- Category
- Latest news
Russia Plans Law Forcing Banks to Use State Messenger Max for Transaction Verification
- Authors
![Photo of Dariia Mykhailenko]( "Photo of Dariia Mykhailenko")
Russian authorities are preparing legislation that would require banks to confirm customer financial operations through the state-controlled messaging service Max, according to a draft law known as “Antifraud 2.0,” which is currently being prepared for its second reading in the State Duma, Kommersant reported, according to The Moscow Times on March 24.
Under the proposed rules, confirmation through the government messenger would be required for all “significant actions” performed remotely by clients. However, the draft law does not specify the criteria that would determine which actions are considered significant.
We bring you stories from the ground. Your support keeps our team in the field.
Representatives of the National Financial Market Council (NSFR) have opposed the initiative, calling it “legally excessive and unjustifiably costly.” The position was outlined in a letter sent to the Russian government and the Central Bank, reviewed by Kommersant.
Banks warned that forcing confirmations through Max ignores other available verification methods that may provide a higher level of protection. Market participants also noted that mandatory use of the state messenger could create unacceptable information security risks.
“Any serious technical failure or computer incident, such as a DDoS attack on the national messenger, could lead to an indefinite suspension of all legally significant online activity in the country, including banking operations and transactions,” said NSFR head Andrey Emelin.
He also noted that, at present, it is technically impossible for a legal entity to send messages through Max to a private individual without the client first initiating the conversation.
Experts from the IT and financial security sector also questioned the effectiveness of the proposal. According to CorpSoft24 lead engineer Mikhail Sergeev, push notifications within banking applications are more secure than messages sent through the Max service because they do not depend on mobile network availability.
SafeTech CEO Denis Kalemberg added that additional confirmation codes do not necessarily increase customer protection, as such codes can be intercepted at different stages of their transmission.
“Moreover, this scheme contradicts current Central Bank requirements, which provide for the use of cryptographic tools to ensure the security of transactions,” he said.
-50c64d019d3899de5677f8b898913418.jpg)
Meanahile, users of MAX say they have been automatically subscribed to pro-war and propaganda channels without their permission, with some reporting that they cannot remove the subscriptions.
According to Meduza, complaints first appeared on the Russian online forum Pikabu, where users said unfamiliar channels had suddenly appeared in their chat lists without any action on their part.
One user posted a video showing repeated attempts to leave a channel associated with pro-Kremlin propagandist Vladimir Solovyov, but the channel continued to appear despite multiple efforts to unsubscribe.
Other Pikabu users described similar issues, saying that numerous unknown channels were added to their accounts, especially in the desktop version of the application. Several users reported that attempts to leave the channels did not work, claiming the service either subscribed them again automatically or failed to register the request.
In addition, Russian officials are reportedly using separate phones and SIM cards to install Max, highlighting a lack of trust in the platform among government employees, lawmakers, and executives of state-owned companies.
-9bd5e1532102621f8fb1c4ba871a3171.png)
-72b63a4e0c8c475ad81fe3eed3f63729.jpeg "Photo of Cyril Barabaltchouk")
-111f0e5095e02c02446ffed57bfb0ab1.jpeg "Photo of Roman Kohanets")
