Bank of Russia develops recommendations on information security when working with biometric identification
Methodological recommendations of the Bank of Russia regarding the mitigation of threats when working with the Unified Biometric System are based on the description of current threats specified in Bank of Russia Ordinance No.
In particular, the document sets forth rules that make it possible to mitigate risks when gathering biometric personal data, processing individuals’ requests and personal information, and conducting remote identification.
First of all, the collection, transfer and subscription of biometric data require the use of modern information protection facilities.
Moreover, the Bank of Russia recommends logging the activities of operators using personal data, and informing them about such logging. The regulator also notes that, for improved information security, it is recommended that a personal qualified digital signature certificate be used, however a simple electronic signature can also be used.
The regulator suggests three options for establishing an information security process: a bank's own solution approved by the FSB and the Bank of Russia; a standard solution offered by an information security integrator; and, in the future, a cloud-based solution from a service provider.
The Bank of Russia also provides recommendations for informing it of incidents at all stages of working with biometric identification.