The government services portal may become an entry point to marketplaces

The initiative should be considered from two sides – from the buyer and seller on the marketplaces. For the buyer, nothing changes significantly – their entry to the marketplaces remains the same and does not require additional confirmation and verification. Although this will not hurt. But the risk of encountering an unscrupulous fraudulent seller is significantly reduced – sellers will be forced to confirm their identity through "Gosuslugi", accordingly, it will not be possible to create fake accounts on the marketplaces. It is logical that this measure is aimed at ensuring the safety of buyers on Internet platforms. But how safe and convenient is it for sellers?

Registration via Gosuslugi will probably not cause much inconvenience to users of marketplaces – in December 2024, the Ministry of Digital Development announced that the number of users of the Gosuslugi portal is 112 million people, that is, the vast majority of Russians are already registered on Gosuslugi and will be able to use the Unified Identification and Authentication System (ESIA) to log into the marketplace.

Buyers will not need to verify their identity when ordering

Deputy Chairman of the State Duma Committee on Information Policy, Information Technology and Communications Anton Gorelkin commented on the advisability of linking a marketplace account to Gosuslugi in his Telegram channel : "As far as I know, leading electronic trading platforms have already implemented their own fraud protection mechanisms (including using artificial intelligence), which analyze user behavior and record deviations. According to one large marketplace, with 75 million buyers per month and over 1 million sellers, no more than two hundred cases of unauthorized access by third parties to personal accounts are recorded. Whether linking accounts to Gosuslugi will help reduce this number to zero is an open question."

A source close to the digital platform market commented on further actions to reduce risks for businesses: "Digital platforms have developed a number of proposals for the text of the bill, which are aimed at preventing the outflow of users from platforms and will help achieve the goals of reducing fraudulent activities, as well as preserve the ability for platforms to operate in foreign markets."

In 2021, an experiment began to verify the identities of users on various resources through "Gosuslugi". It is still ongoing and was recently extended for a year. All major Internet platforms are participating in the experiment.

At the same time, the question of information about users that platforms will be able to obtain about them after authorization using "Gosuslugi" remains open. In addition, there will always be a risk of hacking and hijacking accounts whose owners did not bother to connect two-factor authentication or used a compromised password – often one for all their services. And how to protect yourself if a fraudster goes this way is still unclear.

Businesses also have questions about using Gosuslugi for authorization. The Big Data Association (BD) sees a threat to the introduction of authorization through the Unified Identification and Authentication System (ESIA) for IT giants. "The introduction of mandatory identification through the Unified Identification and Authentication System (ESIA) for domestic services may lead to significant negative consequences for the market. According to our estimates, this will cause a 50% drop in conversion and reduce the number of users. As a result, users may switch to foreign platforms, where the risk of fraud is significantly higher. Not only will this not solve the problem of fraud, but it will also create additional risks for Russian citizens," the BD told Rossiyskaya Gazeta.

By the way

Biometrics: What do you think?

The office of Deputy Prime Minister – Head of the Government Office Dmitry Grigorenko reports that user data will be securely hidden, and it will be possible to enter personal accounts only after two-factor authentication, with biometrics being the second security factor.

But the use of biometrics itself also raises questions. Positive Technologies information security business consultant Alexey Lukatsky said that scammers can use other people's biometric data to create deepfakes and log into accounts. Users may not even suspect that their biometrics are in the hands of intruders – biometric databases can be hacked. In addition, gullible citizens can provide data to scammers themselves, for example, by participating in some harmless experiment for a small fee. The situation is complicated by the fact that biometrics – unique features and characteristics – remain with a person forever. The price of leaking such information is too high.

Entrepreneur, member of the Human Rights Council, member of the board of ROCIT Igor Ashmanov commented on identity verification through biometrics: "With the development of video and photo generation, that is, deepfakes, it is becoming increasingly meaningless and dangerous. The only way to protect user data is through criminal cases and imprisonment; this social problem cannot be solved by any technical means."

Probably, not everyone will want to provide biometrics. State Duma deputy Anton Gorelkin stated in his Telegram channel that forced biometrics are out of the question. These ideas are not discussed or considered. In this case, another secure way to log into marketplace accounts is needed, preferably with multi-factor authentication.