The National Bank and the Agency for Regulation and Development of the Financial Market (ARDFM) have approved rules for biometric authentication for financial and payment organizations. The document regulates login procedures for banking applications, including the use of palm prints, El.kz reports.

How the biometric system will work

Under the new rules, when logging into banking apps, user data will be matched against reference biometric samples already stored in the state system. This is required to verify identity and protect against fraud.

All information will be stored in the Identification Data Exchange Center of the National Bank. Banks will collect customers’ biometric data via video communication and transfer it to a unified system for verification.

Identification will be considered successful if the biometric match is at least 95%.

Where biometrics will be used

Biometric authentication will be applied not only for logging into banking apps, but also in a number of financial operations: opening bank accounts, initial customer registration in digital services, issuing electronic digital signatures, as well as conducting certain transactions in banks and microfinance organizations.

In addition, microfinance organizations will be able to use biometrics when issuing microloans if the loan amount exceeds the установленный limit.

Palm-based login: how it will work

The rules also specify an authentication option using palm prints. This means the system will be able to recognize the unique pattern of veins and lines on a person’s palm to verify identity.

At the same time, using the client’s own phone for such verification is prohibited - biometrics must be processed through specialized devices or secure systems.

Users will be given three attempts to log in. If the system fails to recognize the user after three attempts, access to the application will be temporarily blocked.

All authentication attempts will be recorded electronically and stored in the system for security monitoring and possible audits.

Data storage period

Biometric data and user consent for its processing will be stored in the system for at least five years. The same retention period applies to banks and financial organizations after they stop servicing a client.

Development of biometric payments

Alongside government regulation, palm-based biometric payment technologies are also developing in Kazakhstan. These solutions allow people to pay for purchases or confirm transactions without a card, phone, or cash - simply by verifying their identity through a palm scan.

This technology reads unique biometric parameters of the hand and links them to a bank account. During payment, the system instantly compares the data and confirms the transaction.

Such solutions are seen as the next stage in the development of digital payments, where the key tool is not a device, but the user’s identity itself.