Uzbekistan is implementing new security regulations for banking applications. According to rules approved by the country's financial market regulator, processes for money transfers and account access are undergoing fundamental changes. The new system creates multi-layered barriers to protect users from fraud.

Account opening and card linking processes are now subject to strict control. Banks are now required to automatically verify whether a user's phone number matches their Personal Identification Number (PINFL). If the number is registered to another person, account registration will be impossible. The card linking process is separated from account creation: the system requires separate authorization using login credentials, password, and a complex six-digit code valid for only 59 seconds.

Only personal cards or cards of close relatives can now be linked to an application. The entire process must be accompanied by biometric "liveness detection" identification, which verifies in real time that the account owner is present before the camera, not just a photograph or video recording.

When changing smartphones or resetting passwords, the system automatically monitors device model, operating system version, and IP address. If an attempt to log in from an unfamiliar device or password recovery is detected, the application immediately sends an SMS notification to the owner. For security purposes, when a device is changed, the system automatically unlinks all bank cards and clears transaction history. To resume work on a new smartphone, the user must undergo full biometric verification again.

To protect against schemes where fraudsters manipulate victims over the phone, technical restrictions are being introduced. Applications will automatically block any payments and transfers if the user is currently talking on the phone or through messengers like Telegram and WhatsApp. A similar restriction will apply if remote access software is enabled on the smartphone or malicious viruses are detected—in such cases, banking service operation will be suspended until circumstances are clarified.

To enhance security, inactivity time in an open application is now limited to exactly 3 minutes. If no action is taken during this time, the session automatically closes, and re-login is required to continue. Applications will also feature a special "Active Sessions" section where users can view all devices connected to their account in real time and instantly disconnect suspicious ones with a single button if necessary.

Before each important transfer, a mandatory warning will appear on the screen. It will remind users that transactions should only be conducted independently without pressure from third parties, and funds will only be sent after user confirmation. All these measures collectively create a reliable digital barrier to protect savings. The new rules take effect from April 22.

Source: podrobno.uz