• 2 min read
Russia considers limiting online action confirmations to Max messenger or SMS
Russian regulators are considering limiting the confirmation of critical online actions-like account logins and transaction approvals-to two channels: the domestic Max messenger app or traditional SMS. This move is part

Image: ixbt.com
Russian regulators are considering limiting the confirmation of critical online actions-like account logins and transaction approvals-to two channels: the domestic Max messenger app or traditional SMS. This move is part of a proposed third package of anti-cyberfraud measures, according to Forbes citing industry insiders. The Ministry of Digital Development (Ministry of Digital) has said the plan is still under review with other government bodies and market players.
The so-called “significant actions” cover a range of verifications that currently rely on varied methods: push codes in apps, time-based one-time passwords (TOTP), email links, biometrics, or even multiple options combined. Narrowing approvals down to just Max and SMS would force businesses to overhaul existing authentication workflows-and likely raise costs, especially for SMS delivery.
Industry players are skeptical. The Association of Internet Trade Companies and the Russian Venture Builder (RVB) group-which includes e-commerce giant Wildberries-have voiced concerns. Their argument is straightforward: large platforms already operate robust multi-layered security systems, and enforcing a one-size-fits-all channel doesn’t inherently improve safety. Instead, it risks inflating expenses. SMS-based confirmation chains exposure to telecom rates and scalability issues when volumes grow.

Recommended reading
WhatsApp begins enabling usernames on iPhone
This isn’t the first time such a proposal has surfaced. Sources told Forbes a similar rule was debated during the second wave of anti-fraud regulations but was dropped following industry pushback. Globally, major platforms are moving away from SMS codes due to vulnerabilities like SIM swapping, message interception, and phishing. Tech giants such as Google and Microsoft have been championing authentication apps, hardware security keys, and passwordless solutions like passkeys.
Russia’s cybercrime environment is pushing regulators to tighten defenses. The Bank of Russia estimates unauthorized transactions cost consumers tens of billions of rubles annually, prompting back-to-back anti-fraud initiatives. Against this backdrop, mandating an additional mandatory confirmation channel seems logical. Yet the backlash against relying on Max underscores a clear dilemma: stricter unified standards complicate integration for banks, marketplaces, and services already operating custom authentication schemes.
The fate of this latest proposal hinges on the approval process for the third anti-fraud package. If the industry once again pushes back in unison, there’s a strong chance the new mandate will stall in discussions, repeating the pattern from before.
Computing Editor
Tomas lives in the terminal. He covers chips, laptops, and operating systems with a focus on performance and efficiency. He reads kernel changelogs the way other people read fiction, and he's always on the hunt for the perfect mechanical keyboard switch. If it processes data, Tomas has an opinion on it.
via ixbt.com


