Policy on security in online banking service provision drafted

VIETNAM, June 26 - HÀ NỘI — The State Bank of Vietnam (SBV) has finalised a draft circular on safety and security in providing online services in the banking industry.

Under the draft circular, the online banking system must comply with the Government’s current regulations on ensuring the information system security at Grade 3 or higher.

According to the Law on Cyberinformation Security 2015, classification of information systems by security grade means the determination of information security grades of information systems in an ascending order from 1 to 5.

Grade 3 means that when an information system is sabotaged, it will seriously harm production, public interests and social order and safety or will harm national defence and security.

According to the draft circular, the online banking system must also ensure the confidentiality and integrity of customer information and the availability to provide services continuously.

Customer transactions must be assessed for minimum risk according to each customer group, transaction type and transaction limit to enable the provision of appropriate forms of transaction authentication for customers.

The draft circular requires banks to carry out annual security and confidentiality inspections and assessments of the online banking system.

In addition, banks must regularly identify potential risks and determine the causes of the risks in providing online banking services to promptly take measures to prevent, control and handle those risks.

Information technology infrastructure and equipment that are used to provide online banking services must have copyright and origin. For equipment that is nearing the end of its product life cycle and will no longer be supported by the manufacturer, banks must have an upgrade and replacement plan according to the manufacturer's announcement to ensure the equipment to be installed with new software versions.

Besides having firewalls and monitoring and warning systems against unusual behaviour, banks must also establish a mechanism to detect and prevent intrusions and network attacks on their online banking system, according to the circular drafts.

According to Trần Quang Hưng, deputy director of the Ministry of Information and Communications’ Information Security Department information security in the banking system plays an important role.

With a large amount of bank and customer data, the security of customer information in particular and banking data in general is mandatory for all credit institutions. Therefore, banks need to be equipped with modern technology and constantly strengthen their capacity as well as invest in security.

Sharing that view, Phan Việt Linh, director of CDNetworks Vietnam, said the speed of digital transformation in the finance and banking sector in Việt Nam was accelerating.

At the same time, banks often face attacks from high-tech criminals attempting to steal customer data to conduct property appropriation fraud. Therefore, banks must strengthen defence measures to ensure safety and security in their systems. — VNS