric system.
Having undergone the above procedure, the user will be able to select what client of bank he wants to become. Using the mobile device or the computer with the microphone and the camera it will be able to undergo remotely authorization in a Unified identification and authentication system and to confirm the biometric data. Thanks to the system of biometric authentication the clients of banks will be able to receive remotely different services, for example, to open accounts, to obtain the credit and to make remittances.
Banks will transfer to the Ministry of Internal Affairs and FSB biometrics of citizens without their consent
The operator of a biometric system in whom data of remote identification of Russians are stored will provide them to the Ministry of Internal Affairs and without the consent of citizens. It is said in the bill of a biometric system and remote identification of citizens which in December, 2017 was adopted in the second reading by the State Duma. The order of this interaction will define the government.
A biometric system is a part of process of remote identification of Russians which will allow them to receive financial and other services online. The client undergoes primary identification with the passport in bank which films his face and records a voice, and then sends data to the Unified identification and authentication system (portal of state services).
These data will also be stored in a biometric system, and the client will be able to address for online service of any bank — he will only need to enter the login and the password of an account on the portal of state services, then — the code from sms and on the computer or phone to transmit these voices and persons for reconciliation with a system through the camera.
The Ministry of Internal Affairs applies for a role of the operator of EBS
The Ministry of Internal Affairs of the Russian Federation (Ministry of Internal Affairs) intends to become operator of a Single biometric system by means of which banks will render a number of services online. The matter was discussed at a meeting with the first Deputy Prime Minister of the Russian Federation Igor Shuvalov in an early autumn of 2017, the Vedomosti newspaper writes. The representative of the Ministry of Internal Affairs said that "the draft of the concept of a national system of biometric identification undergoes reconciliation procedure" in structures of department.
At this time the Ministry of Internal Affairs has biometric base on search and identification of offenders. Including department has a base with photos, fingerprints and eye "iris". However it is not quite clear how a system can be adapted to rendering services to all citizens – clients of banks. Similar, except other, will involve additional budget costs and also time, and, as a result, will slow down integration of EBS into work of banks.
In turn Rostelecom already submitted to the government the project of mechanisms on regulation of work of a Single biometric system.
The first two years of use of EBS are free for banks, further 500 billion rub a year?
Banks will install the equipment for collecting of biometric these citizens according to requirements of the bill drafted by the Central Bank. At the same time the first two years financial institutions will be able to use the Single Biometric System (SBS) free of charge, however after 2020 the costs of the banking sector can make about 500 billion rubles a year, Izvestia reports.
According to the chairman of National council financial rynkaandreya Yemelina, the cost of use of a system will be calculated on individual rates. By analogy with check through bureau of credit histories, rates will depend on quantity of the created biometric profiles. Thus large credit institutions will be able to receive a discount.
According to the experts, the rate for check of 100 biometric profiles of clients can make about 10 thousand rubles. Considering that the fall of 2017 in Russia is affected by 573 banks, the total costs of credit institutions of EBS after 2020 can make about 500 billion rubles annually. At the same time for Russians the implementation of this system will not affect the cost of banking services.
Banks began preparation for collecting of biometric these clients
A number of the Russian banks began preparation for biometric data collection of the clients. In particular, preparatory procedures are carried out in VTB B&N Bank, banks "Ak Bars", "East Bank" and "Opening" and also century Ural Bank for Reconstruction and Development.
The bill is introduced to the State Duma
Bill No. 157752-7 "About introduction of amendments to the Federal law "About Counteraction of Legalization (Washing) of Income Gained in the Criminal Way and to Terrorism Financing" directed to improvement of procedures for granting of banking services without personal presence of the client using the state information resources is introduced to the State Duma.
The bill was drafted by the Bank of Russia together with the Ministry of Digital Development, Communications and Mass Media of the Russian Federation and Rosfinmonitoring with assistance of Russia Association for the purpose of development of financial market, ensuring availability of financial services to citizens, including in remote regions and for physically disabled people and also for reduction in cost of their providing. The bill contains a number of referential regulations which require adoption of the corresponding subordinate legislations which development also should be conducted on the basis of detailed discussion with bank community. The corresponding work is already conducted by the Bank of Russia, the Ministry of Telecom and Mass Communications and Rostelecom, with the assistance of Russia Association with involvement of experts and bank community.
After completion of technology tests of the platform and implementation of necessary legislative changes, Rostelecom will provide access to the platform to credit institutions for its further testing.
The bill of the Central Bank of the Russian Federation obliging all banks to fix the image of the person and a voice mold of the client
The bill obliging everything banks to fix such biometric data of clients as the image of the person and a voice mold at the end of August, 2017 prepared the Central Bank Russia. The main objective of the document is to promote implementation of the Single biometric system (EBS) which will allow citizens to use services of banks remotely, having only passed biometric authentication.
The Russian banks, according to the drafted bill of the Central Bank, for the purpose of formation of the single biometric system (SBS) will oblige to create bases of biometric these clients. The created system will promote remote interaction of financial institutions and citizens – having undergone remote authentication Russians will be able to become investors of any bank, without visiting its office.
According to the Central Bank, work on creation of necessary technology infrastructure is already begun. Representatives of such banks as Sberbank, VTB, B&N Bank and Rosselkhozbank also entered into the working group on creation of EBS. The press service of the Bank of Russia reported:
"The biometric identification using modern sensing technologies of the image of the person and a voice and also verification of presence of the living person that makes impossible substitution of biometric data will become a basis of the new mechanism of bank service. Work on creation of the corresponding technology infrastructure is already begun. The innovation will increase availability of financial services and will reduce the cost of their providing. At all this clients will be granted option – to hand over biometric parameters and to be registered in a Unified identification and authentication system or not".
Experts note that thanks to an innovation the process of commission of any banking activities considerably will become simpler, but also pay attention that a system should be equipped with good protection against cyber attacks.
Banks throughout Russia will collect biometric data of clients (image of the person and a mold of a voice) which will be fixed in EBS in the form of personal "card" of the user. Further any citizen identified on a voice or the image of the person using the computer, the tablet or the mobile phone will be able to use services of financial institution without appearance in office. It is planned that EBS integrate with the Unified identification and authentication system (Unified identification and authentication system) which was created for performance of the law on state services. Banks when using biometric identification through a Unified identification and authentication system will confirm the citizen's personality (full name, date of birth, a floor, the Insurance Number of Individual Ledger Account, mobile phone number). Actually, the users wishing to hand over biometric parameters in a banking system should be at the same time registered also on the portal of state services.
After a binding of biometric "card" to personal data of the citizen in a Unified identification and authentication system (full name, date of birth, a floor, the Insurance Number of Individual Ledger Account, mobile phone number) there is an opportunity to remotely identify the client according to the image of the person and a voice using the computer, the tablet, the mobile phone or the camera mounted in the ATM. Having remotely confirmed the personality, the citizen will be able to make legally significant actions without presentation of the passport or other certifying documents – for example, to become the client of any bank without the need for an appearance in office or to receive, in addition to bank, the public and other services.
The Central Bank calculates that by March, 2018 the banks will have an opportunity remotely to identify as existing, and new clients. However for this purpose it is necessary to manage to adopt the drafted bill during the autumn session of parliament and also to make a number of amendments to the legislation. In particular, provisions of the Federal law "About Counteraction of Legalization (Washing) of Income Gained in the Criminal Way and to Terrorism Financing" do not allow to identify the client remotely today.
The offered innovations will allow to simplify as much as possible process of commission of any banking activities. Authors of the bill first of all focus attention on those advantages which will be got by clients of banks – an opportunity to open accounts in any banks without visit of office, to pay purchases and services, to recharge, transfer money, to take the credits. It is also very important that the new mechanism will increase protection against swindlers as to forge personal biometric data, on assurances of software developers, it is impossible.
Banks have interest in implementation of new technology. First of all remote identification using biometrics will reduce load of departments that will allow banks to perform optimization of own branch network and to reduce costs on its service. Besides process of receiving banking services will become simpler, and they will cost cheaper.
At the same time universal implementation of biometrics will remake the market of retail banking services: if it becomes simpler to client to pass from bank into bank, so, the competition between credit institutions will amplify. In such conditions the high quality of service, a set of services and their price will become the only way to hold the client.
However there is a number of questions connected with a personal data storage and also cost of new service and effectiveness of its application. For example, effective data protection is relevant for any database. Today by last name it is possible to learn the address of the person and his phone number on the Internet. And this problem is not especially Russian that is confirmed by regular messages about personal data leakages of clients of the leading world banks and payment systems. The more banks from the clients want to obtain information, the more reliably should be protection against encroachments of malefactors.
Installation and hardware maintenance for collecting of biometric data will become for banks the additional clause of expenses. It is possible not to doubt that they will traditionally transfer these expenses to clients. And, rates will grow for all – and for those who will agree, and for those who will refuse to undergo the biometric procedure.
At last about simplification of process of receiving banking services. There is no doubt that using biometric identification you will be able to open the bank account – as in this case you give to bank the money. But whether will be rather remote identification for receiving a mortgage loan?
The Ministry of Digital Development, Communications and Mass Media approved the road map of development of NBP
On July 12, 2017 the top level project implementation plan on creation of the National Biometric Platform (NBP) within which the main technical works will be performed by Rostelecom is approved. The document is approved by the Ministry of Telecom and Mass Communications.
The concept of NBP, and soon is already adopted, according to the approved road map of the project, technology tests and the choice of solutions on biometric technologies will begin. By the fall the mechanism of registration of biometric samples and quality control of solutions for NBP will be developed, and until the end of 2017 Rostelecom is going to bring a system into trial operation then credit institutions will be able to be connected to a system and to begin its testing.
The list of banks which will be able to accept biometric data will make the Bank of Russia. Further the organizations should purchase the necessary equipment at own expense. Use of the platform for them will be free within two years, introduction of the differential tariff is planned after that.
"Creation of the National biometric platform will allow Rostelecom to become the operator of digital identification for the banking sector, and further — for all branches of the economy. Use of NBP will increase the level of protection of both these, and users of a system and also will make digital services even more available" — the president of Rostelecom Mikhail Oseevsky commented on work on the project.
According to the director of project office of digital identity of Rostelecom, date of full start of the platform in 2018 depends on readiness of banks and the legislation.
After implementation in banks a system is going to be used in medicine, education and retail. Besides, it is supposed that biometric confirmation of the personality can also be implemented in multifunction and certification centers, departments of the Ministry of Internal Affairs which issue passports.
The technique of the first test stage of vendors of biometric technologies is approved
Within the project on creation of the National biometric platform, Rostelecom approved in the summer of 2017 a technique of the first test stage of vendors of biometric technologies and in the nearest future will define start date of carrying out tests.
The technique of technology tests was developed based on authorized organization - the Russian Biometric Society non-profit partnership (NPP) by domestic vendors of biometric technologies and experts of the industry. The technique was developed, approved and transferred to Rostelecom in June, 2017, and in the nearest future the operator will define the list of vendors for conducting testing.
Rostelecom - operator of NBP for implementation of a pilot project
In June, 2017 it became known that "Rostelecom" will become the operator of the National biometric platform (NBP) for implementation of a pilot project Ministry of Telecom and Mass Communications of the Russian Federation and Central Bank of the Russian Federation. This project will allow banks to perform biometric identification clients individuals using the federal state information authentications system "Single System of Identification and" (UNIFIED IDENTIFICATION AND AUTHENTICATION SYSTEM) for remote opening of accounts and rendering other banking services.
According to the current legislation, primary opening of the account for the individual is possible only at its personal presence at bank department. Implementation of this project will allow banks to identify clients using a Unified identification and authentication system, including on the basis of biometric personal data, for opening of accounts without their personal presence.
RT Labs, subsidiary company of Rostelecom act as the technology partner and the developer of the project. Having experience with information systems of the electronic government, RT Labs will be engaged in creation of the specialized information and technology elements providing collecting, processing, storage, providing and check of compliance of biometric personal data of NBP and its integration with infrastructure of the electronic government.
The platform will be placed in the protected cloud infrastructure of Rostelecom to which will get access of a can through special communication channels of the System of Interdepartmental Electronic Interaction (SIEI). For the solution of this task the Central Bank of Russian Federation will define the list of credit institutions — participants of a pilot project.
Clients of banks for receiving remote identification using a Unified identification and authentication system and NBP will need to come once personally to bank department and to be identified, including biometric. After creation of "a digital profile of the client" they will have an opportunity to remotely open accounts and to make other financial transactions in any bank without personal presence.
As the used biometric parameters during the pilot it is going to use images of the person and/or record of a voice. Further the list of biometric parameters can be expanded (an eye iris of the eye, the drawing of veins of a palm or a fingerprint) that will increase convenience of using of BP in different life situations.
Consultations of banks, Central Bank and Ministry of Digital Development, Communications and Mass Media
On January 20, 2017 it became known of plans of bank community - to create uniform base of biometric parameters of clients. According to the Izvestia edition for January 20, 2017, the Russian banks discuss this idea with the Central Bank and the Ministry of Telecom and Mass Communications.
Having created the general base, banks will have an opportunity to exchange with each other data on clients that will lead to simplification of implementation of the biometric systems.
The regulator is going to hold negotiations with financial institutions concerning creation of similar base. The biometric base can be created on the basis of the Unified identification and authentication system (Unified identification and authentication system). However, without the aid of the state it is not possible to create such technology.
| ||It is necessary to solve what biometric parameters it is possible to include in base and how exactly to use them. Besides, an important question - security of such base. The Unified identification and authentication system meets all requirements. With the consent of citizens the data access from their profiles on a Unified identification and authentication system can be provided to banks that credit institutions could identify remotely Russians by biometric parameters.|
Andrey Yemelin, chairman of National council of financial market
2016: Pravkomissiya charged to the Ministry of Digital Development, Communications and Mass Media to develop the concept of biometric identification
In September, 2016, the source close to the Central Bank told Izvestia that the government commission headed by Dmitry Medvedev charged to the Ministry of Digital Development, Communications and Mass Media to handle an issue of use of technologies of identification of clients by means of biometric data. The issue of development of the concept is handled now by the Central Bank, FTS and business community.
The Russian banks intend to use biometric technologies for confirmation of transactions. First of all it will concern the clients who are already identified by the passport. For implementation of new technologies the credit institutions should create local bases of biometric data and to certify them in FSB and the Federal Service for Technical and Export Control (FSTEC).
According to the Deputy Minister of Telecom and Mass Communications Alexey Kozyrev, use of biometric technologies will significantly increase safety of electronic transaction, and for full use of biometric technologies in Russia the federal base of biometric data should be created.
In the spring of 2016 Sberbank and B&N Bank read plans for implementation of biometrics until the end of 2018. Banks are going to apply biometrics to confirmation of transactions of the clients who are already identified by the passport in departments and also to their authorization at an input in Internet and mobile bank (if the client — the owner of the smartphone). Sberbank also declared plans for creation of base of biometric data.
According to experts, technical difficulties during creation of bases of biometric data at banks will not arise, however for full use of new technologies in Russia it is necessary to create uniform base of biometric data. It will allow banks to be convinced that this client wants to perform any operation in a personal account or this client wants to confirm transaction in department.
- ↑ Progress on the person: the biometrics will be implemented in ATMs and sports clubs
- ↑ Aeroflot is interested in use of biometric data by the Russian airports
- ↑ Voice defender: banks will encrypt biometrics the standard solution
- ↑ [https://www.rbc.ru/finances/18/09/2019/5d811b199a794767c4e38351/of the Central Bank offered banks of a privilege for collecting of biometric these Russians In more detail on RBC: https://www.rbc.ru/finances/18/09/2019/5d811b199a794767c4e38351]
- ↑ Phones and e-mail of Russians entered a single biometric system
- ↑ The biometrics the person did not leave
- ↑ Biometrics there is not enough mobility
- ↑ Banks estimated biometrics
- ↑ The government approved requirements to identification of citizens for placement of data in a single biometric system
- ↑ As at Russians will photograph persons and to record voices for identification in banks
- ↑ the Authorities: Biometric data of Russians will sell to banks at 200 rub apiece
- ↑ Hopes for the credit were iridescent
- ↑ Banks will transfer the Ministry of Internal Affairs and FSB biometrics of citizens without their consent
- ↑ The Russian banks will implement biometric identification of clients in 2018
- ↑ Banks will create uniform base of biometrics of clients
- ↑ the Banks will be able legally to apply biometrics in 2017
- Censorship on the Internet. World experience
- Censorship (control) on the Internet. Experience of China
- Censorship (control) on the Internet. Experience of Russia, Roskomnadzor
- Law on regulation of Runet
- VPN and privacy (anonymity, anonymizers)
- Protection of critical information infrastructure of Russia
- Law On security of critical information infrastructure of the Russian Federation
- National Biometric Platform (NBP)
- Single Biometric System (SBS) of these clients of banks
- Biometric identification (market of Russia)
- Directory of solutions and projects of biometrics
- Digital economy of Russia
- Information security of digital economy of Russia
- SORM (System for Operative Investigative Activities)
- State detection system, warnings and mitigations of consequences of the computer attacks (State system of detection, prevention and elimination of consequences of computer attacks)
- National filtering system of Internet traffic (NASFIT)
- Yastreb-M Statistics of telephone conversations
- How to bypass Internet censorship of the house and at office: 5 easy ways
- The auditor - a control system of blocking of the websites in Russia
- The Single Network of Data Transmission (SNDT) for state agencies (Russian State Network, RSNet)
- Data network of public authorities (SPDOV)
- Single network of telecommunication of the Russian Federation
- Electronic Government of the Russian Federation
- Digital economy of Russia
- Cyber crime in the world
- Requirements of a NIST
- Global index of cyber security
- Cyber wars, Cyber war of Russia and USA
- Cyber crime and cyber conflicts: Russia, FSB, National coordination center for computer incidents (NKTsKI), Information Security Center (ISC) of FSB, Management of K BSTM of the Ministry of Internal Affairs of the Russian Federation, Ministry of Internal Affairs of the Russian Federation, Ministry of Defence of the Russian Federation, National Guard of the Russian Federation
- Cyber crime and cyber conflicts: Ukraine
- Cyber crime and cyber conflicts: USA, CIA, NSA, FBI, US Cybercom, U.S. Department of Defense, NATO, Department of Homeland Security, Cybersecurity and Infrastructure Security Agency (CISA)
- Cyber crime and cyber conflicts: Europe, ENISA
- Cyber crime and cyber conflicts: Israel
- Cyber crime and cyber conflicts: Iran
- Cyber crime and cyber conflicts: China
- As the USA spied on production of chips in the USSR
- Security risks of communication in a mobile network
- Information security in banks
- Digital transformation of the Russian banks
- Overview: IT in banks 2016
- The policy of the Central Bank in the field of data protection (cyber security)
- Losses of the organizations from cyber crime
- Losses of banks from cyber crime
- Trends of development of IT in insurance (cyberinsurance)
- Cyber attacks
- Overview: Security of information systems
- Information security
- Information security (world market)
- Information security (market of Russia)
- The main trends in data protection
- Software for data protection (world market)
- Software for data protection (the market of Russia)
- Pentesting (pentesting)
- Cybersecurity - Means of enciphering
- VPN - Virtual private networks
- Security incident management: problems and their solutions
- Authentication systems
- Law on personal data No. 152-FZ
- Personal data protection in the European Union and the USA
- Quotations of user data in the market of cybercriminals
- Virus racketeer (encoder)
- WannaCry (virus racketeer)
- Petya/ExPetr/GoldenEye (virus racketeer)
- Malware (malware)
- APT - Targeted or target attacks
- DDoS and DeOS
- Attacks on DNS servers
- DoS-attacks on content delivery networks, CDN Content Delivery Network
- How to be protected from DDoS attack. TADetails
- Fraud Detection System (fraud, fraud, fraud detection system)
- Solutions Antifraud directory and projects
- How to select an antifraud system for bank? TADetails
- Security Information and Event Management (SIEM)
- Directory of SIEM solutions and projects
- Than a SIEM system is useful and how to implement it?
- For what the SIEM system is necessary and as it to implement TADetails
- Intrusion detection and prevention systems
- Reflections of local threats (HIPS)
- Confidential information protection from internal threats (IPC)
- Phishing, DMARC, SMTP
- Botha's botnet
- Worms Stuxnet Regin
- Information loss preventions (DLP)
- Skimming (shimming)
- Sound attacks
- Antispam software solutions
- Classical file infectors
- Cybersecurity: means of protecting
- Backup system
- Backup system (technologies)
- Backup system (security)