The State Bank of Vietnam (SBV) will tighten Online Banking security requirements starting March 1, 2026. What are the key new regulations? Below are the major changes introduced under Circular No. 77/2025/TT-NHNN.
1. Mobile Money services are subject to bank-level security requirements
Accordingly, Article 1 of Circular No. 77/2025/TT-NHNN expands the scope and subjects of application of Circular No. 50/2024/TT-NHNN to include the provision of Mobile Money services.
As a result, Mobile Money service providers are required to apply security measures equivalent to those applicable to credit institutions under Circular No. 77/2025/TT-NHNN.
Recently, the Government officially issued Decree No. 368/2025/ND-CP on Mobile Money services, which provides specific and clear regulations governing this type of service.
2. Additional verification requirements for changes to customers’ identification information
Under Article 3 of Circular No. 77/2025/TT-NHNN, where customers change their information, biometric matching verification must be applied in combination with one of the following authentication methods:
One-time password (OTP);
Authentication via voice calls, Zalo or similar platforms, USSD quick message codes, or specialized software applications;
Secure electronic signature authentication.
Changes to customer information include changes to:
Personal identification documents (including citizen identity cards, identity cards, electronic identity cards, and passports);
Information used to register and use transaction authentication methods (at a minimum including phone numbers, email addresses, or electronic signatures).
3. Requirement to install the latest Mobile Banking version when changing devices
A notable new provision effective from March 1, 2026 is the tightening of control over Mobile Banking application versions, as stipulated in Article 5 of Circular No. 77/2025/TT-NHNN.
Specifically, at least once every three months, credit institutions are required to assess the safety and security of application versions permitted for installation and use, in order to promptly detect vulnerabilities and risks of cybercriminal interference.
Where customers activate Mobile Banking on a new mobile device or reactivate the application, they must install and use the latest or most recent version to ensure security. In particular, downgrading to older versions is not permitted.
4. Mobile Banking applications must automatically suspend operation in three cases
Along with stricter version management to prevent malware attacks, Clause 2 Article 5 of Circular No. 77/2025/TT-NHNN requires Mobile Banking applications to automatically disconnect or immediately cease operation if the mobile device is detected to be in any of the following cases:
The device has been jailbroken (for iOS), rooted (for Android), or has had its bootloader protection mechanism unlocked. Such actions are commonly taken to install unofficial applications or circumvent licensing restrictions;
The device has been injected with malicious code to monitor or record operation history, or has been modified or repackaged;
The device has debugging tools attached or is running applications on emulators, virtual machines, or simulated devices.
5. Additional cases permitting password storage in Mobile Banking applications
Clause 5 Article 8 of Circular No. 50/2024/TT-NHNN has been amended and supplemented by Article 5 of Circular No. 77/2025/TT-NHNN as follows:
The function allowing storage of access secret keys is not permitted, except where the authentication method specified in Clause 6 Article 11 of this Circular is applied.
Accordingly, Mobile Banking applications are not permitted to store passwords, except where customers are authenticated through fingerprint, iris, or Face ID matching with information stored on the device. Such authentication must satisfy the following conditions:
Activation is allowed only after obtaining customer consent and after the customer has successfully completed at least one transaction using another authentication method.
The maximum authentication time is two minutes.
6. Biometric spoofing detection solutions must meet ISO 30107 standards
Another major change effective from March 1, 2026 is stipulated in Clause 1 Article 7 of Circular No. 77/2025/TT-NHNN, which introduces new requirements for biometric Presentation Attack Detection (PAD) solutions, particularly in light of increasingly sophisticated fraud schemes such as AI-generated deepfakes.
Accordingly, such solutions must not only be certified by biometric organizations or laboratories recognized by the FIDO Alliance, but may also be certified by accredited certification bodies confirming compliance with international ISO standards, meeting ISO 30107 Level 2 or equivalent.
Certification bodies must be accredited by an accreditation authority that is a participant in the multilateral mutual recognition arrangement of the International Accreditation Forum.
The above summarizes the key new provisions of Circular No. 77/2025/TT-NHNN, effective from March 1, 2026, regarding Online Banking security.
The State Bank of Vietnam has promulgated a document providing guidance on the listing of stocks on foreign securities markets by credit institutions, which takes effect from January 29, 2026. Below are the major changes of Circular No. 47/2025/TT-NHNN.
To list stocks on foreign securities markets, joint-stock credit institutions must obtain approval from the State Bank of Vietnam. Below are the procedures for obtaining approval for listing stocks on foreign securities markets, in accordance with Circular No. 47/2025/TT-NHNN, which takes effect on January 29, 2026.
The establishment of the International Financial Center necessitates an appropriate judicial institution capable of resolving cross-border investment and business disputes. In this context, the Law on Specialized Court at the International Financial Center was enacted as a key legal foundation for the application of a professional adjudicatory mechanism, thereby enhancing Vietnam’s profile and competitiveness in the international arena.
Every year on November 20, Vietnam honors teachers for their dedication to the noble cause of education. This year, the celebration is especially meaningful as the National Assembly has adopted the Law on Teachers, a major step forward in honoring and developing the contigent of teachers, and improving education quality nationwide.
At the exhibition of the 2025 Law Day Celebration organized by the Ministry of Justice on November 7, 2025, the Chairman of the National Assembly, Mr. Tran Thanh Man, directly interacted with the Law AI system operated and developed by LuatVietnam.vn on the National Law Portal.
In recent years, along with the strong growth of the economy and the increasing demand for loans, credit activities in Vietnam have expanded both in scale and scope. However, accompanying this development is the reality that disputes over credit contracts have become increasingly common, not only rising sharply in number but also becoming more complex in nature and extent.
As Vietnam accelerates the transition to clean energy models, the revised Atomic Energy Law stands out as a statutory imperative to facilitate the safe and sustainable development of nuclear power for peaceful purposes.
Vietnam is shaping strategic steps to become a destination for global capital flows, most notably with the plan to establish international financial centers in Ho Chi Minh City and Da Nang. As the doors of integration open wider, domestic enterprises will have opportunities to access large-scale investment projects, but at the same time must also face more sophisticated legal risks.
The strong development of international exchanges has made civil relations with foreign elements increasingly common in Vietnam. Among them, inheritance is a particularly complex field, as it not only relates to property rights and personal rights but is also simultaneously governed by multiple legal systems. Therefore, a comprehensive study of the inheritance estate of foreigners in Vietnam is not only of theoretical significance but also of practical value, helping to ensure the legitimate rights and interests of the parties
English
RSS
