Russian regulators are considering limiting the confirmation of critical online actions-like account logins and transaction approvals-to two channels: the domestic Max messenger app or traditional SMS. This move is part of a proposed third package of anti-cyberfraud measures, according to Forbes citing industry insiders. The Ministry of Digital Development (Ministry of Digital) has said the plan is still under review with other government bodies and market players.

The so-called ”significant actions” cover a range of verifications that currently rely on varied methods: push codes in apps, time-based one-time passwords (TOTP), email links, biometrics, or even multiple options combined. Narrowing approvals down to just Max and SMS would force businesses to overhaul existing authentication workflows-and likely raise costs, especially for SMS delivery.

Industry players are skeptical. The Association of Internet Trade Companies and the Russian Venture Builder (RVB) group-which includes e-commerce giant Wildberries-have voiced concerns. Their argument is straightforward: large platforms already operate robust multi-layered security systems, and enforcing a one-size-fits-all channel doesn’t inherently improve safety. Instead, it risks inflating expenses. SMS-based confirmation chains exposure to telecom rates and scalability issues when volumes grow.

This isn’t the first time such a proposal has surfaced. Sources told Forbes a similar rule was debated during the second wave of anti-fraud regulations but was dropped following industry pushback. Globally, major platforms are moving away from SMS codes due to vulnerabilities like SIM swapping, message interception, and phishing. Tech giants such as Google and Microsoft have been championing authentication apps, hardware security keys, and passwordless solutions like passkeys.

Russia’s cybercrime environment is pushing regulators to tighten defenses. The Bank of Russia estimates unauthorized transactions cost consumers tens of billions of rubles annually, prompting back-to-back anti-fraud initiatives. Against this backdrop, mandating an additional mandatory confirmation channel seems logical. Yet the backlash against relying on Max underscores a clear dilemma: stricter unified standards complicate integration for banks, marketplaces, and services already operating custom authentication schemes.

The fate of this latest proposal hinges on the approval process for the third anti-fraud package. If the industry once again pushes back in unison, there’s a strong chance the new mandate will stall in discussions, repeating the pattern from before.

Source: Ixbt

Leave a comment

Your email address will not be published. Required fields are marked *