March 21, 2015 at 20:34Volume registration of devices for online banking is canceled
After the publication of an article on registering devices with which bank customers use online banking, I was contacted by the head of the information technology security department of SMP Bank JSC Pavel Golovlev. He reads GeekTimes and was annoyed by the way Izvestia journalists (based on which I wrote the article) distorted the meaning of what was happening.
Golovlev hurries to reassure the public. According to him, the Central Bank does not oblige banks to force registration of all customer devices. On the contrary, the client now has the right to require the bank to restrict access to its online banking to certain devices. And already the bank is obliged on the basis of the client’s application to think about how he will do it.
Golovlev wrote that “the Central Bank requires banks to provide customers with the ability to manage their own risks and set personally acceptable and reasonable restrictions on their own operations. Naturally, at the moment, each bank will offer those device identification options that are technically and economically feasible to implement on an existing platform.
And then the question arises of what will be offered on the market and what the consumer will choose, and whether he will demand it from banks at all. ”
The application for identification by ip-address concerned only corporate clients using stationary equipment (not mobile devices) who wanted to link their access to online banking to their permanent ip-address. It already looks quite logical and even reasonable.
Golovlev noted that there are still questions about the obligation of banks to suspend SMS notifications when a client changes a SIM card, because the bank cannot find out about such a change. And the mobile operators of the Central Bank are not subordinate and are not obliged to notify banks of such operations. In this regard, the Central Bank Note so far looks rather strange. But no critical problems from this direction are expected.
Golovlev hurries to reassure the public. According to him, the Central Bank does not oblige banks to force registration of all customer devices. On the contrary, the client now has the right to require the bank to restrict access to its online banking to certain devices. And already the bank is obliged on the basis of the client’s application to think about how he will do it.
Golovlev wrote that “the Central Bank requires banks to provide customers with the ability to manage their own risks and set personally acceptable and reasonable restrictions on their own operations. Naturally, at the moment, each bank will offer those device identification options that are technically and economically feasible to implement on an existing platform.
And then the question arises of what will be offered on the market and what the consumer will choose, and whether he will demand it from banks at all. ”
The application for identification by ip-address concerned only corporate clients using stationary equipment (not mobile devices) who wanted to link their access to online banking to their permanent ip-address. It already looks quite logical and even reasonable.
Golovlev noted that there are still questions about the obligation of banks to suspend SMS notifications when a client changes a SIM card, because the bank cannot find out about such a change. And the mobile operators of the Central Bank are not subordinate and are not obliged to notify banks of such operations. In this regard, the Central Bank Note so far looks rather strange. But no critical problems from this direction are expected.