The State Bank of Vietnam (SBV) will tighten Online Banking security requirements starting March 1, 2026. What are the key new regulations? Below are the major changes introduced under Circular No. 77/2025/TT-NHNN.
1. Mobile Money services are subject to bank-level security requirements
Accordingly, Article 1 of Circular No. 77/2025/TT-NHNN expands the scope and subjects of application of Circular No. 50/2024/TT-NHNN to include the provision of Mobile Money services.
As a result, Mobile Money service providers are required to apply security measures equivalent to those applicable to credit institutions under Circular No. 77/2025/TT-NHNN.
Recently, the Government officially issued Decree No. 368/2025/ND-CP on Mobile Money services, which provides specific and clear regulations governing this type of service.
2. Additional verification requirements for changes to customers’ identification information
Under Article 3 of Circular No. 77/2025/TT-NHNN, where customers change their information, biometric matching verification must be applied in combination with one of the following authentication methods:
One-time password (OTP);
Authentication via voice calls, Zalo or similar platforms, USSD quick message codes, or specialized software applications;
Secure electronic signature authentication.
Changes to customer information include changes to:
Personal identification documents (including citizen identity cards, identity cards, electronic identity cards, and passports);
Information used to register and use transaction authentication methods (at a minimum including phone numbers, email addresses, or electronic signatures).
3. Requirement to install the latest Mobile Banking version when changing devices
A notable new provision effective from March 1, 2026 is the tightening of control over Mobile Banking application versions, as stipulated in Article 5 of Circular No. 77/2025/TT-NHNN.
Specifically, at least once every three months, credit institutions are required to assess the safety and security of application versions permitted for installation and use, in order to promptly detect vulnerabilities and risks of cybercriminal interference.
Where customers activate Mobile Banking on a new mobile device or reactivate the application, they must install and use the latest or most recent version to ensure security. In particular, downgrading to older versions is not permitted.
4. Mobile Banking applications must automatically suspend operation in three cases
Along with stricter version management to prevent malware attacks, Clause 2 Article 5 of Circular No. 77/2025/TT-NHNN requires Mobile Banking applications to automatically disconnect or immediately cease operation if the mobile device is detected to be in any of the following cases:
The device has been jailbroken (for iOS), rooted (for Android), or has had its bootloader protection mechanism unlocked. Such actions are commonly taken to install unofficial applications or circumvent licensing restrictions;
The device has been injected with malicious code to monitor or record operation history, or has been modified or repackaged;
The device has debugging tools attached or is running applications on emulators, virtual machines, or simulated devices.
5. Additional cases permitting password storage in Mobile Banking applications
Clause 5 Article 8 of Circular No. 50/2024/TT-NHNN has been amended and supplemented by Article 5 of Circular No. 77/2025/TT-NHNN as follows:
The function allowing storage of access secret keys is not permitted, except where the authentication method specified in Clause 6 Article 11 of this Circular is applied.
Accordingly, Mobile Banking applications are not permitted to store passwords, except where customers are authenticated through fingerprint, iris, or Face ID matching with information stored on the device. Such authentication must satisfy the following conditions:
Activation is allowed only after obtaining customer consent and after the customer has successfully completed at least one transaction using another authentication method.
The maximum authentication time is two minutes.
6. Biometric spoofing detection solutions must meet ISO 30107 standards
Another major change effective from March 1, 2026 is stipulated in Clause 1 Article 7 of Circular No. 77/2025/TT-NHNN, which introduces new requirements for biometric Presentation Attack Detection (PAD) solutions, particularly in light of increasingly sophisticated fraud schemes such as AI-generated deepfakes.
Accordingly, such solutions must not only be certified by biometric organizations or laboratories recognized by the FIDO Alliance, but may also be certified by accredited certification bodies confirming compliance with international ISO standards, meeting ISO 30107 Level 2 or equivalent.
Certification bodies must be accredited by an accreditation authority that is a participant in the multilateral mutual recognition arrangement of the International Accreditation Forum.
The above summarizes the key new provisions of Circular No. 77/2025/TT-NHNN, effective from March 1, 2026, regarding Online Banking security.
Stronger digital infrastructure, larger startup funding and hi-tech FDI are helping Vietnam reshape its growth model, but shortages of skilled labour, low research and development spending and cybersecurity risks remain major hurdles.
The Law on Artificial Intelligence establishes a unified set of statutory definitions relating to AI and the actors involved throughout its lifecycle. It defines AI as the electronic replication of human intellectual capabilities, including learning, reasoning, perception, judgment, and natural language understanding
With Resolution 10-NQ/TW, issued on June 8, 2026, Vietnam is moving from broad-based foreign investment attraction to a more selective strategy that prioritises high-quality capital, advanced technology, sustainability and stronger links between foreign investors and domestic enterprises.
By addressing the specific needs of different population groups, the new law lays a stronger foundation for sustainable population development, higher-quality human resources and improved quality of life.
Against the backdrop of digital transformation and the need to build a professional, humane and modern press, the Press Law is expected to contribute to the sustainable development of Vietnam’s revolutionary journalism.
On June 8, 2026, the Political Bureau issued Resolution No. 10-NQ/TW on the development of the foreign-invested economy, setting out a comprehensive direction for reforming policies on attracting, managing and utilizing foreign investment in the new development phase. Below are eight key policies introduced under the Resolution.
From July 20, 2026, service support policies for certain leadership positions in the political system will officially take effect. Which leadership positions are eligible for these policies, what are the applicable support amounts, and what are the principles of organization and operation of the Government?
Vietnam continues to be one of the most attractive destinations for foreign investment, supported by a stable political environment, strong economic growth, and an increasingly transparent investment legal framework. However, before deciding on the investment location, business sector, or project scale, one of the first questions foreign investors should address is which investment structure is most suitable for their business objectives.
On the afternoon of June 17, 2026, at the National News Center (No. 5 Ly Thuong Kiet, Hanoi), Vietnam News and Law, a publication under the Vietnam News Agency (VNA), held a ceremony to mark the 35th anniversary of the first issue of Vietnam News (June 17, 1991 – June 17, 2026).
The jurisdiction of commercial arbitration rests on two independent conditions that must be satisfied together: subject-matter jurisdiction — the dispute must fall within a category that the law permits to be resolved by arbitration; and jurisdiction by agreement — the parties must have a valid arbitration agreement.