Circular 50/2024/TT-NHNN stipulating the safety and security for providing online services in the banking sector in Vietnam
Circular 50/2024/TT-NHNN stipulating the safety and security for providing online services in the banking sector in Vietnam
On October 31, 2024, the Governor of the State Bank of Vietnam issued Circular 50/2024/TT-NHNN stipulating safety and security requirements for the provision of online services in the banking sector, including:
- Banking activities and other business activities of credit institutions, branches of foreign banks
- Payment intermediary service provision activities
- Credit information activities
Circular 50/2024/TT-NHNN applies to credit institutions, branches of foreign banks, organizations providing payment intermediary services, credit information companies (hereinafter referred to as units).
Circular 50/2024/TT-NHNN stipulating the safety and security for providing online services in the banking sector in Vietnam (Image from the Internet)
Guidelines for customers implementing safety and security measures regarding online banking services in Vietnam
According to Article 18 of Circular 50/2024/TT-NHNN, guidelines for customers using online banking services are regulated as follows:
Article 18. Guidelines for Customers Using Online Banking Services
- Units must develop processes and documents guiding the installation and use of software, applications, and devices for electronic transactions and provide these processes and documents to customers.
- Units must guide customers in implementing safety and security measures when using online banking services, with at least the following content:
a) Protect the confidentiality of secret keys, PINs, OTPs, and do not share devices storing this information;
b) Principles for setting secret keys, PINs, and changing secret keys, PINs for electronic transaction accounts;
c) Avoid using public computers for access and transactions; avoid using public WIFI networks when using online banking services;
d) Do not save usernames and secret keys, PINs on browsers;
dd) Log out of the online banking application software when not in use;
e) Identify and handle some cases of fraud and impersonation of websites and online banking application software;
[...]
Thus, the guidelines for customers to implement safety and security measures when using online banking services include:
- Protecting the confidentiality of secret keys, PINs, OTPs, and not sharing devices storing this information
- Principles for setting secret keys, PINs, and changing secret keys, PINs for electronic transaction accounts
- Avoid using public computers for access and transactions; avoid using public WIFI networks when using online banking services
- Do not save usernames and secret keys, PINs on browsers
- Log out of the online banking application software when not in use
- Identify and handle some cases of fraud and impersonation of websites and online banking application software
- Installing all available security patches for the operating system, Mobile Banking application software; consider installing anti-virus software and updating the latest virus definitions on personal devices used for transactions;
- Choose transaction authentication methods with safety and security levels stipulated and suitable for the customer’s transaction limit needs
- Warn about risks related to the use of online banking services
- Do not use jailbroken mobile devices to download and use online banking application software and OTP generation software
- Do not install unknown, unlicensed, or suspicious source software
- Promptly notify the unit when detecting abnormal transactions
- Immediately notify the unit in cases of: loss, misplacement, or damage of the OTP generation device, SMS-receiving phone number, or any device storing security keys for creating electronic signatures; being defrauded or suspected of being defrauded; being subjected to hacking or suspected of hacking attacks
What are measures are to ensure customer information security in Vietnam?
According to Article 19 of Circular 50/2024/TT-NHNN, the regulation on customer information security is as follows:
Article 19. Customer Information Security
Units must apply measures to ensure the safety and security of customer data, including at least:
- Customer data must be protected and secured in accordance with the law.
- Information used to confirm customer transactions, including secret keys, PINs, and biometric information when stored, must be encrypted or masked to ensure confidentiality.
- Assign appropriate access rights based on function and task for personnel accessing customer data; monitor each access instance.
[...]
Therefore, measures to ensure the safety and security of customer data at a minimum include:
- Customer data must be protected and secured in accordance with the law.
- Information used to confirm customer transactions, including secret keys, PINs, and biometric information when stored, must be encrypted or masked to ensure confidentiality.
- Assign appropriate access rights based on function and task for personnel accessing customer data; monitor each access instance.
- Implement access management measures to prevent data leaks from devices and media storing customer data.
- Notify customers promptly in the event of data breaches and report immediately to the State Bank of Vietnam (Department of Information Technology).
