Vietnam: From January 01, 2021, the management of information systems providing online transaction services will be in accordance with new provisions

From January 01, 2021, the management of information systems providing online transaction services will be in accordance with new provisions of Circular No. 09/2020/TT-NHNN of the State Bank of Vietnam, specifically as follows:

1. An information system that serves online transaction services to clients must comply with TCVN 11930:2017 (Information technology - Security techniques - Basic requirements for securing information system according to security levels) and meet the following requirements:

- Ensure the integrity of data exchanged with clients during the process of conducting online transactions;

- Data available on the transmission line must be kept confidential and fully delivered to the right address, and protected by appropriate measures to detect any illegal revision or replication;

- Assess levels of risks in online transactions according to groups of clients, types of transaction and transaction limit in order to provide appropriate authentication solutions in accordance with SBV’s regulations;

- Any electronic information website used for online transactions must have anti-phishing authentication and must be protected by applying illegal anti-revision measures.

2. The information system that serves online transaction services must be strictly monitored to ensure its capability of detecting and warning about:

- Suspected transactions based on the following criteria: time and position of transaction (geographical position and IP address), transactional frequency rate, transactional monetary amount, and number of authentications inconsistent with regulations;

- Abnormal operations of the system;

- Denial of Service attacks (DoS), Distributed Denial of Service attacks (DDoS).

3. Before using online transaction services and on a periodical basis, clients must be provided with measures for ensuring information security and warned about potential risks they may incur.

4. When providing online transaction application software on the Internet, the institution must adopt measures to ensure the integrity of such software.

View more details at the Circular No. 09/2020/TT-NHNN of the State Bank of Vietnam, effective from January 01, 2021.

Thuy Tram

>> CLICK HERE TO READ THIS ARTICLE IN VIETNAMESE