According to a draft regulation by the Agency for Regulation and Development of the Financial Market (ARDFM), commercial banks must conduct biometric authentication if there is any sign of fraud. The document is available on the legalacts.egov.kz website.
All documents related to issuing a banking loan must be kept in the bank within the next five years to ensure no fraud. As the draft regulation says, repeating biometric authentication may help avoid fraud when perpetrators use static pictures or videos to fake necessary data.
If a bank has information about the illegal proliferation of a client’s data, it should implement additional security measures, such as repeating biometric authentication and checking a client’s phone number by making a call.
This is the second initiative by the ARDFM designed to counter skimmers over the past month. On March 20, the agency proposed obliging banks to conduct biometry identification, which, unlike authentication, is the process of initially confirming that a person is who they claim to be. Authorities plan to use data from the Identification Data Exchange Center under the National Bank or data received with the help of banks’ devices.
The regulation published two weeks ago suggested that a client execute a set of actions to ensure the biometric data is safe. Also, the document proposed other measures to protect personal data. For example, a bank must notify its borrowers about the following information: maturity of a banking loan; the maximum sum and currency of a loan; the type of interest rate (fixed or fluctuated) and the order of settlement if an interest rate fluctuates; the size of the interest rate per annum and its actual cost at the date of application by a client; the complete list of commissions, tariffs and other fees related to obtaining and serving a banking loan; liabilities and risks of a client in the case of default on a loan and liabilities of a pledger, guarantee, underwriter or any other person who is part of an agreement.