Kazakhstan introduces new biometric authentication rules
Kazakhstan's Agency for Regulation and Development of the Financial Market and the National Bank have approved new rules governing biometric authentication by financial institutions, Qazinform News Agency reports.
The new rules outline how banks and other financial institutions will verify customers' identities using biometric authentication. They also specify when the National Biometric Authentication System must be used and biometric data must be submitted through the National Bank's Identification Data Exchange Center (IDEC).
Under the new rules, customers will be authenticated through facial recognition. The system captures their image, matches it against a reference image from a government database or another authorized source, and verifies their identity.
To guard against identity fraud involving photographs, videos or other spoofing techniques, the new rules require mandatory liveness detection. During the authentication process, users must respond to at least three randomly generated prompts while the system analyzes their actions in real time. If the verification fails, the procedure is repeated, with authentication deemed unsuccessful after three failed attempts.
The regulations also set out requirements for protecting biometric data. Financial institutions must ensure that biometric information is collected, stored and processed in line with established procedures and safeguarded against unauthorized access or disclosure. All stages of the data lifecycle, from collection to destruction, must also be documented.
Earlier, Qazinform News Agency reported that Kazakhstan may launch an aerotaxi service between Alatau and Almaty in 2027.