How does biometrics work in Russia and should you be wary of it?

In the last couple of years in Russia, the topic of biometric identification of citizens has been in the focus of public and

political attention. This is mainly due to the development of the Unified Biometric System, for the regulatory support of which the Federal Law of December 31, 2017 No. 482-FZ "On Amendments to Certain Legislative Acts of the Russian Federation" was adopted.

В частности, Центробанк уже довольно давно endeavors to encourage banks to use such identification systems. Banks are trying: for example, Sberbank has deployed a pilot zone in Moscow with ATMs capable of recognizing a client by face. The benefits seem obvious: for example, to open a deposit, you do not need to worry about having a passport, you just have to come to the branch and present yourself, and when communicating with an ATM you do not need a plastic card.

What is biometrics?

Well-known examples of biometric data arecharacteristic patterns of the iris or papillary lines on the pads of the fingers. However, it should be noted that biometrics include not only physical, but also behavioral indicators, like gait or individual characteristics of typing on the keyboard.

However, whatever type this data may be,they are in any case inseparable from a person and therefore can guarantee a very high reliability of the identity document - provided that the readers are difficult to deceive. In general, biometric equipment is now developing in this direction, increasing resistance to photographs of faces and fingers printed on 3D printers.

Main requirements for biometriccharacteristics can be called "three U": versatility, uniqueness, stability. In other words, in order to become a criterion for personality recognition, each person must have a parameter, be different in each case, and remain relatively unchanged over time. There are several related requirements: for example, the characteristic must be easy to measure, including the public acceptance of the procedure.

There are GOSTs for the following methods:

  • fingerprint image,
  • face image,
  • image of the iris of the eye,
  • image of the vascular bed,
  • hand contour geometry,
  • dynamics of signature,
  • DNA data.

In addition to these methods, a number of others are known or discussed, including quite exotic ones:

  • sounding a voice
  • retinal image,
  • heat map of the face,
  • individual character of typing on the keyboard.

What are the problems with biometrics?

At the same time, the method has its drawbacks. Thus, a notable theoretical problem is the requirement of uniqueness, which, according to some measurements, cannot be fully met. In this regard, two concepts are introduced: the false acceptance rate (FAR) and the false rejection rate (FRR).

The first parameter reflects the probability that according to the data of user A, user B will be identified / authenticated - for example, as a result of the coincidence of their indicators.

The second parameter is, on the contrary, the probabilitythe fact that the system does not recognize the user, considering him an unauthorized person. According to some reports, if the average FAR for fingerprints is 0.01%, then for the face and voice (the very parameters that will be used by domestic banks) it can reach 1-2%. That is why there is an opinion that biometrics is not suitable for mass adoption: if one authentication attempt out of a hundred ends in unauthorized access, then nationwide this will result in millions of incidents.

The practice of using biometrics in Russia:

Historically, the first form of work withbiometric data can be safely called the collection of information about offenders as part of the work of law enforcement agencies. Fingerprints, for example, are classic evidence in crime investigations. Working with suspects and convicts, law enforcement agencies record a person's height, characteristic signs of his appearance.

Moreover, if in conventional biometric systemsthe data are depersonalized, then here, on the contrary, an exact connection of the measured parameters with a specific person is established. In the previous section, considering the legislation on personal data, we noted that in connection with the administration of justice or operational-search measures, the consent of the subject for the collection of biometric PD is not required; these provisions emphasize the special nature of such information.

Mentions about biometrics in our reviewlegislation began with foreign passports. Indeed, the main document of a Russian citizen abroad to this day remains one of the main areas of application of biometric technologies. A microcircuit in such a product can be capable of storing not only general information about the owner (for example, name, photograph, etc.), but also a drawing of the iris of the eye or a fingerprint.

Strictly speaking, a passport with biometrics is notis mandatory, but people are trying to stimulate people to obtain just such a document - in particular, doubling its validity period. There are sometimes concerns about the reliability of biometric passports and their resistance to counterfeiting, as well as the ability to read data remotely; however, in general, it can be said that identity card using biometrics is more credible - to the point that some countries are ready to allow entry only for this type of document.

What can you do with biometrics in Russia?

  • remote registration in banks
  • open your account, make a deposit or apply for a loan
  • pay for purchases in some stores, coffee shops and gas stations
  • withdraw money from an ATM.

Why do Russian banks collect biometrics?

Work on storage and use systemdata began back in 2017. On July 1, 2018, the Unified Biometric System was launched - the base in which the biometric data of citizens is stored. At the same time, several large banks began accepting biometrics - Sberbank, Alfa-Bank, VTB, Post Bank, Raiffeisen and others.

The system developer and operator isRostelecom - it processes data and ensures its safe storage. Now you can submit voice recordings and facial images to the biometric system. This data can be used to identify a person both in the department and remotely - for example, by phone or through a mobile application. Perhaps, in the future, other parameters will be stored in the system - fingerprints or images of the iris of the eye.

Biometric system should make work easierbanks and the process of issuing financial products for their clients. Now, to determine the identity of a client, it is not necessary to require a passport - it is enough to match the voice and face with the records in the database. A bank customer can order any of his products - for example, a deposit or a loan - at any time and anywhere by phone or in the Internet bank. Banking services will become more accessible to people from remote regions where the choice of banks is limited or absent.

How to pass biometrics?

Find out where in your city you can cast your voteand person, you can use the card on the Central Bank website. Here you can find a list of bank branches with addresses and opening hours. The list is constantly expanding, new branches and banks appear in it.

To submit your data, you only need a passport,SNILS and an account on State Services. After you sign the consent for processing, the bank employee started collecting biometrics. The process consists of recording a voice and a facial image. At the first stage, you need to read aloud the numbers three times, for example, - from 0 to 9, then from 9 to 0, and in random order. At the second stage, the employee photographs the face like a passport.

Note that biometrics collection may vary from location to location.

Is it safe to take biometrics?

Immediately after the first news about the beginning of the collectionWith biometrics banks, people appeared who began to doubt the reliability of their data storage. On the one hand, they feared that fraudsters - including dummy people in banks - could use holes in the system to apply for loans to outsiders. Others fear that the system will not be able to correctly recognize a person due to changes in voice (for example, with a cold) or in appearance (for example, after plastic surgery or injury).

The EBS developers take these issues into account andtry to keep them to a minimum. Biometric data are recorded in the EBS without reference to personal ones - full name, age, passport number and series, SNILS number and others. For their safe storage, modern encryption tools certified by the FSB and FSTEC are used. Information transfer occurs via secure communication channels. Voice and facial image are checked simultaneously for many different parameters. According to Rostelecom experts, the probability of an error is 1 in 10,000,000.

Of course, already now you can quite accuratelysimulate the appearance of any person and even fake his voice. To recognize and dismiss imitations, the EBS introduces additional methods of identity verification. She pays attention to facial expressions, camera position, intonation and other parameters that can indicate that the client himself is accessing the system, and not imitation. Sometimes you will need to answer security questions or take additional actions, such as touching your earlobe. This will additionally confirm the fact that a real person interacts with the system.

Read also:

There may be universes in black holes. We tell you about the new discovery

On day 3 of illness, most COVID-19 patients lose their sense of smell and often suffer from a runny nose

Research: 15 million tons of microplastics found on the ocean floor