Hệ thống pháp luật
Loading content, please wait a moment ...
Đang tải nội dung, vui lòng chờ giây lát...

THE STATE BANK OF VIETNAM
-------

THE SOCIALIST REPUBLIC OF VIETNAM
Independence - Freedom - Happiness
---------------

No. 20/2020/TT-NHNN

Hanoi, December 31, 2020

 

CIRCULAR

AMENDMENTS TO CIRCULAR NO. 47/2014/TT-NHNN DATED DECEMBER 31, 2014 OF THE GOVERNOR OF THE STATE BANK OF VIETNAM DEFINING TECHNICAL REQUIREMENTS CONCERNING SECURITY AND CONFIDENTIALITY OF EQUIPMENT SERVING BANK CARD PAYMENT

Pursuant to the Law on the State Bank of Vietnam dated June 16, 2010;

Pursuant to the Law on Credit Institutions dated June 16, 2010; Law on Amendments to the Law on Credit Institutions dated November 20, 2017;

Pursuant to the Law on E-Transactions dated November 29, 2005;

Pursuant to the Government’s Decree No. 35/2007/ND-CP dated March 08, 2007 on e-transactions in banking operations;

Pursuant to the Government’s Decree No. 101/2012/ND-CP dated November 22, 2012 on non-cash payments; Government’s Decree No. 80/2016/ND-CP dated July 01, 2016 on amendments to Government's Decree No. 101/2012/ND-CP dated November 22, 2012 on non-cash payments.

Pursuant to the Government’s Decree No. 16/2017/ND-CP dated February 17, 2017 defining the functions, tasks, powers and organizational structure of the State Bank of Vietnam;

...

...

...

Bạn phải đăng nhập hoặc đăng ký Thành Viên TVPL Pro để sử dụng được đầy đủ các tiện ích gia tăng liên quan đến nội dung TCVN.

Mọi chi tiết xin liên hệ: ĐT: (028) 3930 3279 DĐ: 0906 22 99 66

The Governor of the State Bank of Vietnam hereby promulgates a Circular on amendments to Circular No. 47/2014/TT-NHNN dated December 31, 2014 of the Governor of the State Bank of Vietnam defining technical requirements concerning security and confidentiality of equipment serving bank card payment (hereinafter referred to as the “Circular No. 47/2014/TT-NHNN”).

Article 1. Amendments to Circular No. 47/2014/TT-NHNN

1. Clause 9 of Article 2 is amended as follows:

 “9. “strong encryption” means an encryption method based on the algorithm tested and widely accepted in the world with a minimum key length of 112 (one hundred and twelve) bits and appropriate key management techniques. The minimum algorithms include AES (256 bits); RSA (2048 bits); ECC (224 bits); ElGamal (2048 bits).”.

2. Point d Clause 1 of Article 3 is amended as follows:

“d) Internal Internet Protocol address (IP address) and routing information shall not be provided for other organizations without the approval by a competent person. Measures shall be in place to hide internal IP address and information about the routing table when connecting with the third parties;”.

3. Point c Clause 3 of Article 3 is amended as follows:

“c) Access from the cardholder data environment to public Internet shall be subject to the approval by a competent person and kept under strict control.”.

4. Clause 5 is added to Article 4 as follows:

...

...

...

Bạn phải đăng nhập hoặc đăng ký Thành Viên TVPL Pro để sử dụng được đầy đủ các tiện ích gia tăng liên quan đến nội dung TCVN.

Mọi chi tiết xin liên hệ: ĐT: (028) 3930 3279 DĐ: 0906 22 99 66

5. Clause 8 is added to Article 5 as follows:

“8. Regular reviews shall be carried out to make sure that hardware and software receive technical support from the manufacturer.”.

6. Clause 1 of Article 6 is amended as follows:

 “1. The access to all components of an information system serving card payment must be authenticated by at least one of the following methods: secret keys; authentication card or equipment; biometrics.”.

7. Point c Clause 4 of Article 6 is amended as follows:

“e) Unused or expired accounts or accounts that have been inactive for a period of up to 90 days since the last login shall be revoked or deactivated;

8. Clause 3 of Article 10 is amended as follows:

“3. There must be phone numbers of card acquirers on all POS.”.

9. Point c Clause 1 of Article 14 is amended as follows:

...

...

...

Bạn phải đăng nhập hoặc đăng ký Thành Viên TVPL Pro để sử dụng được đầy đủ các tiện ích gia tăng liên quan đến nội dung TCVN.

Mọi chi tiết xin liên hệ: ĐT: (028) 3930 3279 DĐ: 0906 22 99 66

10. Clause 1 of Article 15 is amended as follows:

“1. Methods of strong encryption and appropriate security protocols shall be used to protect card authentication data during transmission of information through the network connected to external networks (Internet, wireless network, mobile communications network and other networks).”.

11. Point b Clause 1 of Article 17 is amended as follows:

“b) Camera shall be used or other measures shall be taken to monitor the entry into or exit from the server room, releasing and printing area, holder data processing and storage area. The monitoring data must be retained, securely protected and accessible for at least 03 months.”.

12. Point i is added to Clause 1 of Article 18 as follows:

“i) Policies and processes shall be promulgated to monitor all access to network resources and cardholder data and disseminated to all individuals and departments related to card operations.”.

Article 2.

The phrase “Cục Công nghệ tin học” (“Informatics Technology Department”) in Articles 20, 22 and 23 of the Circular No. 47/2014/TT-NHNN are replaced with the phrase “Cục Công nghệ thông tin” (“Information Technology Department”).

Article 3. Responsibility for implementation

...

...

...

Bạn phải đăng nhập hoặc đăng ký Thành Viên TVPL Pro để sử dụng được đầy đủ các tiện ích gia tăng liên quan đến nội dung TCVN.

Mọi chi tiết xin liên hệ: ĐT: (028) 3930 3279 DĐ: 0906 22 99 66

Article 4. Implementation clause

This Circular comes into force from February 15, 2021./.

 

 

PP. THE GOVERNOR
THE DEPUTY GOVERNOR




Nguyen Kim Anh