LEGAL REGULATIONS ON ELECTRONIC AUTHENTICATION AND BIOMETRIC PAYMENTS IN VIETNAM IN 2024
LEGAL REGULATIONS ON ELECTRONIC AUTHENTICATION AND BIOMETRIC PAYMENTS IN VIETNAM IN 2024
In 2024, Vietnam updated notable legal regulations on electronic authentication and biometric payment methods, directly affecting individuals and organizations in daily transactions and business activities. These new updates help ensure transaction confirmation for individuals and organizations. To help individuals and organizations grasp new information about electronic authentication and biometrics in Vietnam, DHT provides this newsletter on the topic "Legal regulations on electronic authentication and biometric payments in Vietnam in 2024"
1. Introduction to Biometrics and Electronic Authentication
1.1. Biometrics
1.1.1. What is Biometrics?
According to Clause 3, Article 3 of the 2023 Identification Law, “Biometrics are physical attributes, unique and stable biological characteristics of an individual to identify and distinguish one person from another”.
In other words, biometrics is a digital technique based on biological or physical characteristics to identify an individual. Biometrics uses unique criteria to prove a person's identity such as fingerprints, face, voice... This method ensures greater safety and reliability because each person's characteristics are not identical, even for twins.
1.1.2. Principles of Biometric Identification
The principle for determining biometrics is based on comparison. The system will have records of identification features that do not change over time, including fingerprints, voice, face, retinal patterns... and compare them with the user's information features. When users request authentication, the system will compare their biometrics with data in the database. If the data matches, the user will be granted access.
1.1.3. Classification of Biometrics
Biometrics is usually divided into two groups:
- Physical biometrics: Physical biometrics are based on biological signs such as handprints, fingerprints, vein patterns, iris, retinal blood vessel patterns, and voice. These features will be used with scanners for recognition and authentication.
- Behavioral biometrics: Behavioral biometrics are based on analyzing patterns and habits of each individual. It uses habits such as typing speed, gait, and handwriting to identify users. Systems using this method will have sensors with artificial intelligence technology to track and identify these characteristics before granting access.
1.2. What is Electronic Authentication?
According to Clause 6, Article 3 of Decree No. 69/2024/ND-CP, "Electronic authentication is the activity of authenticating, confirming, asserting, certifying or providing eIDs, eID accounts or other information existing in the national population database, the identification database, the entry/exit database via an electronic identification and authentication system, an electronic identification and authentication platform”.
2. Updates on New Legal Regulations on Biometrics in Payments
2.1. Online Payment Transactions of Individuals Must Be Authenticated by Biometrics in Certain Cases
According to Decision No. 2345/QD-NHNN in 2023 of the State Bank of Vietnam on implementing safety and security solutions in online payments and bank card payments, from July 1, 2024, online transactions of individual customers must be authenticated by biometric identification signs in type C and D transactions (details in section 2.4 of the article).
2.2. Registration for New Cards, E-wallets via Electronic Means Must Be Authenticated by Biometrics.
According to Clause 2, Article 9 and Clause 1, Article 10 of Circular 18/2024/TT-NHNN and Clause 1, Article 22 of Circular 40/2024/TT-NHNN of the State Bank. From October 1, 2024, individuals registering for cards/e-wallets via electronic means must perform biometric authentication. Card/e-wallet issuers must collect documents, information, and data to identify customers and biometric information for individual customers, or organization representatives for organizational customers.
2.3. All online payment transactions must use Biometrics
According to the provisions in point c, clause 5, Article 17 of Circular 17/2024/TT-NHNN, banks and foreign bank branches, when guiding customers to use payment accounts, must ensure principles, one of which is mandatory: “Only allowed to withdraw money, make payment transactions by electronic means on payment accounts when the identification documents and biometric information of the account holder or representative (for individual customers) or legal representative (for organizational customers) have been completely matched and verified…” .
And, Clause 6, Article 16 of Circular 18/2024/TT-NHNN also stipulates that “cards can only be used to perform card transactions by electronic means when the identification documents and biometric information of the cardholder have been completed and matched correctly”.
Both regulations in Circular 17/2024/TT-NHNN and Circular 18/2024/TT-NHNN mentioned above will take effect from January 1, 2025. Therefore, from this point, if customers do not provide biometric data and have not been verified, after January 1, 2025, all online transactions will be stopped. With the regulation in Clause 6, Article 16 of Circular 18/2024/TT-NHNN, biometric information is not only used for transfers but also to identify the account owner. This shows that bank account protection seems to be increased, preventing fraudulent activities.
And according to point c, clause 6, Article 25 of Circular 40/2024/TT-NHNN, from January 1, 2025, customers can only use e-wallets to perform transactions when they have completed the matching of identification documents and biometric information of the e-wallet owner, representative, or legal representative.
2.4. Mandatory cases for biometric authentication in online transactions (for the period before January 1, 2025; after January 1, 2025, it becomes mandatory for all transaction) according to Decision 2345/QD-NHNN in 2023
Methods for Type C and Type D transactions for individual customers:
|
|
|
|
|
|
Type C and D transactions belonging to group I.3 and group I.4, include:
|
|
|
|
|
|
|
|
|
|
|
|
2.5. Steps in biometric authentication
3. Management of electronic authentication using biometrics by the Ministry of Public Security
3.1. Collection of biometric information
A notable new point in the 2023 Citizen Identity Card Law, effective from July 1, 2024, is the collection of biometrics by the citizen identity card management agency when citizens apply for Identity Cards. Specifically, as stipulated in point b, clause 1, Article 23 of the Citizen Identity Card Law: “The person receiving and collecting identifying information and biometric information includes facial images, fingerprints, and iris scans of the person requiring an identity card”.
Therefore, from July 1, 2024, the identity card management agency receiving applications must collect biometric information to update the citizen identity database as assigned by the Ministry of Public Security to the citizen identity management agency.
Individuals provide information when applying for identity cards at Public Security agencies such as: Department of Administrative Management of Social Order; provincial/municipal Public Security agencies directly under the Central Government; Public Security at district/town/city level under provinces.
3.2. Responsibilities in collecting biometric information
The citizen identity management agency is responsible for collecting, updating, and adjusting information in the National Database on Population and Citizen Identity. They should guide individuals in providing biometric information. Simultaneously, they need to ensure information security and personal data protection in all cases when performing electronic authentication (according to Article 6 of the 2023 Citizen Identity Card Law).
Concurrently, the implementation of technological conveniences for citizens on citizen identity cards and electronic identity authentication is carried out synchronously and consistently; contributing to success in reducing administrative procedures, creating a civilized society, preventing petty corruption as well as improving the effectiveness and efficiency in policy planning, administration, and management by leaders and functional agencies...
The above is the latest update from DHT Law Firm on the 2024 legal regulations related to biometrics in online transactions in Vietnam. We, Dai Ha Thanh Law Company Limited, with our team of professionally trained Lawyers and Legal Advisors both domestically and internationally, are committed to providing professional legal services to our esteemed clients. If you need detailed advice, please contact us to receive professional and effective legal advisory services."
