At the initiative of the Central Bank and the Ministry of Communications, Rostelecom developed an EBS, to which, starting in the summer of 2018, banks began to transfer biometric data collected from customers. The system was required to provide remote services and reduce the level of fraudulent transactions.
Reason for creating the EBS
EBS is configured to recognize a person’s face at the time of speaking, that is, not only the voice is identified, recognition of which occurs according to 70 parameters, but also facial expressions when playing sound. And if you can apply makeup on your face and record your voice, then faking several components at once is quite problematic. The exceptions are twins and doubles, and to some extent, actors and parodists.
The purpose of introducing the system is to increase the availability of banking services for few mobile and citizens from remote corners of Russia. To receive the service, visits to a financial institution will not be required; they can be provided remotely via the Internet.
The procedure for collecting and storing data
EBS was developed with the improvement of security algorithms for remote banking services and increasing the level of comfort in the interaction of customers with the system. Therefore, biometric data is used at the time of the remote session along with a username, password, and possibly a token.
It is believed that biometrics acts at the time of remote identification by that “key” that is impossible to lose and almost impossible to fake. Other methods of identification are considered obsolete and unreliable, as they can be lost or they can be hacked, picked up or stolen.
It is believed that at the time of obtaining a loan, a banking specialist can be deceived, and the recognition accuracy through a biometric algorithm is 99.99% probability of success. In addition, verification is accompanied by the introduction of a username and password, so it is believed that an attacker is easier to come to the bank than to bypass remote security filters.
To enhance security during the storage of clients' personal data, a separate storage of an anonymized biometric template and personal data (passport data, full name, SNILS and so on) located in the database on the State Service portal was implemented.
EBS application algorithm
In order to use financial services remotely, you will need to go through 2 stages:
- I stage. Customer registration in the system. When you open an account with a bank, you must be registered on the State Services portal. Then you will need to upload biometric data to the EBS. To do this, the bank employee will take a picture of the face and record a voice.
The government legally obliged banks to collect customer biometric data, so the list of banks participating in the project is constantly updated. You can view the addresses of departments of financial institutions where you can "pass" biometrics on the bio.rt.ru website. The coordinates of the additional offices of the following banks are presented there: Sberbank, Alfa Bank, Post Bank, Home Credit Bank, Tinkoff Bank, Sovcombank, Otkritie, and others.
- II stage. Remote user authentication. After downloading the data to the EBS, to obtain the services of any bank participating in the project, it is required to enter the login and password from the State Service portal, and then pronounce the passphrase generated by the system in the smartphone or computer camera.
Difficulties with updating the EBS data
The collection of customer biometrics is accompanied by a number of difficulties, for example, the transmission and collection of data.Apart from the fact that instead of 10 minutes, taking photographs and recording voice takes 40-60 minutes, the data is still not sent to the EBS due to system freezing. In addition, not all data complies with the established standard, that is, the pictures are not always clear, and the voices are somewhat distorted. The government obliged banks to collect biometrics, and did not bother to popularize the process through the media. Hence, a very small amount of data received from January 2018 in the EBS.
Some DOs have encountered problems setting up data collection equipment. Most of the biometric templates obtained by financial institutions are casts of faces and votes of bank employees, as well as lovers of high technology.
The list of banks and their achievements in the collection of biometric data
Deputy Chairman of the Central Bank Skorobogatova Olga said that banking systems interact very slowly with the ESIA (State Service Portal) and the EBS, hence the flaws in the procedure for collecting and transmitting data on the client side.
Since the summer of 2018, Home Credit Bank transferred about 600 biometric data templates to the EBS. Otkritie Bank in 2 months managed to collect only a few dozen biometric templates of its customers.
Representatives of the ICD, Promsvyazbank and Otkrytie Bank complain that average-static clients do not understand why this procedure is needed. Biometrics is changing the principles of relationships between users of financial services and banking organizations. Therefore, a certain amount of time must pass before the procedure becomes perceived as ordinary, ordinary.
Along with collecting biometric data, a number of financial organizations are implementing projects based on biometrics. For example, in AK Bars, the system validates the client via video when they visit additional offices or make purchases. The Post Bank uses the search for an electronic card (questionnaire) of individuals and legal entities according to biometric records of customers' votes during their application to the call center. Tinkoff Bank uses biometric data when opening accounts and debit cards.
EBS benefits for customers and banks
The primary goal of the EBS was to equalize banks with a developed network of subsidiaries and without in the possibilities of providing services. After passing the biometrics, the client will no longer need to visit the office of the bank of interest, he will be able to arrange financial services remotely. So far, credit organizations provide customers with the opportunity to receive only deposits and debit cards through remote identification in the system.
The use of EBS is considered safe, as the Central Bank is constantly developing information security systems and monitors compliance with standards.
The use of biometric technologies in other parts of the world
The use of biometrics has long ceased to be the prerogative of economically developed countries. Today in Nigeria there is a national identification system through the collection of biometric data, and in India and Kyrgyzstan the population is registered by means of its removal, and without fail.
Now in Russia, biometric data is being received by departments of the Ministry of Internal Affairs, which are involved in the certification of citizens. Roskomnadzor is working to strengthen the protection of biometric signatures, and the Central Bank is working to create a single bank of biometric data. Perhaps in the future, all identification methods will be under the control of one structure.