As of July 1, 2020, traditional identity-verification questions such as a mother’s maiden name will be phased out for banking transactions. Identity confirmation will no longer rely on personal data recited over the phone or entered manually; instead, electronic ID cards and PIN codes will be used for authentication. Customers will also be able to complete transactions at ATMs using these electronic ID cards. The first phase of the regulation that restructures the management of banks’ information systems, sets the principles for electronic banking services, and removes older identity verification methods came into effect on Wednesday, July 1, 2020.
Under the new system, customer service agents in call centers will no longer authenticate customers based on identity details such as a mother’s maiden name. SMS messages and emails sent to customers will be delivered only to verified and confirmed addresses. Banks will not send messages to phone numbers or email addresses they have not verified. Account statements will continue to be sent to customers. With this regulation, many online procedures will be enabled. Verification through the national identity-sharing system will move transactions that previously required face-to-face verification into an electronic environment. From July 1, 2020 onward, information printed on identity cards will not be used as security questions for authentication; sensitive confirmations will be handled automatically by the system. Electronic ID cards and PINs will be valid methods of authentication for banking operations. Consumers will have the option to set transaction limits for mobile and online banking.
New IDs Allow Transactions Without In-Person Meetings
The updated IDs make it possible to perform more transactions without meeting bank staff in person. To combat fraud, single-use password measures and other security precautions are being strengthened. Banks will not share information with phone numbers or email addresses that have not been verified and confirmed. During this new period, banks will continue to send statements, receipts, and account summaries to customers. Another phase of the banking regulation will take effect on January 1, 2021. Under the triple-security approach, dual-factor authentication will be required: two out of three types of verification will be used from biometric data, possessed items (such as electronic IDs), and known information. With the new electronic IDs and PINs, customers will be able to perform a wider range of banking transactions remotely.
During the COVID-19 pandemic, banks encouraged customers to use digital channels and raised transaction limits to facilitate remote banking. This led to a significant increase in online transactions and will contribute to broader account ownership. Amendments to the banking law permit contracts to be concluded in writing via remote communication tools and enable other methods that allow reliable customer identity verification. These changes will be integrated into the provisions of the Bank Cards and Credit Cards Law governing contract conditions. From now on, banks can establish contractual relationships with customers using technology-driven methods without requiring in-person meetings, physical documents, or handwritten signatures.
New Regulations Imposed on Banks
- Call centers can no longer ask for a mother’s maiden name,
- Customer representatives will not perform identity confirmations using personal questions,
- SMS messages and emails will be sent only to verified numbers and addresses,
- Account statements will continue to be sent to customers,
- Advertising will not be placed with search engines that have not signed contracts,
- Boards of directors will be directly responsible for information and tax security.