From July 1, 2024, first-time transactions using Mobile Banking in Vietnam must be authenticated using biometrics
Is it correct that first-time transactions using Mobile Banking in Vietnam must be authenticated using biometrics from July 1, 2024? - Mr. Khanh (Ha Noi)
From July 1, 2024, first-time transactions using Mobile Banking in Vietnam must be authenticated using biometrics
On December 18, 2023, the Governor of the State Bank of Vietnam issued Decision 2345/QĐ-NHNN in 2023 on the implementation of security solutions in online and bank card payment.
Article 2 of Decision 2345/QĐ-NHNN in 2023 stipulates the case of biometric authentication when making a first transaction using Mobile Banking as follows:
Credit institutions, foreign bank branches, and payment intermediaries must implement risk mitigation solutions in online payment as follows:
1. For individual customers, before making a first transaction using the Mobile Banking application or before making a transaction on a device other than the device that performed the most recent Mobile Banking transaction, the customer must be authenticated:
- By the customer's biometric identification marks: (i) match the biometric data stored in the chip of the customer's ID card issued by the Public Security Agency; (ii) or through the authentication of the customer's electronic identity account created by the electronic identification and authentication system;
- By the customer's biometric identification marks that match the biometric data stored in the biometric database about the customer that has been collected and checked, combined with the OTP authentication method sent via SMS/Voice or Soft OTP/Token OTP.
2. Notify the first login to the Internet Banking/Mobile Banking application or the login to the Internet Banking/Mobile Banking application on a device other than the device that performed the most recent login to the Internet Banking/Mobile Banking application via SMS or other channels that the customer has registered (email, phone, etc.).
...
Therefore, from July 1, 2024, before making a first-time transaction using Mobile Banking, biometric authentication is required.
In addition, individual customers must also authenticate their biometrics before making a transaction on a device other than the device that made the most recent Mobile Banking transaction.
From July 1, 2024, first-time transactions using Mobile Banking in Vietnam must be authenticated using biometrics - Source: Internet
What is biometric data of citizens in Vietnam?
Pursuant to Article 7 of the Decree 59/2022/NĐ-CP stipulating Vietnamese citizen’s eID as follows:
Vietnamese citizen’s eID
Vietnamese citizen’s eID contains the followings:
1. Personal information:
a) Personal identity number;
b) First, middle and last name;
c) Date (day, month, year) of birth;
d) Gender.
2. Biometric data:
a) Personal portrait;
b) Fingerprint.
Pursuant to Article 8 of the Decree 59/2022/NĐ-CP stipulating foreigner’s eID as follows:
Foreigner’s eID
Foreigner’s eID contains the followings:
1. Personal information:
a) ID number;
b) Last, middle and first name;
c) Date (day, month, year) of birth;
d) Gender;
dd) Nationality;
e) Number, sign, date (day, month, year), type of paper and place of issue of passport or other international travel document.
2. Biometric data:
a) Personal portrait;
b) Fingerprint.
Currently, the biometric information of citizens used for electronic identification in Vietnam is the personal portrait and fingerprints.
According to the law in Vietnam, is biometric data considered sensitive personal data or basic personal data?
Pursuant to Clause 4 Article 2 of the Decree 13/2023/NĐ-CP stipulating sensitive personal data as follows:
Definition of terms
For the purpose of this Decree, the following terms shall be construed as follows:
...
4. “Sensitive personal data” refers to personal data in association with individual privacy which, when being infringed, will directly affect an individual's legal rights and interests, including:
a) Political and religious opinions;
b) Health condition and personal information stated in health record, excluding information on blood group;
c) Information about racial or ethnic origin;
d) Information about genetic data related to an individual's inherited or acquired genetic characteristics;
dd) Information about an individual’s own biometric or biological characteristics;
e) Information about an individual’s sex life or sexual orientation.
g) Data on crimes and criminal activities collected and stored by law enforcement agencies;
h) Information on customers of credit institutions, foreign bank branches, payment service providers and other licensed institutions, including: customer identification as prescribed by law, accounts, deposits, deposited assets, transactions, organizations and individuals that are guarantors at credit institutions, bank branches, and payment service providers;
i) Personal location identified via location services;
k) Other specific personal data as prescribed by law that requires special protection.
It is a fact that each person has a unique biological feature.
Biometric data of each person may include facial features, retinal images, voice, fingerprints, etc.
Therefore, biometric data is considered sensitive personal data.
Best regards!
