Verify mobile phone subscriptions, prevent fraud.

This is one of the important regulations in the draft circular guiding the verification of subscriber information for terrestrial mobile telecommunications numbers - which the Ministry of Science and Technology has just released for public comment.

Mobile phone numbers that fail to verify their information are likely to have their outgoing calls temporarily suspended starting March 1st.

Mobile number linked to facial biometrics.

Speaking to Tuoi Tre newspaper , mobile network operators all stated that they are conducting a "campaign" to clean up mobile subscriber information in order to synchronize and verify mobile subscriber data with the National Population Database.

The verification process must ensure a match in at least four pieces of information – including the personal identification number; surname, middle name, and given name; date of birth; and facial biometric data.

Specifically, facial biometric authentication must ensure accuracy according to international standards; it must be capable of detecting attacks to spoof biometric information of living objects based on international standards to prevent fraud and impersonation of customers through images, videos , and 3D masks; and the biometric verification information must show the time of verification for each subscriber number.

"We are working closely with units under the Ministry of Public Security and the Ministry of Science and Technology to ensure that subscriber information data matches the National Population Database."

"At the same time, we are reviewing and standardizing subscriber data across the entire network, ensuring compliance with telecommunications regulations, personal data protection, and cybersecurity," a representative from Vinaphone informed.

According to the inter-ministerial coordination plan, based on subscriber data that has been correctly matched with the National Population Database, users will receive notifications via the national electronic identification application VNeID about the list of mobile phone numbers registered under their personal identification number.

Users are responsible for accessing the VNeID application to verify the mobile phone numbers they are directly using and to refuse verification for numbers they do not use or are not under their management. Phone numbers verified by the user will be considered as having completed the information verification process as per regulations.

For vulnerable groups in society such as the elderly, people who do not use smartphones, people in remote areas, and other cases requiring special support, telecommunications companies will coordinate with local police forces to organize direct information verification support at their residences.

"We hope customers will proactively cooperate and promptly verify their mobile subscriber information according to the instructions of the authorities and network operators; contributing to building a safe, transparent, healthy, and sustainable telecommunications environment...", a leader of a network operator shared with Tuoi Tre newspaper.

Preventing fraudulent use of unregistered SIM cards and "junk" SIM cards.

Many cybersecurity experts highly value biometric authentication for mobile subscribers, similar to bank accounts, especially the re-authentication required each time a user changes the device using the SIM card. Previously, biometric authentication was typically only performed once at the time of new SIM registration, and the system rarely required re-authentication afterward.

This creates a common loophole where users can register a valid SIM card under their name, then resell it to others or transfer it to fraudulent groups without being detected. This is why, even after verification, unregistered SIM cards and "junk" SIM cards continue to exist and circulate in the market.

Furthermore, the technical requirements for biometric authentication were not previously standardized to a minimum mandatory level. Each telecommunications company chose a different technological solution and implementation process, leading to inconsistent authentication quality. As a result, biometric authentication has not truly become a sufficiently strong "technical barrier" to completely eliminate "junk" SIM cards.

According to Mr. Vu Ngoc Son, Head of the Research, Consulting, Technology Development and International Cooperation Department of the National Cybersecurity Association (NCA), this draft circular addresses those very weaknesses with a series of new, fundamental elements.

First of all, biometric authentication is no longer a one-time action, but is linked to high-risk events throughout the subscriber lifecycle, especially when changing terminal devices.

"The regulation requiring re-verification in these situations will prevent the buying and selling of SIM cards after verification, which is a major 'source' for fraudulent activities," Mr. Son said, adding that the successful application of biometric authentication in the banking sector shows that when digital identities are controlled, junk accounts are quickly eliminated, disrupting the intermediate chain that fraudsters often exploit.

In addition to preventing the buying and selling of SIM cards after authentication, requiring authentication when changing devices will also be a technical barrier to attempts to hijack users' SIM cards.

Even if they gain access to the physical SIM card or personal information, the fraudsters cannot complete the activation process without passing biometric authentication that matches the original data.

"This is a mechanism for 'hard locking' identity, similar to the multi-layered protection measures that banks are applying to safeguard high-value accounts," Mr. Son said.