Why is this important
The new rules directly change basic security settings in popular payment scenarios: linking cards and invoices, P2P transfers, logging in from a new device, and access recovery. The main effect is reduced opportunities for fraudsters to use “foreign” numbers, accounts, and remote photo identification. For users, this means more checks and restrictions in non-typical situations (code entry errors, device change), and for services — the obligation to apply liveness checks and verify data more rigorously.
What happened
- In Uzbekistan, requirements for online fraud when using mobile applications have been tightened.
- Restrictions have been introduced on linking bank accounts, cards, and e-wallets to the account, as well as on P2P transfers: they are allowed only for the account owner or their close relatives.
- Also, verification of the correspondence of the phone number and PINFL, the requirement of “live presence” during biometric identification, and a number of technical measures are being introduced for errors in code entry and when entering from a new device.
Numbers and facts
- You can link bank accounts, bank cards, and electronic wallets belonging only to the user or their close relatives to the account in the mobile application, and P2P transfers through the account are allowed under the same conditions.
- The correspondence of the phone number and PINFL will be verified, and if it does not match, registration in the application and bank card linking will not be allowed.
- Credit and payment organizations are obliged to determine the factors of liveness (live presence) during biometric identification, that is, identification by photograph is impossible.
- In case of three incorrect attempts to enter a single-use code from the SMS, the user’s actions in the application are temporarily limited by 15 minutes.
- When you log in from another device or reset your password, all bank cards linked to your account will be automatically removed from the app.
- Your bank card transaction history will also be deleted from the device.
- Bank cards can only be re-linked after passing biometric identification.
Context
- Users will find it more difficult to “share an account” or link a card to someone else’s data, while fraudsters will find it more difficult to use the number and identity discrepancy or circumvent biometrics through photos.
- When switching phones or logging in from a new device, the process will become more “hard”: cards will be automatically deleted, and access may be temporarily blocked after SMS code errors.
- For services and banks, a key requirement is liveness verification and control of the “phone — PINFL” link, which should reduce typical account seizure schemes and unauthorized transfers.
