Why biometric authentication is necessary for money transfer of 10 million VND or more?

From July 1, 2024, all money transfers valued at 10 million VND or more will require biometric authentication for the sender.

0
96

The transaction of transferring money with a value of 10 million VND or more must be verified by biometrics, which helps prevent and combat high-tech crimes in cyberspace. (Photo: Vietnam+)

According to Decision No. 2345/QD-NHNN dated December 18, 2023 of the Governor of the State Bank of Vietnam, from July 1, 2024, all money transfer transactions with a value of 10 million VND or more must go through a biometric verification step for the remitter.

Mr. Doan Thanh Hai, Deputy Director of the Information Technology Department of the State Bank of Vietnam, said that this solution enables management agencies and service providers to accurately identify the account owner, the person making the transaction, and the beneficiary. This will further enhance the effectiveness of preventing and combating high-tech crimes in cyberspace.

– Decision 2345 stipulates that from July 1, 2024, transferring money via online accounts or depositing money into e-wallets over 10 million VND must be verified by facial recognition or fingerprint. What benefits will this solution bring to individuals, businesses, and the banks, sir?

Mr. Doan Thanh Hai: Many years ago, the State Bank of Vietnam issued regulations requiring organizations in the banking sector to classify transactions when providing online transaction services, and to apply transaction verification solutions that are appropriate to the information security risks of each type of transaction.

Although this has increased the security of online transactions against unauthorized access and fraudulent theft of assets, this solution still does not allow management agencies and service providers to accurately identify the account holder, the recipient of the illegal transactions such as gambling, money laundering, and fraudulent appropriation of property…

The reason is that the personal data of customers in the customer database of service providers is not clean. High-tech criminals have taken advantage of the lack of knowledge of the people in remote areas and ethnic minorities to rent and buy payment accounts; forge personal information to open payment accounts… This weakness allows high-tech criminals to “hide” and continue to commit illegal acts in cyberspace.

With the new regulations in Decision No. 2345, first, banks need to coordinate with the Ministry of Public Security to clean the customer’s biometric database by comparing the customer’s biometric database stored by the bank with the national population database managed by the Ministry of Public Security. On that basis, when a transaction with a value of 10 million VND or more occurs, it is mandatory to compare the biometrics of the person performing the transaction with the customer’s biometric database that the bank is holding.

This solution enables management agencies and service providers to accurately identify the account owner, the person making the transaction, and the beneficiary. Thereby further contributing to the effectiveness of preventing and combating high-tech crimes in cyberspace.

The basis for setting the levels of 10 million VND, 20 million VND as mentioned above is that when drafting Decision 2345, the State Bank of Vietnam surveyed and assessed the impact based on the number of transactions of individual customers.

Specifically, the number of transactions per day with a value of over 10 million VND accounts for about 11.3% of the number of transactions and accounts for an average of about 11.64% of the number of accounts; the number of accounts with a total transaction value of 20 million VND per day (for transactions with a value of less than 10 million VND) only accounts for about 0.79% of the number of accounts, which is a relatively small percentage. Some countries in the world have applied this measure (for example, the Central Bank of Thailand has regulated that from June 2023, money transfer transactions over 50,000 Bath (1,400 USD) must be verified by biometrics).

– So, could you tell us about some of the implementation results between the State Bank of Vietnam and the Ministry of Public Security in implementing Project 06 of the Government on developing the application of population data, digital identification and authentication?

Mr. Doan Thanh Hai: Credit institutions are actively cooperating with enterprises licensed by the Ministry of Public Security to provide user authentication solutions using chip-based citizen identification cards to implement customer authentication solutions in compliance with Decision 2345. In which, many credit institutions have signed contracts and are implementing practices.

Mr. Doan Thanh Hai, Deputy Director of the Information Technology Department of the State Bank of Vietnam. (Photo: Vietnam+)

Specifically, there are currently 48 credit institutions that have and are implementing customer authentication applications using chip-based citizen identification cards via mobile applications, in which 16 credit institutions have provided services; 58 credit institutions have and are implementing customer authentication applications using chip-based citizen identification cards via devices at the counter, in which 22 credit institutions have provided services.

Regarding data cleaning, 23 credit institutions have signed contracts with C06 to implement offline customer data cleaning, in which 20 credit institutions have sent data to C06; 14 credit institutions are testing the application of electronic identification and authentication accounts (VNeID) into services such as opening payment accounts, authenticating payment transactions, verifying and authenticating customer information; 7 credit institutions have and are implementing credit scoring solutions.

– What solutions does the State Bank of Vietnam have to ensure the safety of customers’ bank accounts in the face of the risk of high-tech crimes that have shown signs of increasing recently?

Mr. Doan Thanh Hai: Regarding preventing and combating online fraud, the solution of communication, raising knowledge, and skills in using online services for customers is the main solution in addition to the technical solutions of the banking sector, because criminals directly attack vulnerable subjects who are those using the services.

Therefore, in recent times, the State Bank of Vietnam has instructed units in the sector to synchronously implement many solutions to raise awareness about information security for all officials in the banking sector and customers of the banking sector.

Customers should comply with the regulations and instructions of banks providing online transaction services, and register to receive notifications of changes in transaction balances.

For online transaction service access passwords, it is necessary to set a password that is difficult to guess, ensure security rules, change the password regularly, and do not use password saving features for automatic login.

Customers must not provide online bank login names, passwords, verification codes (OTP) via phone, email, social networks, websites… to anyone, even bank employees,

In case their login name/password is disclosed or suspected of being disclosed, customers need to promptly notify the bank for timely support; in case of losing the card, it is necessary to lock the card on the electronic banking application or notify the bank as soon as possible to avoid the risk of losing money in the card.

In addition, customers need to limit using public computers, public wireless networks when accessing the electronic banking system. Type the addresses of electronic banking websites directly instead of choosing available links, only log in at the official website of the bank.

Only install applications from official stores such as Google Play and App Store. When installing applications on the device, it is necessary to check the application developer’s information, and carefully consider the permissions of the applications. Regularly update the device’s operating system so that the device receives the latest security patches from the manufacturer.

In addition, customers should make online purchases and payments on reputable websites that are licensed to operate, have clear contact information, and take the initiative to keep personal information and account information confidential.

– Thank you very much!

Thuy Ha