Kazakhstan is set to roll out new biometric authentication rules that will allow banks to identify clients using facial recognition or palm scans, with just three attempts permitted for verification.

The new regulations were developed jointly by the Agency for Regulation and Development of the Financial Market and the National Bank. A draft resolution outlining the changes has already been published, The Caspian Post reports via Kazakh media.

Under the updated system, facial recognition will remain in place as the primary method. Banks will compare a customer’s live image with a reference sample stored in the National Bank’s identification data exchange system, which pulls data from the national biometric authentication database. Institutions must also ensure the person is physically present and not using a spoofed image.

A new feature now being introduced is palm print authentication - a method not previously available. In this case, biometric data will be collected via specialized scanners with the client’s consent and verified against licensed biometric databases. Notably, palm authentication cannot be conducted using a customer’s smartphone.

Clients will be given up to three attempts to pass biometric verification. If unsuccessful, they will be required to switch to facial recognition.

The rules also provide alternative verification options for people with disabilities, including video-based identification or specialized verification technologies.

Biometric authentication will be mandatory in several cases, including opening a bank account remotely, issuing a digital signature, registering on banking apps or websites, updating client data, and granting loans above a set threshold.

The move follows earlier steps to tighten digital security in the financial sector. Since March 19, banks in Kazakhstan have been prohibited from issuing online loans without biometric verification of borrowers.