What does OTP mean? What are the precautions when conducting banking transactions using OTPs in Vietnam?

What does OTP mean? What are the precautions when conducting banking transactions using OTPs in Vietnam? - asked Mrs. D.B (Hai Phong)

What does OTP mean?
What is the minimum length of an OTP to access Internet Banking services in Vietnam?
What are the requirements for OTP authentication by SMS or email in Vietnam?
What are the precautions when conducting banking transactions using OTPs in Vietnam?

What does OTP mean?

Pursuant to Clause 4, Article 2, Circular 35/2016/TT-NHNN, the OTP code is as follows:

Interpretation of terms

4. One time Password (OTP) is a password that is valid for only one login session or transaction and in a certain period of time, often used as the second factor in the two-factor authentication to authenticate users assessing to the application or conduct Internet Banking transactions.

Thus, One time Password (OTP) is a password that is valid for only one login session or transaction and in a certain period of time.

What does OTP mean? What are the precautions when conducting banking transactions using OTPs in Vietnam?

What is the minimum length of an OTP to access Internet Banking services in Vietnam?

Pursuant to Article 9 of Circular 35/2016/TT-NHNN amended by Clause 7 and Clause 8, Article 1 of Circular 35/2018/TT-NHNN, regulations on authentication of clients accessing Internet Banking services are as follows:

Authentication of clients accessing Internet Banking services

1. A client accessing to use the Internet Banking services must be authenticated with at least user name and password complying with the following requirements:

a) The user name must be at least 6 characters long; all the 6 same characters or characters in the order of the alphabet or numerals are not allowed;

b) The password must be at least 6 characters longs, including letters and numerals, containing uppercases and lowercases or special symbols. Maximum validity period of the password is 12 months.

c) For access to Internet Banking system by browser, the service provider must have measures to disable automatic login

2. The application shall have feature that requires a client to change his/her password immediately upon the first login; and lock out the account in a case where a client enters incorrect password continuously exceeding a certain times prescribed by the service provider. The account will be unlocked only when such client requests to unlock it and the client authentication must be done before unlocking to avoid fraud

Thus, the OTP must be at least 6 characters longs, including letters and numerals, containing uppercases and lowercases or special symbols.. According to the above regulations, the OTP must be at least 6 characters longs.

What are the requirements for OTP authentication by SMS or email in Vietnam?

Pursuant to Article 10 of Circular 35/2016/TT-NHNN, the content is annulled by Clause 1, Article 2 of Circular 35/2018/TT-NHNN, there are regulations on requirements for measures for transaction authentication as follows:

Requirements for measures for transaction authentication

....

2. Requirements for OTP authentication by SMS or email:

a) OTP sent to clients must attach with warning of OTP’s purposes;

b) OTP shall be valid within 5 minutes.

3. Requirements for authentication using OTP matrix cards:

a) An OTP matrix card shall be used within 1 year from the date of registration;

b) OTP shall be valid within 2 minutes.

4. Requirements for OTP authentication generated by an application installed in mobile equipment:

a) The service providers must clarify the link on the website or application store enabling clients to download and install the OTP generator software;

b) The OTP generator software, before its operation, shall be activated by the password provided by the service provider. An activate password will be used for solely one mobile equipment;

c) OTP generator software shall be controlled in terms of access. In a case where five incorrect passwords are entered continuously, the application shall be automatically locked out to prevent clients from keeping using.

d) OTP shall be valid within 2 minutes.

...

Thus, the requirements for OTP authentication by SMS or email are as follows:

- OTP sent to clients must attach with warning of OTP’s purposes;

- OTP shall be valid within 5 minutes.

What are the precautions when conducting banking transactions using OTPs in Vietnam?

Currently, banks and payment organizations advise their customers not to make payment transactions on public computers or provide passwords or OTPs to anyone. In addition, when using OTPs, users should take note of the following to avoid risks:

- Carefully check the amount and recipient information before entering the OTP to confirm the transaction.

- Users should set a password for the phone they register to receive OTP to prevent others from accessing the OTP for malicious purposes.

- Regularly change passwords to enhance the security of the account.

- In the event of a leaked password or a lost phone, it is necessary to urgently notify the bank to lock the online payment function of the account.

LawNet

- This English translation is for reference purposes only and not a definitive translation of the original Vietnamese texts;
- Articles may be compiled from a variety of sources;
- Applicable Terms may have expired at the time you are reading;
- If you have any questions about the copyright of the article, please contact us via email [email protected];

Transactions

Legal Grounds

The latest legal advice

{{i.Title}}

Address:	19 Nguyen Gia Thieu, Vo Thi Sau Ward, District 3, Ho Chi Minh City
Phone:	(028) 7302 2286 (6 lines)
E-mail:	[email protected]