How Sberbank Collects Consent to Biometrics Processing
TL; DR: Sberbank collects consent to the collection and processing of biometric data without normally informing its customers about it.
If we talk about biometric data, then the most interesting sector for their use in private business is banking. The point is simple - biometrics can add an extra layer of security to the relationship between the bank and the client, thereby cutting off a number of completely stupid scammers.
However, the legislative regulation of the industry is still slightly slipping - due to the size of Sberbank, the situation is similar to the transfer market between cards: that is, there is Sberbank, which holds 80% of the market, and there is a system from the Central Bank of the Russian Federation that Sberbank is not in a hurry to join without proper motivation.
With biometrics, the situation is as follows: there is a Unified Biometric System (EBU), it is controlled by Rostelecom. Sberbank vs. EBU, because it has its own system, in which data collection is simpler and already “millions” of customers.
')
Yes, the question suddenly arises - and what, indeed, did millions of Sberbank customers in Russia give informed consent to submit their biometric data?
And what, really millions know that they gave it?
Since I recently “gave it up” (of course, unconsciously), let me tell you how it looked.
It all started with the fact that the application "Sberbank.Online" began to offer the very biometrics to provide. I pressed the "Not Now" button, but I did not refuse at all. I wanted to know more about what will be collected and how.
Then I came to the bank branch, straight to the cashier, to withdraw money from the card. And then the miraculous happened.
The cashier asked to insert a card to confirm the withdrawal operation. I looked at the terminal screen, and there was written in small print about biometrics.
This was my motivated and informed consent: the cashier says "insert card".
That is, once again: in the wonderful system of Sberbank (“blockchain”, “bigdata”, “machines lerning”) the tick “Let them sign consent” was simply lit. Information about this appeared at the cashier, and the one without explaining anything, just says: leave the card, enter the PIN-code and agree.
To withdraw money, the terminal window looks, of course, different.
Could I completely read what I agree on from the terminal screen? Of course not. This is a small screen, and the agreement, I think, is quite long. Is it even possible to collect consent? Of course not. This can not be motivated and informed consent.
“Blockchain”, “bigdata”, “machines lerning” did not help the assistant in the bank chat to find out if I gave consent to the processing of biometrics. I was sent to call the hotline.
The hotline confirmed that I did agree, but how exactly and when - they do not have such information. Still would.
→ An article from The Bell on the situation with biometrics and Sberbank
→ Interview of German Gref (there is very little about biometrics)
Introduction
If we talk about biometric data, then the most interesting sector for their use in private business is banking. The point is simple - biometrics can add an extra layer of security to the relationship between the bank and the client, thereby cutting off a number of completely stupid scammers.
However, the legislative regulation of the industry is still slightly slipping - due to the size of Sberbank, the situation is similar to the transfer market between cards: that is, there is Sberbank, which holds 80% of the market, and there is a system from the Central Bank of the Russian Federation that Sberbank is not in a hurry to join without proper motivation.
With biometrics, the situation is as follows: there is a Unified Biometric System (EBU), it is controlled by Rostelecom. Sberbank vs. EBU, because it has its own system, in which data collection is simpler and already “millions” of customers.
')
But just a minute ...
Yes, the question suddenly arises - and what, indeed, did millions of Sberbank customers in Russia give informed consent to submit their biometric data?
And what, really millions know that they gave it?
Since I recently “gave it up” (of course, unconsciously), let me tell you how it looked.
Procedure
It all started with the fact that the application "Sberbank.Online" began to offer the very biometrics to provide. I pressed the "Not Now" button, but I did not refuse at all. I wanted to know more about what will be collected and how.
Then I came to the bank branch, straight to the cashier, to withdraw money from the card. And then the miraculous happened.
The cashier asked to insert a card to confirm the withdrawal operation. I looked at the terminal screen, and there was written in small print about biometrics.
This was my motivated and informed consent: the cashier says "insert card".
That is, once again: in the wonderful system of Sberbank (“blockchain”, “bigdata”, “machines lerning”) the tick “Let them sign consent” was simply lit. Information about this appeared at the cashier, and the one without explaining anything, just says: leave the card, enter the PIN-code and agree.
To withdraw money, the terminal window looks, of course, different.
Could I completely read what I agree on from the terminal screen? Of course not. This is a small screen, and the agreement, I think, is quite long. Is it even possible to collect consent? Of course not. This can not be motivated and informed consent.
Appeal to Sberbank
“Blockchain”, “bigdata”, “machines lerning” did not help the assistant in the bank chat to find out if I gave consent to the processing of biometrics. I was sent to call the hotline.
The hotline confirmed that I did agree, but how exactly and when - they do not have such information. Still would.
findings
- Sberbank collects consent for the processing of biometric data using the terminal and your card with the PIN code.
- Do not expect that you can read this entire agreement in this case. Maximum 2-3 lines of text.
- Of course, the teller herself does not explain (and not the fact that she knows) what you are signing.
- That is why Sberbank has the biometrics of millions of customers.
Read more
→ An article from The Bell on the situation with biometrics and Sberbank
→ Interview of German Gref (there is very little about biometrics)
Source: https://habr.com/ru/post/457686/
All Articles