From early 2025, online card transactions can only be made when the cardholder has biometrically authenticated with the bank, financial company…
The State Bank issued Circular 18, regulating bank card activities (debit cards, credit cards…).
The circular stipulates that from the beginning of 2025, card transactions by electronic means can only be used when customers have had their identification documents and biometric data matched by the police or through the electronic identification and authentication system (VNeID).
For foreigners or people of Vietnamese origin whose nationality is not yet determined, biometric data is collected through a face-to-face meeting with the bank.
Thus, bank cardholders who have not yet authenticated their biometrics for the first time with the bank from the beginning of 2025 will not be able to make online card payments. Direct card transactions at retail points of sale (POS) will still take place normally, without requiring biometrics.
Previously, since early July this year, the State Bank has also stipulated that first-time biometric authentication is mandatory if customers want to transfer money online from 10 million VND or more at a time or 20 million VND in a day.
The regulations on biometric authentication were first issued by the State Bank to limit the problem of “junk” bank accounts, thereby reducing online fraud. For a long time, online fraud rings often used a series of “junk” accounts and cards to erase traces of money flow, thereby legalizing the use of fraudulent money. Therefore, cleaning up bank accounts is considered an effective solution to increase barriers to online fraud rings.
In Circular 18, the State Bank also requires banks to clearly state the types of fees and rates applicable to each type of card and card service. The card service fee schedule must comply with legal regulations, be publicly posted and provided to cardholders before use and when there are changes.
In case of loss or disclosure of card information, the cardholder must immediately notify the issuing organization. Upon receiving the notification, the bank must block the card and coordinate with relevant parties to prevent possible damage.