More than six months after its launch, Russia’s national bank card MIR is already supported by more than a hundred Russian banks, 13 of which actually issue the card, according to the Russian central bank’s subsidiary NSPC (or NSPK), which operates the MIR card.
Card acceptance is not ubiquitous yet in Russia, however, if judging by the measures taken by the Russian authorities to force banks and retail outlet to accept MIR. In a letter sent in March to 51 major banks, the central bank demanded that MIR be accepted ubiquitously and that cards be issued to all Russia’s civil servants by July 1, 2016.
Meanwhile, Russia’s consumer rights agency, Rospotrebnadzor, has said it would impose penalties for refusing to work with MIR cards.
Complementing the cards already in use in Russia, MIR cards are accepted in Russia only. In the future, however, co-badging agreements with international operators will allow Russian cardholders to use MIR cards abroad as well.
In April, good news already came from AliExpress. This Chinese e-commerce platform, which has become extremely popular in Russia over the past three years, became the first global company to accept the new Russian card.
Security challenges and high costs
Meanwhile, MIR’s introduction across Russia has created several challenges. Hacker attacks are one of them, as reported last week by Russian business magazine RBC. According to Alexander Chebar, a Bank of Russia Internet security expert, attackers can gain access to the accounts of the holders of these cards through remote service channels at the initial stage of the use of MIR cards.
However, the level of protection of Russian cards is not inferior to that of foreign counterparts, according to Chebar.
“From the point of view of cardholders themselves, yes, a small failure is possible in the beginning of using these cards,” Chebar said. “That is, a clear failure in terms of theft of funds. It is not the card itself that will be targeted, but some systems associated with this card, such as remote banking services, allowing [hackers] to read information about the payment card.”
In an exchange with RBC, Nikolai Pyatiizbantsev, head of the incident management team at Gazprombank’s information security department, confirmed there were issues with MIR cards. He said the main problem was that only the card number and PIN were necessary to gain access to the account, no additional checks were required.
Another challenge is financial. The costs for banks to issue MIR cards is 35%-45% higher than in the case of Visa and MasterCard, according to Elena Bindusova, Director of the payment systems department at SMP Bank, cited by RBC.
The MIR card is a key part of Russia’s strategy to build its own payment system. The country thus aims to operate local payments and clearing operations independently from such foreign companies as MasterCard and Visa.
The cards of these and other international operators — which have adhered to the NSPC — continue to be issued and accepted in Russia, but their processing traffic has been transferred to the NSPC platform.
The excerpts from the RBC article contained in this story were initially translated into English by Russia Beyond The Headlines.