 |
| A transaction office of Vietcombank__Photo: VNA |
Banks providing online banking services would have to adhere to regulations on assurance of information system security at level 3 or higher, proposed by the State Bank of Vietnam in the latest draft circular on such matter.
Under the 2015 Law on Cyberinformation Security, information systems are classified by security level in an ascending order from 1 to 5. Level 3 indicates that once an information system is sabotaged, it would pose significant threats to public interests and social order and safety or national defense and security.
As per the draft, online banking systems would be required to prioritize the confidentiality and integrity of customer information while ensuring the uninterrupted service provision.
The minimum risk level of customers’ transactions must be assessed on the basis customer groups, transaction types and transaction limits so as to provide customers with appropriate forms of transaction authentication.
Online banking systems would be subject to annual inspection and assessment in terms of security and confidentiality. Banks would be required to regularly identify potential risks in providing online banking services and their causes in order to promptly take measures for prevention, control and handling.
Information technology infrastructure and equipment used to provide online banking services must have proper copyright and explicit origin, and be upgraded under plans worked out by banks.
In addition to developing firewalls and monitoring and warning systems against abnormal behaviors, banks would also have to formulate mechanisms to detect and prevent intrusions and cyber-attacks in their online banking systems.- (VLLF)
