In order to increase financial security, the procedure for attaching a bank card, account, or electronic wallet to an account in mobile applications has been updated. According to the new regulation, it is now allowed to connect to the account only payment instruments belonging to the user himself or close relatives. Thus, the implementation of P2P transfers will also be within the same limitation.
Whose card will be linked to the account?
The regulation clearly states: a person registered in the mobile application can link to their account only a bank account, bank card, and electronic wallet belonging to them or close relatives. There is no longer room left for the practice of simply connecting another person's card.
Phone number and PINFL match will be strictly verified
One of the most important points of the new procedure - the correspondence between the phone number and PINFL - will be monitored separately. If compatibility is not confirmed, neither registration of the user in the mobile application nor the attachment of a bank card will be carried out. That is, schemes like "number is different, person is different" stop right there.
In biometrics, "reality" is mandatory: it doesn't pass with a picture
Credit and payment organizations have been tasked with determining the "vital factor" in the biometric identification process. Simply put, no one can pass verification by showing a photo to the camera or with a ready-made image. The system must verify the authenticity and "livingness" of the person.
Auto-protection mechanisms: low margin of error
To enhance security, a number of automatic restrictions have also been added:
1. If you enter the SMS code incorrectly 3 times - 15 minutes "pause"
If the one-time code received on the phone is entered incorrectly three times, actions in the mobile application will be temporarily limited for 15 minutes. This is not a problem for an ordinary user, but it is a good brake for "pin-code seekers."
2. When logging in or resetting a password from another device - cards will be automatically displayed
If the account is logged in from a new device or the password is reset, all bank cards linked to the account will be automatically removed from the mobile application. That is, if someone wants to "log in" to the account, first of all, the cards will be unlinked - the risk will quickly decrease.
3. Operations history on this device will also be deleted
Another strict measure: the history of financial transactions related to bank cards on the same device will also be deleted. This reduces the likelihood of data manipulation and trust abuse.
Card reconnection - only after biometrics
It is noted that the re-assignment of bank cards is carried out only after passing biometric identification. So, the scenario "I got the phone - now the cards are mine" no longer works.
In conclusion, the new regulation raises barriers to the most painful points in mobile payments - connecting a third-party card, false identification, and account seizure. The rule for the user is clear: the account is yours, the card is yours or your loved ones's, and confirmation is through "live" biometrics.
Read “Zamin” on Telegram!
