I. Legal Basis

Circular 50/2024/TT-NHNN

II. Methods of Electronic Transaction Authentication via Online Banking Systems

1. Password Authentication

Length and Structure: Passwords must contain at least 8 characters, including numbers, uppercase, and lowercase letters.

Validity Period:

• Up to 12 months for regular passwords.
• 30 days for default-issued passwords.

2. PIN Authentication (Personal Identification Number)

Length: PINs must consist of at least 6 digits.

Validity Period:

• Up to 12 months for regular PINs.
• 30 days for default-issued PINs.

3. One-Time Password (OTP) Authentication

SMS OTP: Valid for up to 5 minutes.

Voice OTP: Valid for up to 3 minutes.

Email OTP: Valid for up to 5 minutes.

Matrix Card OTP:

• Registration validity: Up to 1 year.
• OTP validity: Up to 2 minutes.

Soft OTP: Valid for up to 2 minutes.

Token OTP: Valid for up to 2 minutes.

4. Two-Channel Authentication

Process: The Online Banking system sends a transaction confirmation request to the customer’s mobile device via one of the following methods:

• Voice call or basic internet telecommunication call.
• USSD quick messaging code.
• Specialized software.

Response: Customers confirm directly through the connected channel (call, USSD message, or software) to approve or reject the transaction.

Validity Period: Confirmation requests are valid for up to 5 minutes.

5. Biometric Information Matching

Requirements: Customer biometric data is matched against the stored information at the institution.

Face Recognition:

• Accuracy: False rejection rate < 5%, and false acceptance rate < 0.01% according to FIDO Biometric Requirements (minimum sample size of 10,000).
• Presentation Attack Detection (PAD): Must meet international standards (e.g., NIST SP 800-63B, ISO 30107, FIDO Biometric Requirements).
• Fraud Prevention: Other forms of biometric matching must meet equivalent fraud prevention standards.
• PAD Certification: Solutions must be certified by FIDO Alliance-recognized biometric laboratories or organizations.
• Error Limit: If customers fail authentication more than 10 times, the function will be locked and can only be unlocked upon customer request and verification.
• Matching Time: Maximum of 3 minutes.

6. Biometric Information Matching on Devices

Requirements: Customer biometric data is matched against the information stored on their mobile device.

Activation: Permitted only after customer consent and successful completion of at least one transaction using another authentication method.

Matching Time: Maximum of 2 minutes.

7. FIDO Authentication (Fast IDentity Online)

Method: Utilizes asymmetric key algorithms (private and public keys) for authentication.

Private Key:

• Securely stored on the customer’s device.
• Accessible via PIN or device biometric matching for transactions.

Public Key: Stored securely at the institution and linked to the customer’s electronic transaction account.

Certification: FIDO authentication solutions must be certified by the FIDO Alliance if provided by third parties or self-implemented by the institution.

8. Electronic Signature Authentication

Follows the legal regulations on electronic signatures (excluding secure electronic signatures specified in section 9).

9. Secure Electronic Signature Authentication

Involves specialized electronic signatures, ensuring safety and compliance with Vietnamese laws on electronic signatures, including recognized foreign digital signatures.

10. Risk-Based Authentication for Online Card Transactions (EMV 3-D Secure)

Issuers, payment organizations, and merchants must implement the EMV 3-D Secure standard.

11. Authentication via Online Banking Application Operations

Process: Customers confirm transaction-related data messages through actions such as clicking accept, approve, or send.

Log Storage: Authentication actions must be logged to allow query of related information.

For Organizational Customers: Organizations must log in to the Online Banking application and use authentication methods according to these regulations, except for items 1, 2, 6, and 10.

III. About Us, Hankuk Law Firm

■ Hankuk Law Firm – Introduction

The goal of the legal services provided by HANKUK LAW FIRM is to support businesses, investors, and people. Our organization employs skilled Korean lawyers, partners, and professionals to provide legal services to businesses related to corporations and litigation.

To support the startup process, our lawyers and staff provide a wide range of services, including business law consulting, tax and immigration law consulting, real estate services, business consulting, marketing and communications, human resources, product distribution, franchise options, etc. We provide expert advice on every aspect of your business needs.

To protect the legitimate rights and interests of our clients and achieve the best results, we provide legal advice and participate in civil lawsuits related to business, labor, marriage, family, and inheritance.

■ Contact us now

For reliable and effective legal advice, please contact HANKUK LAW FIRM now. We are committed to providing you with the best possible answers and our team of experienced lawyers has extensive knowledge in many legal fields. We are always here to provide the most competent and dedicated support, whether you are dealing with contractual issues, commercial disputes or need guidance on foreign investment. HANKUK LAW FIRM is honored to have assisted hundreds of domestic and international clients in skillfully resolving complex legal issues as their trusted legal partner. Do not let legal issues hinder your success. Let us accompany you towards legal achievement and comfort. For prompt guidance and support to ensure your rights are always maintained at the highest standards, contact HANKUK LAW FIRM now.

■ Contact Hankuk Law Firm:

Website: http://hankuklawfirm.com/en/  FB: https://www.facebook.com/hankuk.lawfirm  Tiktok: https://www.tiktok.com/@hankuklawfirm Youtube: https://www.youtube.com/@hankuklawfirm6375 Email:  info@hankuklawfirm.com   SĐT: 0942.339.063