Open menu
29April2022

Two-Factor Authentication Requirement in Payment Services of Municipalities

Two-Factor Authentication Requirement in Payment Services of Municipalities

It has been stated that accessing the real estate information of the citizens by entering only the Turkish Republic ID number on the real estate tax payment/fast payment and debt inquiry pages submitted online by the municipalities in various notices conveyed to the Turkish Data Protection Authority ("Authority") causes a problem in terms of protection of personal data and it has been requested to be examined within the scope of Turkish Data Protection Law No. 6698 ("KVKK").

Referring to Article 12 of the KVKK and the Personal Data Security Guide (in Turkish) published by the Authority, the Authority stated that the implementation of two-factor authentication control in case of remote access to personal data when necessary is among the measures to be taken to ensure the security. In this respect, in case of remote access to personal data, it is necessary to use two-factor inquiry system so that third parties cannot easily access the personal data, for example systems that allow access by querying the person's Turkish Republic ID number and birthday information are determined as one-factor authentication, while systems provide access with the person's Turkish Republic ID number as well as creating a password specially or an SMS code sending to person's previously informed phone number are accepted as two-factor authentication.

Accordingly, it has been stated that it would be important to implement inquiries with two-factor authentication methods, which will significantly reduce or eliminate the risk, instead of one-factor authentication systems that carry the risk of easy accessing to personal information and in line with these complaints/notifications to be sent about the municipalities that do not take the aforementioned measures, action will be taken against the relevant municipality within the scope of penalty provisions of the KVKK by the Authority.

Details of the decision can be found here (in Turkish).

Should you have any queries or need further details, please contact your customer representative.

Author CottGroup Hukuk ve Mevzuat Ekibi, Category Personal Data Protection Law

  • Notification!

    Contents provided in this article serve to informative purpose only. The article is confidential and property of CottGroup® and all of its affiliated legal entities. Quoting any of the contents without credit being given to the source is strictly prohibited. Regardless of having all the precautions and importance put in the preparation of this article, CottGroup® and its member companies cannot be held liable of the application or interpretation of the information provided. It is strictly advised to consult a professional for the application of the above-mentioned subject.

    For each concrete situation, it is strongly advised to seek guidance from a professional advisor. If you are a customer of ours, please consult with your customer representative before taking any action related to the announcement. If you are not a customer, seek advice from an expert.

About The Author

/tr/mevzuat/item/belediyelerin-odeme-ve-borc-sorgulama-hizmetlerinde-cift-kademeli-dogrulama-zorunlulugu

Other Legislation

Bu web sitesi çerez kullanıyor.

Bu internet sitesinde, kullanıcı deneyimini geliştirmek, verimli çalışmasını sağlamak ve istatistiki verileri takip etmek için çerezler kullanılmaktadır. Sitemizi kullanarak çerezleri kabul etmiş olursunuz. Çerezleri nasıl kullandığımız ile ilgili detaylı bilgi için lütfen Çerezler (Cookies) sayfasını okuyunuz. Bu seçim 30 gün süreyle ya da tarayıcınızdaki çerezleri siz silene kadar geçerlidir.

Çerez Tercihleri Cookie Preferences

Çerezleri Ayarla

Çerezler, web sitelerinin kullanıcı deneyimini daha verimli hale getirmek için kullanabileceği küçük metinlerdir. Kanun, bu sitenin işleyişi için kesinlikle gerekli olan çerezlerin cihazınıza saklanabileceğini belirtir. Diğer tüm çerez türleri için izninize ihtiyacımız var. Bu site, çeşitli türde çerezler kullanmaktadır. Bazı çerezler, sayfalarımızda görünen üçüncü taraf hizmetler tarafından yerleştirilir.

Verdiğiniz izinler aşağıda yer alan web siteleri için geçerlidir:

  • www.cottgroup.com