Tiếng Việt- 1 Law no. 51/2005/QH11 of November 29, 2005 on E-transactions
- 2 Decree of Government No. 35/2007/ND-CP of March 08, 2007 on banking e-transactions
- 3 Law No. 46/2010/QH12 of June 16, 2010, on the State Bank of Vietnam
- 4 Law No. 47/2010/QH12 of June 16, 2010, on credit institutions
- 5 Decree No. 101/2012/ND-CP of November 22, 2012, non-cash payments
- 6 Decree No. 80/2016/ND-CP date July 1, 2016, on amendments to Government''s Decree No. 101/2012/ND-CP on non-cash payments
- 7 Law No. 17/2017/QH14 dated November 20, 2017
- 8 Circular No. 47/2014/TT-NHNN dated December 31,2014, defining the technical requirements for confidentiality and safety of equipment serving bank card payment
| THE STATE BANK OF VIETNAM | THE SOCIALIST REPUBLIC OF VIETNAM |
| No. 20/2020/TT-NHNN | Hanoi, December 31, 2020 |
Pursuant to the Law on the State Bank of Vietnam dated June 16, 2010;
Pursuant to the Law on Credit Institutions dated June 16, 2010; Law on Amendments to the Law on Credit Institutions dated November 20, 2017;
Pursuant to the Law on E-Transactions dated November 29, 2005;
Pursuant to the Government’s Decree No. 35/2007/ND-CP dated March 08, 2007 on e-transactions in banking operations;
Pursuant to the Government’s Decree No. 101/2012/ND-CP dated November 22, 2012 on non-cash payments; Government’s Decree No. 80/2016/ND-CP dated July 01, 2016 on amendments to Government's Decree No. 101/2012/ND-CP dated November 22, 2012 on non-cash payments.
Pursuant to the Government’s Decree No. 16/2017/ND-CP dated February 17, 2017 defining the functions, tasks, powers and organizational structure of the State Bank of Vietnam;
...
...
...
Mọi chi tiết xin liên hệ: ĐT: (028) 3930 3279 DĐ: 0906 22 99 66
The Governor of the State Bank of Vietnam hereby promulgates a Circular on amendments to Circular No. 47/2014/TT-NHNN dated December 31, 2014 of the Governor of the State Bank of Vietnam defining technical requirements concerning security and confidentiality of equipment serving bank card payment (hereinafter referred to as the “Circular No. 47/2014/TT-NHNN”).
Article 1. Amendments to Circular No. 47/2014/TT-NHNN
1. Clause 9 of Article 2 is amended as follows:
“9. “strong encryption” means an encryption method based on the algorithm tested and widely accepted in the world with a minimum key length of 112 (one hundred and twelve) bits and appropriate key management techniques. The minimum algorithms include AES (256 bits); RSA (2048 bits); ECC (224 bits); ElGamal (2048 bits).”.
2. Point d Clause 1 of Article 3 is amended as follows:
“d) Internal Internet Protocol address (IP address) and routing information shall not be provided for other organizations without the approval by a competent person. Measures shall be in place to hide internal IP address and information about the routing table when connecting with the third parties;”.
3. Point c Clause 3 of Article 3 is amended as follows:
“c) Access from the cardholder data environment to public Internet shall be subject to the approval by a competent person and kept under strict control.”.
4. Clause 5 is added to Article 4 as follows:
...
...
...
Mọi chi tiết xin liên hệ: ĐT: (028) 3930 3279 DĐ: 0906 22 99 66
5. Clause 8 is added to Article 5 as follows:
“8. Regular reviews shall be carried out to make sure that hardware and software receive technical support from the manufacturer.”.
6. Clause 1 of Article 6 is amended as follows:
“1. The access to all components of an information system serving card payment must be authenticated by at least one of the following methods: secret keys; authentication card or equipment; biometrics.”.
7. Point c Clause 4 of Article 6 is amended as follows:
“e) Unused or expired accounts or accounts that have been inactive for a period of up to 90 days since the last login shall be revoked or deactivated;
8. Clause 3 of Article 10 is amended as follows:
“3. There must be phone numbers of card acquirers on all POS.”.
9. Point c Clause 1 of Article 14 is amended as follows:
...
...
...
Mọi chi tiết xin liên hệ: ĐT: (028) 3930 3279 DĐ: 0906 22 99 66
10. Clause 1 of Article 15 is amended as follows:
“1. Methods of strong encryption and appropriate security protocols shall be used to protect card authentication data during transmission of information through the network connected to external networks (Internet, wireless network, mobile communications network and other networks).”.
11. Point b Clause 1 of Article 17 is amended as follows:
“b) Camera shall be used or other measures shall be taken to monitor the entry into or exit from the server room, releasing and printing area, holder data processing and storage area. The monitoring data must be retained, securely protected and accessible for at least 03 months.”.
12. Point i is added to Clause 1 of Article 18 as follows:
“i) Policies and processes shall be promulgated to monitor all access to network resources and cardholder data and disseminated to all individuals and departments related to card operations.”.
Article 3. Responsibility for implementation
...
...
...
Mọi chi tiết xin liên hệ: ĐT: (028) 3930 3279 DĐ: 0906 22 99 66
Article 4. Implementation clause
This Circular comes into force from February 15, 2021./.
PP. THE GOVERNOR
THE DEPUTY GOVERNOR
Nguyen Kim Anh