The State Bank of Vietnam (SBV) has just announced a draft Circular regulating the safety and security of online banking services.
According to this draft, the Online Banking system of banks must comply with regulations on ensuring information system security at level 3 or higher, ensuring the confidentiality and integrity of customer information, as well as ensuring the continuous availability of services of the Online Banking system.
Online Banking needs to ensure information system security level 3 or higher (Photo TL)
For customer transactions, the system needs to assess the minimum risk level for each customer group, transaction type and transaction limit. From there, provide appropriate transaction authentication methods for customers to choose. Comply with regulations on applying multi-factor authentication when changing customer identification information and apply authentication methods for each customer group, transaction type and transaction limit according to regulations. For multi-step transactions, a minimum authentication measure must be applied at the final approval step.
According to the State Bank of Vietnam, online banking systems also need to be inspected and evaluated for security and confidentiality periodically every year. In addition, banks need to regularly identify risks, determine the causes of risks, and promptly take measures to prevent, control and handle risks in providing online banking services.
For technical infrastructure equipment provided for Online Banking services, it is necessary to have copyright and clear origin. Banks need to have an upgrade and replacement plan according to the manufacturer's announcement, ensuring that the infrastructure equipment is capable of installing new software versions.
Online Banking service providers also need to set up a minimum security system including: Application firewall; database firewall; centralized monitoring and warning system for attacks or unusual behavior. In addition, customer information is not stored in the Internet connection partition and DMZ partition (intermediate partition between the internal network and the Internet).
The draft also requires Online Banking service providers to manage vulnerabilities and weaknesses of the system with preventive measures, detecting changes to the website and Online Banking application. From there, establish a mechanism to detect and prevent intrusions and network attacks on the Online Banking system to promptly prevent dangerous situations and secure information.
Scanning for vulnerabilities and system vulnerabilities should be performed at least once a year or as soon as information about new vulnerabilities and system weaknesses is received.
Source: https://www.congluan.vn/nhnn-de-xuat-he-thong-online-banking-phai-dam-bao-an-toan-he-thong-thong-tin-cap-3-tro-len-post299941.html
![[Infographic] In 2025, 47 products will achieve national OCOP](https://vphoto.vietnam.vn/thumb/402x226/vietnam/resource/IMAGE/2025/7/16/5d672398b0744db3ab920e05db8e5b7d)
Comment (0)