The State Bank of Vietnam (SBV) will tighten Online Banking security requirements starting March 1, 2026. What are the key new regulations? Below are the major changes introduced under Circular No. 77/2025/TT-NHNN.
1. Mobile Money services are subject to bank-level security requirements
Accordingly, Article 1 of Circular No. 77/2025/TT-NHNN expands the scope and subjects of application of Circular No. 50/2024/TT-NHNN to include the provision of Mobile Money services.
As a result, Mobile Money service providers are required to apply security measures equivalent to those applicable to credit institutions under Circular No. 77/2025/TT-NHNN.
Recently, the Government officially issued Decree No. 368/2025/ND-CP on Mobile Money services, which provides specific and clear regulations governing this type of service.
2. Additional verification requirements for changes to customers’ identification information
Under Article 3 of Circular No. 77/2025/TT-NHNN, where customers change their information, biometric matching verification must be applied in combination with one of the following authentication methods:
One-time password (OTP);
Authentication via voice calls, Zalo or similar platforms, USSD quick message codes, or specialized software applications;
Secure electronic signature authentication.
Changes to customer information include changes to:
Personal identification documents (including citizen identity cards, identity cards, electronic identity cards, and passports);
Information used to register and use transaction authentication methods (at a minimum including phone numbers, email addresses, or electronic signatures).
3. Requirement to install the latest Mobile Banking version when changing devices
A notable new provision effective from March 1, 2026 is the tightening of control over Mobile Banking application versions, as stipulated in Article 5 of Circular No. 77/2025/TT-NHNN.
Specifically, at least once every three months, credit institutions are required to assess the safety and security of application versions permitted for installation and use, in order to promptly detect vulnerabilities and risks of cybercriminal interference.
Where customers activate Mobile Banking on a new mobile device or reactivate the application, they must install and use the latest or most recent version to ensure security. In particular, downgrading to older versions is not permitted.
4. Mobile Banking applications must automatically suspend operation in three cases
Along with stricter version management to prevent malware attacks, Clause 2 Article 5 of Circular No. 77/2025/TT-NHNN requires Mobile Banking applications to automatically disconnect or immediately cease operation if the mobile device is detected to be in any of the following cases:
The device has been jailbroken (for iOS), rooted (for Android), or has had its bootloader protection mechanism unlocked. Such actions are commonly taken to install unofficial applications or circumvent licensing restrictions;
The device has been injected with malicious code to monitor or record operation history, or has been modified or repackaged;
The device has debugging tools attached or is running applications on emulators, virtual machines, or simulated devices.
5. Additional cases permitting password storage in Mobile Banking applications
Clause 5 Article 8 of Circular No. 50/2024/TT-NHNN has been amended and supplemented by Article 5 of Circular No. 77/2025/TT-NHNN as follows:
The function allowing storage of access secret keys is not permitted, except where the authentication method specified in Clause 6 Article 11 of this Circular is applied.
Accordingly, Mobile Banking applications are not permitted to store passwords, except where customers are authenticated through fingerprint, iris, or Face ID matching with information stored on the device. Such authentication must satisfy the following conditions:
Activation is allowed only after obtaining customer consent and after the customer has successfully completed at least one transaction using another authentication method.
The maximum authentication time is two minutes.
6. Biometric spoofing detection solutions must meet ISO 30107 standards
Another major change effective from March 1, 2026 is stipulated in Clause 1 Article 7 of Circular No. 77/2025/TT-NHNN, which introduces new requirements for biometric Presentation Attack Detection (PAD) solutions, particularly in light of increasingly sophisticated fraud schemes such as AI-generated deepfakes.
Accordingly, such solutions must not only be certified by biometric organizations or laboratories recognized by the FIDO Alliance, but may also be certified by accredited certification bodies confirming compliance with international ISO standards, meeting ISO 30107 Level 2 or equivalent.
Certification bodies must be accredited by an accreditation authority that is a participant in the multilateral mutual recognition arrangement of the International Accreditation Forum.
The above summarizes the key new provisions of Circular No. 77/2025/TT-NHNN, effective from March 1, 2026, regarding Online Banking security.
The deadline for enterprise income tax finalization is an important milestone that every enterprise should pay special attention to after the end of a fiscal year. Late submission of tax finalization dossiers or underpayment of payable tax amounts will not only incur late payment interest but may also result in administrative penalties for tax violations.
From March 2026, a series of new decrees and circulars will introduce electronic identification codes for real estate, strengthen transparency requirements for charitable funds, tighten administrative sanctions, and impose stricter compliance obligations in the banking sector.
Being one of the first countries in the world to enact a specialised law on artificial intelligence, Vietnam affirms its determination to establish a unified legal framework for the development, application and governance of artificial intelligence in order to protect human beings, promote innovation, and build a self-reliant, secure and human-centred digital future.
As the global economy transitions towards a knowledge-based model, science, technology and innovation have become decisive engines of national growth. In Vietnam, the 2025 Law on Science, Technology and Innovation is widely viewed as a strategic institutional framework for improving national competitiveness while raising the country’s position in global value chains.
The State Bank of Vietnam has issued Circular No. 55/2025/TT-NHNN prescribing the licensing of non-bank credit institutions. Below are the major changes of Circular No. 55/2025/TT-NHNN to clarify the applicable regulations as of 09 February 2026.
The State Bank of Vietnam has issued a Circular amending and supplementing regulations on required reserves applicable to credit institutions and foreign bank branches. Below are the major changes introduced by Circular No. 23/2025/TT-NHNN regarding banks’ required reserves.
In the course of operation, commercial banks must comply with various regulations on the number and establishment of transaction offices. Under current law, how many transaction offices may a commercial bank establish? The article below provides detailed information.
English
RSS
![[Update now] Personal income tax policies 2026: 05 major changes](https://image3.luatvietnam.vn/uploaded/230x130twebp/images/original/2026/02/25/update-now-personal-income-tax-policies-2026-five-major-changes_2502135544.jpg)
