Скриншот видео t.me/pressnbrb
The National Bank of Belarus has explained why banking applications will request customers’ consent to collect device location data. The measure is linked to the introduction of mandatory device fingerprint requirements, which come into force on July 1, 2026.
Deputy Chairman of the Board of the National Bank of Belarus Andrei Kartun explained what a digital fingerprint is and how it is intended to identify a device. One of its parameters is geolocation.
“The system sees, among other things — and we already partially see this now — the device’s IMEI and what software is installed on it. (…) In addition, there is another element that for some reason causes discussion — the so-called geolocation. The geolocation of your login to mobile banking. You log into mobile banking, and the system geolocates where you logged in from,” he said.
When a user first logs into a remote service system, the bank creates and stores a reference digital fingerprint of the device. Kartun assured that this benefits consumers by protecting them from fraud.
“For example, if you permanently live in Minsk and log in from your device, the bank’s system recognizes that this is your device and that you are logging in from approximately the same place you usually do. Accordingly, it raises no suspicions. But if you suddenly log in from another device unfamiliar to the system, from another country or another city — and usually this happens almost simultaneously: условно, you logged in from Minsk and a minute later someone logged in from Brest using an unfamiliar device — of course the system will immediately flag this as a red alert, and the bank’s security services will respond. At the very least, they will call you and ask whether it is really you in Brest or not,” he explained.
According to the bank, fraudsters will not be able to carry out unauthorized payment operations simply by stealing a password or spoofing geolocation data: the bank’s anti-fraud system will detect inconsistencies and stop the operation. Access is blocked until the customer confirms that the transaction is indeed being carried out by them. The number of devices used to access the system is not limited, and several reference fingerprints may exist.
According to Kartun, the data is stored in encrypted form, is not transferred to anyone, and is used exclusively for security purposes.
“Banks do not use this for advertising purposes or to track consumer behavior for commercial purposes. It is used only for security. And consumers, oddly enough, have long been using geolocation themselves. When you call a taxi, the taxi app requires geolocation,” he noted.
Since geolocation data is classified as personal data, banks are obliged not only to inform customers about its collection but also to obtain their consent, as required by operating systems.
Banks must complete all necessary organizational measures and ensure users’ consent is obtained before July 1.