The introduction of the Mir card will cost hundreds of millions of dollars for Russian banks - expert comments
A month ago, the technical committee for standardization "Cryptographic Information Protection" (TC 26) decided to develop a domestic standard for accepting World cards.
Cards of all international systems operate according to a common standard ( EMV ), in which they are unlikely to include our cryptography, so “to ensure national interests, we need to create our own analogue of this standard,” explains security consultant Cisco Systems Alexey Lukatsky.
The release of the first World card is scheduled for December. Until the domestic standard is created, our payment system will operate according to the global standard, to which the National Payment Card System ( NPCS ) joined in September. Only the World card can work on the domestic counterpart, and the cards of international payment systems will continue to work on EMV. Therefore, we need two cryptographic modules and two channels of interaction with payment systems - international and domestic.
')
“It is already clear that each ATM and POS terminal will have to be equipped with a FSB-certified hardware cryptographic module, the cost of which can reach several thousand dollars,” Lukatsky estimates.
“If we want to transfer everything to Russian cryptography, then we will have to update the hardware: those cryptomodules that are already in ATMs cannot be adapted to our GOST,” says a bank employee from the top-10.
“The Central Bank understands that it is expensive and the participants of the payment system cannot replace all their ATMs and terminals at the same time. Therefore, a transitional period is expected within 5–7 years - as old ATMs and POS-terminals will be replaced by new ones that support domestic cryptography that has received support from the FSB, ”concludes Lukatsky.
According to the NSPK estimates, the cost of the World cards by the beginning of the mass issue will be lower than the cost of the cards of other payment systems, the TASS reported on November 18 with reference to the head of the NSPK Vladimir Komlev.
At the same time, Komlev told TASS that when creating the Mir payment system, the NSPK took into account the current market conditions, and many factors affect the cost of the card — the print run, the cost of printing and, of course, the cost of the chip.
“By the beginning of the mass issue of World cards, card platform manufacturers, based on our specifications, will be able to offer their own implementation of the payment application. This is also a factor in reducing the cost of producing cards. A number of card and chip manufacturers are already working on this, ”the head of the NPCS noted.
As of July 1, there were 218,768 ATMs in Russia and 1.2 million terminals for accepting cards, according to the Vedomosti data of the Central Bank.
Vladimir Komlev, CEO of NSPK:
A bank employee from the top 10 compares the situation with different gauge in Russia and abroad: “We are building a parallel railway next to it”. Moreover, it has not yet been proved that the use of Russian cryptography will increase the security of payments, he stresses.
Why leave the world standards, if the cryptographic equipment used in card processing, and so passes through the supervising specialized bodies, the director of bank cards of another bank from the top ten is perplexed. NSPK created a working group on this issue, he recalls, but no one explained the purpose of introducing domestic cryptography.
The standard will extend not only to the infrastructure of the bank itself, but also to chips for cards produced by foreign companies, adds the source of Vedomosti.
The transition to the national standard is contrary to the plans of the NPC to ensure the acceptance of its cards throughout the world. A bank employee from the top 10 remembers how easily JCB and China Union Pay payment systems entered our market - to receive them, it was enough to download payment applications, and if you need to change something in each ATM to accept cards, almost no one will not go.
The National Payment Card System (NSPK) officially began its work in Russia from April 1. The system will process all domestic Russian bank card transactions. In July, Russian President Vladimir Putin set the task in 2015 to switch to domestic bank cards.
According to the director general of NSPK, the Russian banks participating in the pilot project on the issuance of Mir cards are in a high degree of readiness to start issuing the first cards by the end of 2015.
1 Why go away from international standards, if the cryptographic equipment used in card processing and so passes through the controlling specialized bodies?
2 What is the purpose of the implementation of domestic cryptography?
Vladislav Kochetkov, expert "FINAM":
Ilya Sachkov, founder and CEO of Group IB:
Cards of all international systems operate according to a common standard ( EMV ), in which they are unlikely to include our cryptography, so “to ensure national interests, we need to create our own analogue of this standard,” explains security consultant Cisco Systems Alexey Lukatsky.
The release of the first World card is scheduled for December. Until the domestic standard is created, our payment system will operate according to the global standard, to which the National Payment Card System ( NPCS ) joined in September. Only the World card can work on the domestic counterpart, and the cards of international payment systems will continue to work on EMV. Therefore, we need two cryptographic modules and two channels of interaction with payment systems - international and domestic.
')
“It is already clear that each ATM and POS terminal will have to be equipped with a FSB-certified hardware cryptographic module, the cost of which can reach several thousand dollars,” Lukatsky estimates.
“If we want to transfer everything to Russian cryptography, then we will have to update the hardware: those cryptomodules that are already in ATMs cannot be adapted to our GOST,” says a bank employee from the top-10.
“The Central Bank understands that it is expensive and the participants of the payment system cannot replace all their ATMs and terminals at the same time. Therefore, a transitional period is expected within 5–7 years - as old ATMs and POS-terminals will be replaced by new ones that support domestic cryptography that has received support from the FSB, ”concludes Lukatsky.
According to the NSPK estimates, the cost of the World cards by the beginning of the mass issue will be lower than the cost of the cards of other payment systems, the TASS reported on November 18 with reference to the head of the NSPK Vladimir Komlev.
At the same time, Komlev told TASS that when creating the Mir payment system, the NSPK took into account the current market conditions, and many factors affect the cost of the card — the print run, the cost of printing and, of course, the cost of the chip.
“By the beginning of the mass issue of World cards, card platform manufacturers, based on our specifications, will be able to offer their own implementation of the payment application. This is also a factor in reducing the cost of producing cards. A number of card and chip manufacturers are already working on this, ”the head of the NPCS noted.
As of July 1, there were 218,768 ATMs in Russia and 1.2 million terminals for accepting cards, according to the Vedomosti data of the Central Bank.
Vladimir Komlev, CEO of NSPK:
One of the main directions of the NPCS strategy is the promotion of the World card to the international market and ensuring its work not only in Russia, but also abroad. That is why from the very beginning it is necessary to make a product that meets all international standards.
A bank employee from the top 10 compares the situation with different gauge in Russia and abroad: “We are building a parallel railway next to it”. Moreover, it has not yet been proved that the use of Russian cryptography will increase the security of payments, he stresses.
Why leave the world standards, if the cryptographic equipment used in card processing, and so passes through the supervising specialized bodies, the director of bank cards of another bank from the top ten is perplexed. NSPK created a working group on this issue, he recalls, but no one explained the purpose of introducing domestic cryptography.
The standard will extend not only to the infrastructure of the bank itself, but also to chips for cards produced by foreign companies, adds the source of Vedomosti.
The transition to the national standard is contrary to the plans of the NPC to ensure the acceptance of its cards throughout the world. A bank employee from the top 10 remembers how easily JCB and China Union Pay payment systems entered our market - to receive them, it was enough to download payment applications, and if you need to change something in each ATM to accept cards, almost no one will not go.
The National Payment Card System (NSPK) officially began its work in Russia from April 1. The system will process all domestic Russian bank card transactions. In July, Russian President Vladimir Putin set the task in 2015 to switch to domestic bank cards.
According to the director general of NSPK, the Russian banks participating in the pilot project on the issuance of Mir cards are in a high degree of readiness to start issuing the first cards by the end of 2015.
The editors of "Megamind" asked the experts two questions:
1 Why go away from international standards, if the cryptographic equipment used in card processing and so passes through the controlling specialized bodies?
2 What is the purpose of the implementation of domestic cryptography?
Vladislav Kochetkov, expert "FINAM":
It is not entirely clear how far the departure from the so-called international standards will be. It should be borne in mind that, firstly, the standards are also evolving and changing, and secondly, behind the euphonic euphemism, “international standards” usually hide technical solutions developed by a very narrow number of countries that benefit most from standardization, and, by the way, sometimes impose sanctions on other countries.
For example, new hardware cryptographic modules may once fall under the embargo. In our country, there is already a lot that has been practically forgotten to produce, but cryptography is still there, quite modern.
By deciding on the transition to domestic cryptography, a certain market is created for Russian decisions. If you don’t develop and implement any solutions at all, but only certify and install ready-made modules, you can lose those high-tech competencies that remain in the country. Of course, banks are not very happy about their role as a forced investor in this industry - after all, they will have to bear the costs of an ATM upgrade, but as far as it is seen now, the transition process will be smooth and they will have the opportunity to combine it with the planned equipment replacement.
Ilya Sachkov, founder and CEO of Group IB:
I believe that in the field of banking, international standards must be used, especially if we don’t want to do meaningless things, spend extra millions and want to connect other countries to the World.
Source: https://habr.com/ru/post/296924/
All Articles