Vietnam Biometric Verification Regulation

Vietnam’s New Regulation on Biometric Verification for Banks 

Vietnam began requiring biometric data on the first week of July for any digital transaction of 10 million dong ($390) or more made by bank or e-wallet transfer. The verification is also applicable if the total of all deposits in one day exceeds VND 20 million ($806).  

According to The Saigon Times, once the cumulative daily limit is reached, any additional transactions will require face and fingerprint authentication. Users must also complete biometric authentication when making their first online payment via an app or a new device. 

Transactions below either limit only require a one-time password (OTP) verification. Individuals can use chip-based identity cards, VNeID accounts, or biometric data stored in bank information systems to complete the biometric authentication process.  

Traditional verification methods like conventional passwords and pins are increasingly vulnerable to attacks, while biometric verification, unique to each individual, offers stronger protection. The State Bank of Vietnam said the regulation is meant “to ensure the safety and security in online payments and bankcard payments,” including for digital wallets. This requirement was specified in Decision 2345/QD-NHNN. This Decision approves biometric authentication methods including facial recognition, fingerprint, and iris scans. Whenever a customer uses one of these methods, their biometric data must match the biometric data that is stored inside the ID card. Alternatively, biometric data can be verified on the digital population database. For credit institutions under special surveillance, the change will take effect on January 1, 2025.

The Challenges 

The rapid implementation has not been without challenges. Many users have reported difficulties in updating their biometric data. In response to these difficulties, banks have stated that citizens and foreign customers can update their data online via the banking app or visit bank branches with chip-based ID cards for in–person verification using NFC (Near Field Communication) readers. Bank staff will also help them collect biometric information which will be kept by the bank for future transactions.  

The surge in biometric adoption has also led to an increase in fraud, according to The Cybersecurity Authority of the Ministry of Information and Communications (MIC). Scammers have exploited the system by impersonating bank employees to extract sensitive information from customers under the pretense of updating biometric data. There have been instances where fraudsters used high-resolution photos and videos to deceive biometric checks on banking apps.  

When a fraudster attempts to register, their face is often compared to the one inside the document chip. This may not work due to a different picture on the document. However, consider a scenario in which a fraudster gains access to personal information (PII) and attempts to change the chip data by visiting a bank and recording their own biometric information. This jeopardizes the integrity of the data source, making it unreliable anymore and may even allow further fraud attempts. Thus, not only do citizens need to be vigilant toward their own data, but banks and financial organizations need to ensure that they possess robust security measures. The new regulation also results in a big influx of customers needing verification; therefore, organizations must process them quickly and seamlessly for excellent customer experience.  

The Solutions 

For automated identity verification, thousands of organizations have relied on Keesing AuthentiScan. With AuthentiScan, they can comply with anti-money laundering (AML) and know-your-customer (KYC) regulations. Within seconds, financial institutions can check the authenticity of ID documents, perform face verification to deter impostors, and optionally do screenings against PEP and sanctions lists. This makes it a helpful solution for customers coming to branches. Compliant with GDPR and ISO 27001 standards, AuthentiScan ensures stringent data security. Get a free demonstration of AuthentiScan here.  

A hybrid approach of both automated and manual verification will enhance accuracy. Keesing DocumentChecker is a trusted reference database for entities with manual verification or as a second line of defense. During this regulatory change, banks will verify not only Vietnamese IDs but also those of foreigners, each with distinctive security features. It’s not feasible to remember every security feature or document detail in the world, so a reference database like DocumentChecker is necessary. Click here to get a free trial account. 

Keesing Expert Helpdesk, staffed with certified document experts, are available whether you use DocumentChecker or AuthentiScan. They assist organizations by answering document-specific questions, inspecting questionable IDs, and advice companies decide whether to accept or decline presented documents.

Reach Out for Questions & Free Demonstrations or Trials

Contact us today to learn more about implementing strong security measures that ensure compliance while also protecting against emerging threats. Our experts are here to give you expert guidance and solutions tailored to your needs. Reach out to us below via email or call +31 (0)20 7157 825.