Chỉ thị 03/CT-NHNN

Directive No. 03/CT-NHNN dated January 10, 2017, on the strengthening of security in electronic payment and card-based payment

Nội dung toàn văn Directive 03/CT-NHNN strengthening of security in electronic payment and card based payment 2017


STATE BANK OF VIETNAM
--------

SOCIALIST REPUBLIC OF VIETNAM
Independence - Freedom - Happiness

----------------

No: 03/CT-NHNN

Hanoi, January 10, 2017

 

DIRECTIVE

ON THE STRENGTHENING OF SECURITY IN ELECTRONIC PAYMENT AND CARD-BASED PAYMENT

In order to strengthen security in electronic payment and card-based payment and minimize the risks in payment activities, to implement the instruction of the Prime Minister on security in electronic payment and card-based payment as well as ensuring the benefit of customers and providers of payment services and providers of intermediary payment services; the Governor of the State bank of Vietnam requires the entities of the State bank of Vietnam, and the providers to perform the following responsibilities:

I. RESPONSIBILITIES OF ENTITIES AT THE HEADQUATERS OF THE STATE BANK OF VIETNAM

The headquaters of the State bank of Vietnam shall perform the following responsibilities ex officio:

1. Implement effectively the Scheme on non-cash payment developemnt in Vietnam in 2016-2020 enclosed with the Decision No. 2545/QĐ-TTg dated December 30, 2016 of the Prime Minister. Keep consulting with the Governor of the State bank of Vietnam about promulgation or revision of the legislative documents in connection with electronic and card-based payment; legislative documents on security and penalties for violations against law on electronic payment and card-based payment. Promote the management and control over the latest types, means, and systems of electronic payment in Vietnam.

2. Proactively monitor and update the domestic and international cyber security movements to alert and guide entities in the banking industry to promptly prevent and solve risks, and information technology security holes. Design cooperation programmes, exchange information and corordinate with the Ministry of Public Security, Ministry of Information and Communications in preventing high technology criminals and taking measures for ensuring network security in electronic payment and card-based payment.

3. Consult with the Governor of the State bank of Vietnam about drawing the road map of applying international standards in security such as ISO 27001 to information technology systems, PCI/DSS standard to the card-based payment system, the latest multi-factor authentication technologies to replace the out-dated and unsafe security technology. Proactively conduct research, consult with the Governor of the State bank of Vietnam about carrying out the instructions as specified in the document on providing guidance on measures for cyber restoration for the financial market infrastructures promulgated by the Committee on Payments and Market Infrastructure Finance (CPMI) of the Bank for International Settlements (BIS).

4. Intensify the inspection and supervision on security in electronic payment and card-based payment to assess, detect, early alert the risks, impose penalties for violations against law  on electronic payment and card-based payment

5. Make overall communication plan of the Banking industry on electronic payment and card-based payment, especially the security in electronic payment and card-based payment in order for the public to clearly understand and securely use the payment services; and at the same time guide the providers of payment services and providers of intermediary payment services to implement the aprroved plan, ensure the synchronous communication between the State bank of Vietnam and the providers.

II. RESPONSIBILITIES OF PROVINCIAL BRANCHES OF THE STATE BANK OF VIETNAM

1. Proactively supervise, monitor, and guide the providers of payment services and providers of intermediary payment services to adopt the documents and regulations of the State bank of Vietnam on the payment activities in general, and electronic payment and card-based payment in particular; assist the Governor of the State bank of Vietnam in State management of payment activities, electronic payment and card-based payment in their provinces.

2. Carry out inspection and impose penalties for the providers’ violations against the regulations of the State bank of Vietnam on processes, procedures, and regulations on security in payment in general and in electronic and card-based payment in particular; supervise and inspect the providers’ implementation of the conclusion and requests after the inspection.

3. Proactively propagate the regulations of law, policies of the Government and the State bank of Vietnam on the payment activities in general and in electronic and card-based payment in particular in order for the public to clearly understand and securely use the payment services.

4. Proactively collect the information on the criminals’artifices to alert, at the same time provide guidance for measures for ensuring asset safety of the providers and customers, dig up the information via mass media and provide timely measures for the cases relating to security in electronic payment and card-based payment in the locality. Promptly inform the State bank of Vietnam of any cases relating to service quality as well as the incidents compromising the security in electronic payment and card-based payment.

5. Guide the local providers to coordinate with the local pollice authorities in preventing electronic payment-related crimes.

III. RESPONSIBILITIES OF PROVIDERS OF PAYMENT SERVICES AND PROVIDERS OF INTERMEDIARY PAYMENT SERVICES

1. Strictly adopt the guiding documents of the State bank of Vietnam and law on payment activities. Regularly inspect, amend and complete procedures, internal regulations on information technology security to minimize the risks; and at the same time early detect the violations to ensure to comply with the regulations of the State bank and law on security in payment activities. Carry out research and introduce measures to be fully implemented by their affiliated units in the process of payment operation. The process of payment operation shall present its roles, functions and responsibilities in each step during the process of performing the payment transaction.

2. Periodically review and assess the risks of technical infrastructure and information technolofy serving the payment and implement appropriate measures to minimize risks, ensure asset safety of customers and providers; construct and enact security breach scenarios. Inspect all ATMs, POSs (especially the providers offerring merchant services for accepting payments to prevent fraud), strengthen the system for ensuring safety for transactions via ATMs, POSs, and measures for customer authentication at ATMs to prevent the use of counterfeit bank cards.

3. Proactively apply international principles and standards to the payment system and information technology security, such as applying the ISO 27001 standard to information technology system, the PCI/DSS to the card-based payment system; the latest latest multi-factor authentication technologies to the bank transactions in order to replace the old and unsafe security technologies. Apply and carry out an assessment of the compliance with principles for the financial market infrastructures promulgated by the Committee on Payments and Market Infrastructure Finance (CPMI) of the Bank for International Settlements (BIS).

4. Provide training in recognizing, receiving, and solving risks for banking staff; provide training programmes for criminals’assault artifices and preventive measures for payment security for the providers offerring merchant services for accepting payments.

5. Regularly and promptly provide alerts and instructions for customers in order for them to acknowledge types of risks and fraud in payment activities and how to utilize payment services securely; provide advice for customers in case of any problems, he/she should calmly coordinate with the providers and competent agencies in solving the problems according to regulations of law.

6. Proactively monitor and promptly solve the arising issues relating to its payment services. (Head office and branches). When risks and fraud occurs, the providers must report to the State bank of Vietnam and provincial branches of the State Bank of Vietnam (the locality from which the issue arises), and at the same time coordinate with their customers and relevant entities in order to handle those issues according to the regulations and then inform the customer; protect relevant entities’ right according to regulations of law.

IV. IMPLEMENTATION

1. This Directive comes into force from the day on which it is signed.

2. The relevant entities at the headquarters of the State bank of Vietnam; provincial branches of the State Bank of Vietnam; providers of payment services and providers of intermediary payment services shall implement the duties as specified in this Directive shall submit the biannual and annual reports on the implementation of the Decree to the State bank of Vietnam (Department of Payment) within 10 days from the end of the reporting period. The entities which make biannual and annual reports on payment activities shall submit reports on the implementation of the Decree in a particular Section of those reports.

3. Chief of Office, Director General of Payment, Heads of relevant entities of the State bank of Vietnam, Directors of provincial branches of the State Bank of Vietnam, Chairman of the Management Board, Chairman of the Members' Council, General Director (Director) of the providers of payment services and Chairman of the Management Board, General Directors (Directors) of the  providers of intermediary payment services are responsible for implementing this Directive./.

 

 

 

GOVERNOR




Le Minh Hung

 


------------------------------------------------------------------------------------------------------
This translation is made by LawSoft and for reference purposes only. Its copyright is owned by LawSoft and protected under Clause 2, Article 14 of the Law on Intellectual Property.Your comments are always welcomed

Đã xem:

Đánh giá:  
 

Thuộc tính Văn bản pháp luật 03/CT-NHNN

Loại văn bảnChỉ thị
Số hiệu03/CT-NHNN
Cơ quan ban hành
Người ký
Ngày ban hành10/01/2017
Ngày hiệu lực10/01/2017
Ngày công báo...
Số công báo
Lĩnh vựcTiền tệ - Ngân hàng, Công nghệ thông tin
Tình trạng hiệu lựcCòn hiệu lực
Cập nhật4 năm trước
Yêu cầu cập nhật văn bản này

Download Văn bản pháp luật 03/CT-NHNN

Lược đồ Directive 03/CT-NHNN strengthening of security in electronic payment and card based payment 2017


Văn bản bị sửa đổi, bổ sung

    Văn bản sửa đổi, bổ sung

      Văn bản bị đính chính

        Văn bản được hướng dẫn

          Văn bản đính chính

            Văn bản bị thay thế

              Văn bản hiện thời

              Directive 03/CT-NHNN strengthening of security in electronic payment and card based payment 2017
              Loại văn bảnChỉ thị
              Số hiệu03/CT-NHNN
              Cơ quan ban hànhNgân hàng Nhà nước Việt Nam
              Người kýLê Minh Hưng
              Ngày ban hành10/01/2017
              Ngày hiệu lực10/01/2017
              Ngày công báo...
              Số công báo
              Lĩnh vựcTiền tệ - Ngân hàng, Công nghệ thông tin
              Tình trạng hiệu lựcCòn hiệu lực
              Cập nhật4 năm trước

              Văn bản thay thế

                Văn bản hướng dẫn

                  Văn bản được hợp nhất

                    Văn bản được căn cứ

                      Văn bản hợp nhất

                        Văn bản gốc Directive 03/CT-NHNN strengthening of security in electronic payment and card based payment 2017

                        Lịch sử hiệu lực Directive 03/CT-NHNN strengthening of security in electronic payment and card based payment 2017

                        • 10/01/2017

                          Văn bản được ban hành

                          Trạng thái: Chưa có hiệu lực

                        • 10/01/2017

                          Văn bản có hiệu lực

                          Trạng thái: Có hiệu lực