The Central Bank wants to expand the list of data that telecom operators must transfer to banks

The Central Bank wants to expand the list of data that telecom operators must transfer to banks in accordance with the bill, which involves the creation of a unified state system for this. Now we are talking only about technical information about SIM cards and mobile devices, the regulator also suggests uploading personal data to the system. This will improve the identification of bank customers, but increase the risk of data leakage and may provoke the imposition of additional services by financial institutions, experts say.

The Central Bank is discussing with banks, telecom operators and law enforcement agencies the expansion of amendments to the Federal Law “On countering the legalization (laundering) of proceeds from crime”, which involves the launch of a state data exchange system between banks and telecom operators, three interlocutors in the IT market told Kommersant and telecommunications.

The Central Bank proposes to oblige telecom operators to transfer personal data of subscribers to the EIS PSA system. In the current version of the project, we are only talking about data on replacing a SIM card, a mobile device and other technical information, a source in the communications market specified.

The discussion of the issue, according to him, took place in early June, but the FSB and the operators opposed the idea, arguing that there were risks of maintaining data confidentiality: “Due to disagreements, the consideration of the project by the State Duma may be postponed until the fall.” Roskomnadzor redirected the request to the Central Bank, there and the FSB did not answer Kommersant.

VimpelCom reported that they are participating in the discussion of the project and consider its main problems the ban on interaction between banks and telecom operators, as well as the obligation of companies to upload data to the system even if no customer needs them: “The first problem reduces the effectiveness of anti-fraud in the banking sector, and the second creates the risk of unauthorized access to critical information.”

Tele2 believes that the transfer of personal data of subscribers and information about events occurring with the number to a “wide list of third parties” calls into question its safety: “Processing all data in one system increases interest in it from hackers.”

At the last stages, the draft amendments are being finalized without the involvement of all interested participants, including operators, MTS stressed. They added that a single system, even if it is created, can only serve as a gateway to confirm the data by the telecom operator, while the personal data themselves should not be transmitted.

The authors of the bill want to create at the expense of telecom operators and credit organizations a system that duplicates the already existing systems of operators, according to MegaFon. At the same time, they say in the company, the system is not designed as a gateway, but involves the storage and processing of the information received (see Kommersant on May 30): “This involves expensive infrastructure and billing, duplicating operator systems, as well as a single point of failure for all financial institutions and high risks of leakage of subscriber data from a single system.

The opinion of the industry is not taken into account in the version of the bill available to the operators, MegaFon emphasizes. The largest banks declined to comment.

Financial institutions intend to identify the user as fully as possible according to the data of mobile operators, says Dmitry Galushko, CEO of Ordercom, who is familiar with the initiative: “It is not profitable for operators to share confidential information, and it is not safe through a new, untested system.” Also, the expert notes, fears are caused by the fact that “such an array of data will allow banks to impose their services on subscribers to an even greater extent than now.”

Tatyana Isakova, Yulia Tishina, Olga Sherunkova