Central Bank discusses strengthening their cybersecurity
The Central Bank plans to expand regulatory measures for the cybersecurity of ecosystems, the regulator told Izvestia.
While the Bank of Russia is studying the risks associated with their development. As Alexey Voylukov, vice-president of the Association of Banks of Russia (ADB), told Izvestia, financial ecosystems pose a threat of leaks of personal data of clients.
|ecosystems can threaten personal data leak|
This can happen through non-banking services, so the security requirements for them must be high, he said.
According to experts, the main problem may be the transfer of information from the parent company to the subsidiaries.
Ecosystems that are now actively developing in the financial sector can turn into leaks of personal data of customers.
- The level of security of non-banking services, as well as the channels through which personal information is transmitted, should be comparable to the requirements for banks. Otherwise, there is a risk of fraudsters penetrating through non-banking systems into credit institutions and leaking personal data of clients, - Alexey Voylukov explained.
He clarified that some banks, cooperating with services, for example, by ordering tickets, transfer customer data there, including passport data.
The Central Bank is studying the risks associated with the development of ecosystems, and in 2021 will publish a report on how they affect the financial market and the level of competition in it, the press service of the regulator said.
“Now the Bank of Russia is discussing with market participants the possibility of expanding regulatory measures to ensure information security and operational reliability to financial ecosystems,” the Central Bank said.
The FAS "Izvestia" was informed that the emergence of large associations in the banking market will form stable groups of consumers, which will cause difficulties for other players. It would be useful for regulators to develop principles for such interaction.
At the moment, the FAS has not found signs of violation of antimonopoly legislation by ecosystems, but such risks are possible in the future.
An ecosystem is a set of proprietary or partner services united around one company. For example, these are now being built by Sberbank and Yandex.
Regulatory measures in the field of cybersecurity of ecosystems should concern payments, as well as the transfer and storage of customer data, said Vyacheslav Kasimov, director of the information security department of ICB.
|Hackers in work|
In the first case, there is a risk that within the ecosystem, one entity will instruct another to write off a certain amount of money from the client's account, and such an action will be performed without his consent.
In the second, the problem lies in a possible data leak from one of the services, which will create difficulties for all participants in the ecosystem.
Bank "Dom.RF" and PSB support the development of the Central Bank of regulations that will regulate the ecosystem market, and actively participate in discussions, the companies said.
Banks see great potential in the development of ecosystems. For example, in 2020 RSHB created several new services for individuals and legal entities: a platform for the older generation with Life Style elements, a system of retail products, bank and partner services, as well as an ecosystem for farmers, the press service of the credit institution said.
PSB is building an ecosystem focused on financial products for small and medium-sized businesses. They include, for example, insurance, accounting, cash and settlement operations, company registration, electronic signature, online document flow - everything that a credit institution can offer a business to simplify work.
In the future, PSB also plans to develop services for military personnel.
Ecosystems are becoming more and more popular with people and businesses. The press service of VTB reported that in 2020 the demand for non-banking services for business increased by 70% among their clients.
They help automate business processes and reduce costs.
The most popular category, which was used by almost half of the platform's users, was “business security” with services for verification of counterparties and site audits, as well as legal services.
The pandemic had a significant impact on the growth in demand for such services, said Pavel Kolchin, Director of Analysis and Sales Support for the Mass Corporate Business of Bank Saint Petersburg. The most popular non-banking products last year were electronic document management and online accounting.
online transfer of payment from one client to another
The press service of Ak Bars Bank said that the highest growth during this time was shown by the service of legal remote assistance, the number of its users increased three times.
"Bank data is sold every day"
Anti-leakage expert Ashot Hovhannisyan - about where the trade is and how much does the personal information of Russians cost on the black market
Last year, Tinkoff launched the first banking outsourcing call center for business, the press service of the company said. With the help of it, customers can, for example, organize their own help desk for their services, a hotline, a technical support line, or use the help of a "virtual secretary".
The dangers of growing
The experts spoke about the risks of ecosystems associated with information security.
In their opinion, one of the important problems is the transfer of information from the parent company to the subsidiaries.
Large companies approach the transfer of access to databases very carefully. In such cases, not a copy of the information is used, but processed, anonymous and generalized statistics, said Sergey Golovanov, a leading expert at Kaspersky Lab.
However, the risk of leakage cannot be completely ruled out. There have been cases when cybercriminals gained access to a copy of data on the servers of subsidiaries.
However, if all processes are built in accordance with the requirements of regulators and cybersecurity rules, such risks are significantly reduced, the expert said.
Deputy CEO of Zecurion Alexander Kovalev believes that one of the main problems of ecosystems is the circulation of data. Their security may depend on the weakest point of the systems between which information is transferred.
When transporting data, they can be intercepted, so closed ecosystems are more secure than those where a large number of services automatically interact with each other. The more systems, the higher the risks of attack and information leakage.
Additional services can store, for example, customer addresses, tax data, the availability of real estate, cars, etc.
The main idea of the Central Bank's regulation, according to the expert, is to prevent the transfer of redundant data, standardize their exchange, ensure security when building ecosystems and create such an architecture so that if one service is compromised, an attacker will receive only a limited amount of data.