Trust but verify: Russian banks will ask customers for consent to purchase on the Web

Photo: Oleg Kharseev / Kommersant

Russian banks will soon be obliged to obtain the prior consent of the client to conduct the operation, for example, by means of a code sent via SMS. The requirement to tighten the rules for the security of electronic payments and transfers will soon be put forward by the Central Bank, writes Kommersant. Currently, some banks are requesting payment confirmation, but this is done on a voluntary basis. For the technical implementation of the new rules, each bank can spend about several tens of thousands of dollars.

The fact that the Central Bank will soon require financial institutions under its control to receive confirmation from clients for online transactions, said deputy head of the Central Security and Data Protection Directorate of the Central Bank Artem Sychev. “We will amend the provision 382-P to make the principle of contour separation mandatory, where the payment order is formed and where it is confirmed. So that the fraudsters would not be able, by capturing one channel, to complete the transaction, ”he explained.

At the same time, the Central Bank will not impose its own decisions on banks, plans to implement the implementation of payment confirmation. Each bank will be able to implement it in its own way, and there are quite a few ways to do it: these are SMS, scratch cards, one-time codes, and much more.
')
As mentioned above, now banks require confirmation of payment from customers on a voluntary basis. One of the banks that uses such a security scheme is Alfa Bank. “Now we, as an acquiring bank for e-commerce, determine the individual security settings ourselves and establish when additional payment confirmation is needed,” It depends on a variety of parameters, in particular, on the reliability of the outlet itself, ”notes Alfa-Bank Vice-President Vilen Timiryazev.

According to Alexei Pleshkov, Head of the Information Security Regime Directorate of the Gazprombank Information Protection Department, the Central Bank’s requirement is objective and corresponds to reality. "Now there are more cases of fraud in relation to customers of large banks - users of remote banking services, this applies to both physical and legal entities," - he comments on the situation.

Last year alone, about 4.9 thousand attempts at unauthorized operations through remote banking services were revealed. The total volume of such operations is estimated at 1.64 billion rubles. Moreover, 80% of transactions worth more than 700 million rubles were successful. And these are only those operations that are included in the statistics, the real problem is much more serious.