A new regulation has been implemented for P2P transfers in mobile apps. According to it, only a bank card/account/electronic wallet belonging to the user himself or his close relatives shall be allowed to be linked to an account in the mobile app.
Furthermore, the compatibility of the phone number to the Personal ID Number of Individual shall be checked, a liveness detection shall be added to biometric identification, and a number of automatic protection mechanisms shall apply.
User registered in a mobile app can only link a bank account, bank card, and electronic wallet belonging to him/her or his/her close relatives and make P2P transfers through this account.
In this case, the user’s phone number and Personal ID Number of Individual shall be checked separately for compatibility. If there is no compatibility, registration in a mobile app and linking a bank card shall not be allowed.
Credit and payment institutions are required to add liveness factors during biometric identification.
Also, in order to enhance security, the following restrictions shall be added:
- if a one-time SMS code sent to phone is entered incorrectly 3 times, the user’s actions in a mobile app shall be halted for 15 minutes;
- when logging into account from another device or resetting the password, all bank cards linked to the account shall be be automatically removed from the mobile app;
- the history of financial transactions on bank cards on this device will be deleted.
Relinking bank cards shall be possible only after passing biometric identification.
