ANTD.VN - Before making the first transaction using the Mobile Banking application or before making a transaction on a device other than the device that made the last Mobile Banking transaction, individual customers must authenticate biometrically.
The Governor of the State Bank of Vietnam (SBV) has just issued Decision No. 2345/QD-NHΝΝ on implementing safety and security solutions in online payments and bank card payments.
According to the content of the Decision, credit institutions, foreign bank branches, and payment intermediary service providers shall, based on the transaction classification specified in this Decision, implement and apply authentication measures in online payments on the Internet (Internet Banking, Mobile Banking).
 |
Customers will be required to authenticate biometrics when making their first payment using Mobile Banking. |
Solutions to minimize risks in online payments
Credit institutions, foreign bank branches, and payment intermediary service providers must implement the following solutions to minimize risks in online payments:
For individual customers, before making the first transaction using the Mobile Banking application or before making a transaction on a device different from the device that made the last Mobile Banking transaction, the customer must be authenticated:
By the customer's biometric identification mark: (i) matching the biometric data stored in the chip of the customer's citizen identification card issued by the Public Security agency; (ii) or through authentication of the customer's electronic identification account created by the electronic identification and authentication system;
Or by the customer's biometric identification mark matching the biometric data stored in the collected and verified customer biometric database, combined with the OTP authentication method sent via SMS/Voice or Soft OTP/Token OTP.
Along with that, notify the first login to the Internet Banking/Mobile Banking application or the login to the Internet Banking/Mobile Banking application on a device different from the device that last logged into the Internet Banking/Mobile Banking application via SMS or other channels registered by the customer (email, phone...).
On the other hand, store information about the device that performs customers' online transactions and transaction authentication logs for at least 3 months.
For organizations providing card payment services
The decision clearly states that organizations providing card payment services must implement the following risk mitigation solutions:
Transaction notification via SMS or email.
Set daily transaction limits.
Set up features to allow/disallow online payments.
Set daily online card payment limit.
Set up features to allow/disallow foreign payments (except online transactions).
Implement 3D Secure authentication solution (or equivalent) for online payments with international cards.
This Decision takes effect from July 1, 2024 and replaces Decision No. 630/QD-NHNN dated March 31, 2017 of the Governor of the State Bank of Vietnam on promulgating the Plan to apply security solutions in online payments and bank card payments.
For credit institutions under special control, the time for applying the provisions of this Decision is from January 1, 2025.
Source link
Comment (0)