Russian payment systems will switch to using domestic cryptographic information security tools by 2031
Existing payment systems in Russia will have to switch to the use of cryptographic information protection tools of domestic production. This was announced by Ivan Kosyakin, chief engineer of the information security Department of the Bank of Russia, during his speech at the scientific and practical conference “Ruscrypto 2020” held in the Moscow region.
Thus, according to him, Russia’s sovereignty in the field of information security for the needs of the banking sector will be increased. So, to achieve this goal, functional technical requirements for payment systems with a terminal core, hardware security modules, payment cards were approved in 2019.
In turn, as noted by Elena Mareeva, Deputy Director for scientific and technical development of Practical Security Systems, in January of this year, requirements for cryptographic information protection tools were approved, according to which automatic security modules used in payment systems must comply with the requirements of Federal Executive authorities and the Bank of Russia, as well as the provisions of international standards.
Moreover, on June 25, 2019, it became known that the technical Committee for standardization “Cryptographic information protection” (TC 26), which is managed by the FSB, has prepared draft recommendations on the use of domestic cryptographic algorithms in key protocols used to protect information on the Internet.
One of the documents contains a set of recommendations on the use of Russian cryptographic algorithms “Magma” and “Grasshopper”, developed by the FSB.
According to Russian legislation, domestic crypto-algorithms must be used in information security media certified by the FSB and mandatory for use by state agencies in their electronic document management, and from 2024, according to the requirements of the Central Bank of the Russian Federation, they will become mandatory for use in payment systems.
Members of TC 26 claimed that the use of Russian algorithms will improve the security of data transfer. According to Smyshlyaev, director of information security at Crypto-PRO (part of TC 26), the Russian crypto sets of the TLS1.2 protocol, approved in 2018, unlike foreign ones, guarantee control of the amount of data encrypted on one key.