The SBV Governor requires enhancing safe and secure electronic and card payment system

In order to enhance safe and secure electronic and card payment system and to minimize the risks in payment activities, concurrently, to implement the instruction of the Prime Minister on ensuring safe and secure payment system as well as protecting benefit of customer payment service providers, intermediate payment service providers, the SBV Governor required the SBV entities to implement the following tasks:

For SBV entities at the headquarters:

1. To implement effectively the Scheme of non-cash payment development in Vietnam in 2016 – 2020 promulgated with Decision No.2545/QĐ-TTg dated December 30, 2016 by Prime Minister. Continue to review, research to issue or revise legal documents on e-payment, card payment; legal documents relating to safe and secure electronic and card payment system and measures to handle the violations in the field of electronic and card payment. To enhance the management and monitoring new e-payment system in Vietnam.

2. To proactively monitor, update the internal and international security movements to guide the banking industry entities to prevent and solve the risks and the IT security hole. To establish cooperation, information exchange programs with Ministry of Public Security, Ministry of Information and Communications in preventing from high-technology criminals as well as carrying out measures of protecting safe and security for electronic and card payment.

3. To provide advice to SBV Governor on issuing the roadmap of applying international standards of security and privacy of ISO 27001 for information technology system, PCI/DSS standard for card payment system, the new multifactorial security technology to replace backward security technology. To proactively research and propose SBV Governor to execute the Guidance on Recovering the financial market infrastructures issued by the Committee on Payments and Market Infrastructure Finance (CPMI) of the Bank for International Settlements (BIS).

4. To enhance the inspection and supervision on the safe and secure electronic and card payment, in order to assess, detect and to early alert the risks, and severely handle violations in electronic, card payment.

5. To formulate the overall plan of communication of banking sector on electronic, card payment, especially on ensuring safe and secure electronic and card payment; concurrently directing the payment service providers, intermediate payment service providers to implement the approved plan, ensuring the synchronous communication between the SBV and the payment service providers, intermediate payment service providers.

For the SBV branches of provinces and the cities directly under the central government

1. To proactively monitor, supervise and guide the local payment service providers, intermediate payment service providers to implement the documents, regulations of the SBV in the payment operation in general and electronic-card payment in particular to support the SBV governor to carry out the state management on payment activities, electronic – card payment in the location.

2. To inspect, supervise and strictly handle the violation of the local payment service providers, intermediate payment service providers in complying the SBV’s provisions on processes, procedures as well as regulations on ensuring safe and secure payment operation in general and electronic-card payment in particular; To monitor and supervise the payment service providers, intermediate payment service providers over their execution of the conclusions and approvals after inspection and supervision.

3. To proactively communicate the provisions of laws and Government and SBV policies on electronic, card payment, especially on ensuring safe and sound, secure electronic and card payment to improve the customers acknowledgement and boost their utilization payment services.

4. To proactively gather the information on the criminals’ methods and tricks to alert, guide the local payment service providers, intermediate payment service providers and customers; monitor the information via mass media and handle in timely manner the cases relating to safe and sound, secure electronic and card payment in the local. To report to the SBV when detecting any cases relating to the service quality as well as the incidents and threats causing insecurity, unsafety in the operation of electronic and card payment.

5. To direct the local payment service providers, intermediate payment service providers to actively cooperate with the local police office in preventing criminals in the field of payment.

3. To proactively implement the task of information and communication on laws, directives of the Government and regulations of the SBV about payment activities, electronic and card payment in order to help the public get access to and be assured to utilize payment services.

4. To actively collect information on criminal methods and cunning to alert and conduct measures of ensuring asset safety of payment service providers, intermediary payment service providers and customers; monitoring information provided by mass media to promptly solve issues related to security and safety of electronic and card payment in their locations. To promptly report to the SBV cases regarding to service quality and troubles causing insecurity of electronic and bank card payment.

5. To instruct payment service providers, intermediary payment service providers in their locations to actively coordinate with police to prevent from criminals in payment field.

For payment service and intermediary payment service providers:

1. To strictly implement SBV’s documents and relevant laws on payment activities. To regularly check, review, supplement and complete procedures and internal regulations on security and confidentiality of IT system in order to mitigate risks and detect early violations to ensure good compliance with SBV’s regulations and relevant laws on security and safety of payment activities. To require subsidiaries to strictly comply with payment processes.

2. To periodically review and assess risks of technical infrastructure and IT for serving payment activities and implementation of appropriate measures with the aim of minimizing risks, ensuring asset safety of customers, payment service providers and intermediary payment service providers; to formulate and practice reactions to problems concerning with information safety. To review all ATMs and POSs in order to strengthen system of ensuring safety and confidentiality for transactions via ATMs and POSs as well as confirmation methods to prevent usage of counterfeit bank cards.

3. To proactively apply international principles and standards to payment system and IT system, i.e applying ISO 27001 to IT system and PCI/DSS to bank card payment system. To apply and make self-assessment of the compliance with principles for financial market infrastructure promulgated by IS and IOSCO.

4. To enhance training and improve skills of recognizing, receiving and solving risks for banking staff; to organize training programs about criminal cunning and preventing measures to ensure payment safety.

5. To regularly and promptly alert and guide customers in acknowledging types of risks and fraud cunning in payment activities and how to utilize payment services safely;

6. To proactively monitor and promptly solve arising issues concerning with its payment services (head office and branches). When risks and fraud occur, payment service providers and intermediary payment service providers are required to report to the SBV and SBV branches under the central government, while cooperating with their customers and relevant entities to handle with those issues in line with applicable laws.

Directive No.03 took effect from the date of signing.

Thoa Le – Hang Le