The State Bank of Vietnam (SBV) is in the process of amending and supplementing certain provisions of Circular No. 50/2024/TT-NHNN of October 31, 2024, which outlines safety and security regulations for providing online services in the banking sector.
This circular is applicable to credit institutions, branches of foreign banks, intermediary payment service providers, mobile money service providers, and credit information companies (hereinafter referred to as units).
In the first draft, the SBV has revised and supplemented point c, clause 3, Article 7, requiring units to conduct assessments and scans to detect technical vulnerabilities and weaknesses, as well as evaluate the ability to prevent and counteract potential security risks.
Notable, for Mobile Banking apps, service providers must conduct periodic evaluations at least once every two months for software versions being installed and used by customers to identify security vulnerabilities and assess the risk of intervention by cybercriminals.
Additionally, units must control and not allow customers to use software versions older than two versions compared to the latest version connected to the Online Banking system for transactions.
When detecting security vulnerabilities, banks, payment intermediaries, and mobile money service providers must implement measures to check, prevent illegal transactions (if any), and simultaneously deploy updates to address and fix the issues immediately.
Furthermore, clause 4, Article 8, is revised and supplemented to enhance the ability to prevent unauthorized interventions in Mobile Banking applications installed on customer devices.
The amended circular is expected to take effect from January 1, 2026, except for certain cases.
Google translate