System of network, communications, security and safety of online banking in Vietnam

System of network, communications, security and safety of online banking in Vietnam​

The entity must establish the system of network, communications, security and safety of online banking in Vietnam​ to meet the following minimum requirements:

- Implement minimum security solutions, including:

+ Application firewall or equivalent protection solution;

+ Database firewall or equivalent protection solution;

+ Solutions to prevent and combat Denial of Service (DoS) attacks, Distributed Denial of Service (DDoS) attacks on systems providing services directly on the Internet;

+ Information security event management and analysis system.

- Customer information (customer identification information, customer transaction information) must not be stored in the Internet-facing or the intermediate zones between the internal network and the Internet (DMZ zone).

- Establish policies to minimize connections and services to the Online Banking system.

- Connection from outside the internal network to the Online Banking system for management should only occur when internal network connection is not possible and must ensure safety by complying with the following regulations:

+ Must be approved by competent authority after reviewing the purpose and method of connection;

+ Must have a secure remote access and system management plan such as using a virtual private network or an equivalent solution;

+ Connection devices must have security and protection software installed;

+ Must apply at least two of the authentication forms stipulated in Clauses 1, 3, 4, 7, 8, 9 Article 11 of Circular 50/2024/TT-NHNN when logging into the system;

+ Use encrypted secure communication protocols and do not store secret keys in utility software.

- The network connection line providing services must ensure high availability and continuous service provision capability.

More details can be found in Circular 50/2024/TT-NHNN effective from January 1, 2025, except for the following cases:

- Point b Clause 1 Article 4, Point d Clause 9 Article 7, Clauses 3 and 4 Article 8 are effective from July 1, 2025.

- Point b Clause 1 Article 10 is effective from January 1, 2026.

- Point c Clause 5 Article 11, Point c Clause 7 Article 11, Point b (iv) Clause 1 Article 20 are effective from July 1, 2026.

>> CLICK HERE TO READ THIS ARTICLE IN VIETNAMESE