According to the SBV, nearly 87 percent of adult Vietnamese now possess bank accounts. Numerous fundamental banking operations, such as savings and term deposits, payment account opening and usage, bank card issuance, e-wallet services, money transfers, and lending, have been fully digitized by commercial banks. Indeed, many credit institutions report that over 90 percent of their transactions are now conducted via digital channels.
However, this digital shift has been accompanied by a complex evolution in online payment and transaction fraud. At a recent seminar on the “Maturity Level of Vietnamese Enterprises and Organizations in Readiness to Respond to Incidents”, organized by the Vietnam National Cybersecurity Association, Deputy Director Tran Trung Hieu of the National Cybersecurity Center (under the Ministry of Public Security’s Department of Cybersecurity and High-Tech Crime Prevention) revealed that numerous Vietnamese organizations have recently fallen victim to cyberattacks.
Notably, hackers successfully pilfered VND100 billion (US$3.93 million) from one Vietnamese bank. The Vietnam National Cybersecurity Association also estimates that online fraud losses exceeded VND18.9 trillion (US$742.63 million) in 2024.
In the context of aggressively applying digital technology while concurrently ensuring robust security and safety, the SBV is bolstering its efforts to refine institutions and legal frameworks for a timely response to the dynamic cyber threat landscape.
A landmark measure has been the issuance of Circular 17/2024, which regulates the opening and utilization of payment accounts. Effective July 1, 2024, individual account holders wishing to conduct online transactions must undergo biometric verification against the national population database (facilitated by chip-based citizen ID cards and the VNeID application). For organizational clients, this requirement for biometric authentication matching identification data will apply from July 1, 2025 for all electronic transactions.
Statistics from the SBV indicate that over 113 million individual customer profiles and more than 711,000 organizational ones have undergone biometric information verification. This represents over 66 percent of total organizational payment accounts actively transacting on digital channels. This signifies a substantial effort by the banking system to standardize data, mitigate risks, and establish a solid foundation for the continued development of digital banking services.
Director General Pham Anh Tuan of the SBV’s Payment Department affirmed that the banking industry is resolutely moving towards data cleansing and fraud prevention.
The implementation of biometric verification for individual accounts has demonstrably curtailed fraudulent money transfers via illegitimately owned accounts, thereby reducing instances of fraud. However, high-tech criminals have adapted, shifting their focus to defrauding organizational accounts, as corporate payment accounts have not yet mandated facial biometric authentication.
Recently, perpetrators have utilized counterfeit citizen ID cards or hired individuals to establish “ghost” companies. These fraudulent corporate dossiers are then used to open corporate bank accounts or to purchase existing corporate accounts through social media groups for illicit purposes.
To counter these evolving tactics, from July 1, 2025, organizations lacking legal representative biometric verification cannot transact online, as stipulated in Circular 17/2024. Commercial banks have notified corporate clients of impending e-service suspension for non-compliance. Compliant biometric data ensures swifter, more secure organizational transaction authentication for businesses.
The SBV reports that approximately 55 percent of organizational accounts have currently had their legal representatives’ biometric data verified. Businesses yet to complete this process will be restricted to over-the-counter transactions from early July.
Furthermore, the SBV is drafting amendments to Circular 17/2024 aimed at further tightening legitimate owner identity verification for accounts belonging to organizations and businesses. These proposed changes would require a company’s legal representative and chief accountant to be physically present at the bank to open an account, with no provision for authorization by proxy.
Commercial banks must collect and verify biometric data of business owners and chief accountants, encouraging VNeID use for cross-referencing with national population data. Stricter scrutiny applies to businesses under one year old, especially micro-enterprises, as these accounts may be “havens” for fraudsters evading biometric rules.
Furthermore, a draft amendment to Circular 17/2024 prohibits payment account “aliases” because fraudsters have previously used fake or misleadingly similar company names. This is expected to enhance security and prevent deceptive practices in financial transactions.
)
