On December 18, 2023, the Governor of the State Bank of Vietnam issued Decision No. 2345/QD-NHNN on the implementation of safety and security measures for online and bank card payments (Decision 2345), which took effect on July 1, 2024. After monitoring and consolidating the implementation process, the SBV provides the following guidance related to the deployment of Decision 2345:
1. For customers who do not have a Citizen Identification Card (CIC) with a chip (those who only have a valid Permanent Residence Book or non-chipped CCCD as prescribed by law), the biometric identification measure for type C and D transactions stipulated in Article 1 of Decision 2345 shall be performed by matching the biometric data stored in the Customer Biometric Database. collected and checked, with the check being done by face-to-face meeting.
2. For customers with a chip-based CCCD but using a phone that does not support NFC, the biometric identification measure for type C and D transactions stipulated in Article 1 of Decision 2345 shall be performed as follows:
(i) Through authentication of the customer’s electronic identification account created by the electronic identification and authentication system;
(ii) Or match the biometric data stored in the Customer Biometric Database. collected and checked, with the check being done as follows:
- Match the customer’s biometric identification data with the biometric data in the chip of the customer’s CCCD issued by the Public Security agency by performing at the transaction counter, through the unit’s CCCD reading device/phone attached to the chip;
- Or match the customer’s biometric identification data through authentication of the customer’s electronic identification account created by the electronic identification and authentication system.
3. Regarding the storage of transaction device information as prescribed in Clause 3, Article 2 of Decision 2345: For the storage of information of the device (including the computer using the web browser) performing the transaction, the unit shall store the identification information of the transaction device according to the principle of storing only the information necessary to uniquely identify the device. The information specified in Clause 3, Article 2 of Decision 2345 is suggestive and it is not mandatory to store all this information.
4. Regarding transaction authentication for e-wallet loading and withdrawal transactions stipulated in Appendix 01 of Decision 2345: For loading and withdrawal transactions from the e-wallet through the linked primary payment account/debit card, if the customer has performed owner verification with the bank when performing the link by the authentication method for type B or higher transactions (except for biometric identification measures attached to smart handheld devices), it is not mandatory to apply authentication measures for e-wallet loading and withdrawal transactions with a limit: G ≤ VND 10 million and G + Tksth ≤ VND 20 million. Other transactions shall comply with the provisions of Decision 2345.
- Organize communication and guidance for all customers on the implementation of transaction authentication measures corresponding to transaction limits as prescribed in Decision 2345.
- Prepare plans, hotline channels and arrange officers on duty 24/7 to promptly guide and support customers to register and use biometric identification information.
- Proactively coordinate with the National Population Data Center – Administration Management Police – Ministry of Public Security and other related organizations to prepare plans to handle difficulties and obstacles in the process of registering and using biometric authentication services from July 1, 2024.
- Deploy technical solutions to ensure information security, data security, and customer data compliance with the law on personal data protection and the law on ensuring information security.
- To prevent transaction congestion and support customers in a timely manner, units that have completed the early deployment are encouraged to provide services to customers.
Enhancing Risk Mitigation Solutions in Online Payments
Aiming to enhance security in online and card payments, commercial banks are actively deploying a range of technological solutions to comply with the requirements set forth in Decision 2345/QD-NHNH by the State Bank of Vietnam (SBV).
The Art of Secure Transactions: Navigating the Landscape of Biometric Authentication for Smaller Payments
As per the data released by the State Bank of Vietnam, approximately 70% of individual customer payment transactions in Vietnam are valued at under VND 1 million. Interestingly, transactions over VND 10 million account for just 11% of the total, and less than 1% of people have transactions exceeding VND 20 million per day.
