December 12 December 12 in Minsk was held Conference Digital Identity Day 2024, dedicated to relevant issues of digital identification and verification of data. The event discussed legislative changes, innovative tools and approaches, as well as key aspects of improving the client experience, simplifying procedures and compliance with rules for working with personal data in the identification and authentication process.
The conference was attended by 175 specialists from the banking sphere, telecom, leasing, insurance and IT companies. The practical experience and expertise shared representatives from NKFO ERIP, Alpha Bank, Bank VTB (Russia), Belarusbank, Belinvestbank, MTBank, Micro Leasing, TriIncom, Kufar, Revera and other companies.
The organizers of the event attention have devoted to improving client experience in procedures remote authentication, prospects for development of digital signatures and opportunities for verification of data in government information systems and resources. In the discussion with participation of representatives of NCEU, AVEST, Digital Guarantee and Rasvik Services have identified important directions for improving the current processes and have outlined prospects for their
realization. Digital Identity Day 2024 has already for the sixth time demonstrated the importance of the
theme of digital identification for business.
Identity through MSI in conditions of legislative changes
Olga Golobokova, Deputy Head of the Department of Development,
NKFO ERIP, in her speech noted the news
in legislation regulating the functioning of the interbank identification
system (ICS), and also described new methods of authentication in the ICS.
New in Decree 148
A new revision of the Edict of President of the Republic of Belarus “On Digital Banking technologies” (hereinafter Decree 148) came into force on May 21. The main changes expanded the circle of MIS subjects and defined the list of state information resources for verification of client data.
The updated version of Ordinance 148 allows new participants to connect to MSI : Providers of payment services, not being banks, agents for identification, and also the Service Services and Reengineering Agency and Agency for reimbursement of deposits.
“As of today today six agents have connected to the interbank identification system. Most of they have applied to banks, also among they are agents from leasing companies. In addition, in the future we will be joined by the Agency for the Recovery of Deposits, which already has successfully tested its information system and is ready to launch into industrial mode of our service for its clients”, the speaker noted.
Also In Ordinance 148 now defines a list of specific government information resources with which MSI verifies data provided by banks . The includes the Population Registry of the Ministry of Internal Affairs, the State Register of Payers of the Ministry of Taxes andand the Unified State Register of Legal Persons and Individuals of the Ministry of Justice.
New In Instruction 497
The news affected not only Ordinance 148, but also “Instruction on the order of the operating interbank identification system” (hereinafter Instruction 497).
The term multifactor authentication with two or more different types of authentication data has been introduced. Previously MSI has already used biometric documents, dynamic passwords in linkage with biometric personal data of the client, attribute certificates and (or) certificates of an open key to verify the electronic digital signature (EDS). But this list is added to a new way of combining static and dynamic passwords.
Also Updates to Instruction 497 defined the order of joining agents to identify to the interbank system. The main peculiarity is that the legal entity with which the agent is contracted for remote identification must apply for their connection.
Another new innovation allowed banks to receive the customer’s agreement to verify data in a paper form and remotely update information without their authentication in MIS.
New in Instruction 379
From June 2024 of the Regulation of the Directorate of the National Bank on making amendments to “Instruction on the Use of Software Also, in order to use the collected biometric data, banks and financial organizations are now required to verify this data in one of three ways: through MSI, with a photograph from the chip of the biometric document or in interaction with the GIR. The third change touches the definition of authentication data ownership. Now these are: EDS, biometric document, SIM card, bank payment card, token and (or) data, confirmed by receipt or generation with the use of such items, and a digital print of a mobile phone or computer. In the soon-to-be static password, used for multiple logins to the MSI, will need to be confirmed by biometrics, EDS or attribute authentication. Also users will need to change logins. In the past, the login was the phone number or the individual identification number in the passport, But for more reliability these are replaced by MSI ID – a combination of characters that the client set self. Anastasia Titova, deputy head of the Department of Identification Services, NKFO ERIP, introduced the participants of the conference with the new promising MSI service, which allows non-residents to use services of Belarusian banks. Service cross-border remoteidentification of non-residents allows banks to expand the customer base with foreigners living in Belarus, as well as people with biometric documents from other countries. The service reduces stress on employees, helps reduce costs, and distinguishes the bank that has enabled the service, from competitors. In addition, entry into the information system through MSI is reliable and secure, as the certificate document and biometric data of the client are used for authentication. The service also carries a number of benefits for users. Now, to open an account, foreigners don’t need to visit a Belarusian bank and spend money on tickets and lodging. The IIS IIS ID Reader application allows remote registration in five minutes, and authentication in just two. In addition, the client gains round-the-clock access to the status of their accounts and can additional services at any time. Today today three organizations have already tested the service of authentication of non-residents in the MSI, one of they became ASB Belarusbank. About how the integration was and what was received in the result, told Kiril Norik, deputy head of the department of digital transformation, ASB Belarusbank. The expansion of geography of clients has become one of the strategic objectives of ASB Belarusbank. To realize the idea, the bank chose the MSI service. “In the market there are sufficient number of vendors that provide solutions for remote solutions in the MMSI.identification. We Considered and analyzed a number of cases, but in the end turned in the side of MSI. They use only biometric documents for authentication, which increases the level of security. Also the protocols of the interbank system are already familiar to everyone, which simplifies integration and reduces development of software and, as a consequence, it affects the cost, ” said the speaker. How the stage of project implementation the bank faced some complications, which were successfully solved operatively and improved service. So, for example, to open an account in ASB Belarusbank, non-resident must provide a notarized certified translation of a document proving personality. To fulfill this requirement with remote identification, the bank specialists requested the Colleagues of NCFO ERIP to add a function to transliterate the customer’s data. Also some foreign biometric documents do not have a identification number, which prevented the nonresident from entering the system. ASB Belarusbank resolved this problem, using the unique identifier of the user of MSI. The project ASB Belarusbank on remote onboarding non-residents has already passed technical validation and is ready to launch in test mode in the beginning of 2025 year. Evgenia Gorbunova, product owner of service “Management of access BTB Online” (Russia), said about innovative technologies, that give clients operative access to their means and provide high security in an era of prolific cybercrime. Because of thedue to the growth of attacks on banking services clients are increasingly turning to the call-center to block access to WTB Online. But complete blocking involves additional, including temporary, costs from the client’s side to restore access, especially if he is abroad. To optimize the process without damaging security, Bank BTB offered a new function to link all devices. “As practice has proved this is a very effective method, which our clients appreciate. Based on statistics about 45% of users choose to unlink devices, and not to block”, Eugenia Gorbunova emphasized. Also in last year Bank VTB introduced a new way of unblocking cards through the ATM network. Now the customer doesn’t need to go to an office and wait in a line, to reactivate itis enough to find the nearest ATM. At a certain determined moment of time the share of unblocked cards in ATMs reached 38%. But Bank Bank BTB didn’t stop and in 2024 launched an option of unblocking access with a card with NFC technology. This function is especially important for customers in different parts of the world, who are unable to visit the office, find an ATM or call the call-center. Now just apply a card with NFC-chip to smartphone and in one minute to resume access to the Service WTB Online. According to the speaker, this service is preferred by 35% of users. In the next time Bank BTB will satisfy its clients with more services .one new function – read mode . Read Only – option that allows to restrict access to financial operations without blocking the personal cabinet WTB Online. For example, if the bank’s system notices suspicious activity in transactions, this mode will be applied. The account owner will be able to disable Read Only. To do this it is planned to also use NFC technology. In May 2022 year Alpha Bank launched the service of remote opening the first accounts for individual entrepreneurs. This became possible thanks to the realization of remote authentication of the IP. Once the launch 35% of new accounts began opening remotely. About how the process works and what is needed to open an account online, said Olga Fadeeva, head of department of development and development of settlement products mass business, Alfa Bank. Bank realized online opening of accounts for IP, using the authentication service of individual entrepreneurs (IEs) through MSI. The mechanics of the process are as follows: Alpha Bank receives data about the individual person and about the IP from MIS and additionally verifies information about the entrepreneur in the Unified State Register (UGR). Now, to open an account remotely, an individual entrepreneur must send a request to Alpha Bank from a mobile device or computer. The process is fully automated: receive data from open information systems, verification,processing information from the client, entry of data into the accounting systems of the bank. After completion of all operations within two minutes the entrepreneur receives the invoice. If any information is missing, the bank will ask the client to photograph or scan the identification document and add it to the process. In this case because of security policies the customer needs to visit the bank’s office, to confirm identity. The process of opening the first account for legal individuals is more complicated than than for the PI: more information is required, including corporation and authorization documents. But this data about the relationship between the individual and the legal entity is not in open systems. Presenters MTBank Marina Malashenok, head of development of client experience in the corporate block, and Anna Mostyka, head of the department of development of digital channels, shared the own experience of realizing remote authentication of legal individuals for opening of accounts online. Such opportunity of clients of MTBank appeared sovietly not long ago. MTBank analyzed the standard path of the juridical and found out, that in the average continuous process of opening an account takes 3.5 hours. This includes collecting documents, filling out forms, visiting the bank and verifying the data provided. The bank staff asked how the time of the procedure could be reduced, and turned to Decree 148. It states that authentication is required to reduce the time of the procedure.clients can be produced without personal presence if data about these clients is in the interbank identification system. The MSI contains information about 209 000 IP and 180 000 legal individuals. Banks, non-bank credit and financial organizations (NCFOs) and Development Bank are required to transmit data about their clients to the ICI. Thanks to this system covers all IP and legal individuals in Belarus. At the state of December 1 2024 year 77% of records of juridical entities are invalid. This is related to that data receiving into the system, are processed for additional verification in the Unified State Register (UGR), Ministry of Taxes and Collections (MNS) or other databases. If the information does not correlate with these sources, the records will be considered invalid. To ensure reliable verification, MTBank chose identification of the entity through MSI with two-factor authentication with the GOSUOC certificate, which all legal entities have. The client enters from the computer through any browser in an unauthorized zone of internet banking, enter the UNP and the phone number, and then pass authentication through the MSI with the connected EDSP certificate and the GOSSUOC password. To reduce the time to process the application, the Planner provides tips and there is an opportunity to fill the fields with information from MSI and EGR. After successful authentication employees bank additional verify data legal person and with confirmation information in the system automatically enter the contract and open account. So, by completing the online application and passing remote authentication,client can in 45 minutes receive an active account with access to the remote banking system and conduct business online: conduct payments to vendors, issue payroll contracts and personal income cards, increase current funds through online loans and make savings in one click on deposit accounts. The business representatives in their speeches paid much attention to improving the client experience in the processes of remote identification and authentication of legal individuals and continued to address these topics in the frames of the discussion. Participating in the discussion were experts from the Republican Certifying Center NCEU, National Bank Republic of Belarus, Rasvikom Service, AVEST, Digital Guarantee, Alpha Bank and Micro Leasing. The discussants discussed a number of challenges that they faced their companies and customers with remote authentication. Below is a list of key issues that excite businesses. 1. New juridical entities cannot open a settlement account (p/s) online, because their data is not in the IRS, and for entry into the system you need to first become a customer of the bank. Also issue the EDS certificate that is required for remote opening of the payment from the account, which is not yet. Authentication through an individual person is also impossible, as there is no in open information systems .communication between the individual and the legal entity to verify its authority. The solution to this problem could be the integration of data from the FSHS or the MNS, where the data on the employment of employees is in the MIS or the EGR. 2. According to Decree No. 1 Banks to open an account are required to provide structural documents, which may include more than 15 pages. To remote open an account these documents need to be scanned and recognized. This causes difficulties for most clients and requires more work on the side of the bank. An electronic electronic version of the statutory documents in the EGR with regular updates would eliminate the problem of collecting and verifying these data. 3. In order to authenticate in the MSI as a legal entity with the EVCP GOSSUOC, clients have to perform many unusual actions: install and configure AvTunProxy, manually specify the address of the proxy server, add the certificate to the cryptocounter through the personal manager, And in in the case if the legal person is not registered in the ICI, also confirm the data in the personal cabinets of the ICI and NCEU. The EDS GOSSUOC can also be used only in the web version. The complexity of the process often leads to errors or forces users to go to the office instead of remote processing. An alternative to solve this issue could be ID cards or SIM ID technology. But ID cards have slow coverage so far, and SIM ID has not gained wide proliferation – there are only a>few centers for data keys. 4. When organizing the authentication of legal entities through IPS data.about the manager are provided in limited volume, and users enter this information manually. But this data is already available in the system as an individual, and it could be automatically extracted from the MSI if the consent to provide it. This will save time and avoid errors when completing. Also participants discussion expressed the desire to increase validity of data about IP and legal individuals in the interbank identification system from current 77% to 100%. 5. The experience of the discussion showed that the use of biometrics for authentication decreases conversion, so biometric data should be used only in procedures with high risk. According to Olga Fadeeva, head of the Development Department of Development and Development of Settlement Products of Mass Business, Alpha Bank, the introduction of biometric authentication when opening accounts by individuals has reduced conversion by 7%. Additional steps in formalizing applications always discourage a fraction of clients, but the absence of cameras on devices, technical complications with recognition and the fear of users to provide their biometric data to third parties will exacerbate the process. 6. To obtain the Numbers from the SIA for vehicles purchased by leasing, it is necessary to provide a paper agreement. This difficulty is encountered by clients and in other agencies and processes, which makes the practicality of using electronic contracts questionable. Businesses think that it can simplify procedures by using interagency document management systems (SMDS). In the process, the process is simplified. experts from government organizations told what projects are underway to solve the problems listed. The first first priority is popularization of ID cards and introduction of new services, that will be available to biometric card owners. The ID card already contains a embedded EDS certificate, which is issued for 10 years. This significantly simplifies its owner’s access to remote services, ensuringhighsecurityintheauthenticationanddigitalinteractions. Alsointhefutureelectronicdigitalsignaturecanbeusedonmobiledevices. “InthenextyearthecloudEDS is scheduled to be launched.Onlineservicewillallowuserstocreateelectronicdigitalsignaturesthroughamobiledevice.Theclosedkeywillbestoredinasecuredcloud,andaccesstoitwillbeconfirmedthroughamobiledevice,thatwillprovideconvenienceandhighsecurity, saidAlexanderSkobov,directorofAVEST. VeronicaTananayko,head ofdepartmentofdigitaltechnologyofNationalBankRBdiscussedthelegitimizationofthedigitalfingerprintofmobilephoneorcomputerforauthentication.Thisinnovationopens theopportunitytoutilizethetechnicalcharacteristicsofdevicesforsecureauthentication.Thanks tofreedom monitoringthebankingcommunityhas learned torecognizethesefingerprints,andpracticehasprovedthatThisimprovestheclientexperience. NationalBankRBalsoseesthepotentialuseofbiometricsintheauthenticationprocesses.Asmentionedearlier,nowunderInstruction379,financialorganizationsmaycollectthemselvesbiometricdataofcustomersandperformtheirauthenticationwithoutMSI.Thisencouragesmorewidespreadapplicationofbiometrics,butleavesthe issue ofcertificationofsoftwarefacilities.According tolegislation,certificationmustbeconductedbyanaccreditedlaboratory,butinBelarusthere arenonationalstandardsandorganizationsthatcanconfirmcompliance.There is nolessthanthisdirectionhaspotentialforfurtherdevelopment. Theparticipants in thediscussionalsodiscussedtheopportunitiesfortheimplementationofsmart contracts,whichwouldquicklyandunhinderedallowtheexchangeofelectronicdocumentswithdifferentinstitutionsandautomaticallymonitortheexecutionofcontractualrelationships. In addition, representatives ofgovernmentagencieshave indicatedthat it isimportantto strike abalancebetweenriskandconvenienceofthecustomerpath.Simplicityofauthenticationcreatesadditionalthreatstosecurity,solegislatorsareattemptingtoimprovetheseprocessesgraduallyandjustifiably. ConferenceDigitalIdentityDay2024 highlightedthebenefitsandopportunitiesofdigitalidentificationandverificationforcustomersandbusinesses.Theeventaddressedimportantquestions,resolutionwhichwillhelptomakethedigitalidentificationandverificationabusiness.Theremoteauthenticationprocessesandassociatedservicesaremoreaccessibleanduser-friendlytousers.Butimprovingthetoolsandmethodsofdigitalidentificationandauthenticationrequiresacomprehensiveapproachandcoordinatedeffortsbygovernmentagenciesandcommercialcompanies. Fortonotmisstheannouncementofthenextconference, followtheupdatesontheofficialwebsiteoftheevent Organizer: Organizer: Partner: What will change for users of MSI
Onboarding non-residents
Smart system of management of access BTB Online
Full Online in opening the first accounts of IP
How to save time to open an account for a legal individual in 5 fold
How it works
Discussion “Development of distance authentication and KYC: challenges and opportunities”
Popularization of ID cards and introduction of new services
CloudEDS:thesolutionformobiledevices
Digitalprintofdevicesasasecurefactorofauthentication
Development ofbiometricauthentication
Smart Contractfordigitalinteraction
Balancebetweenriskandconvenience