|
THE STATE BANK OF VIETNAM
-------
|
THE SOCIALIST REPUBLIC OF VIETNAM
Independence - Freedom - Happiness
---------------
|
|
No. 20/2020/TT-NHNN
|
Hanoi, December 31, 2020
|
CIRCULAR
AMENDMENTS TO CIRCULAR NO. 47/2014/TT-NHNN DATED DECEMBER
31, 2014 OF THE GOVERNOR OF THE STATE BANK OF VIETNAM DEFINING TECHNICAL
REQUIREMENTS CONCERNING SECURITY AND CONFIDENTIALITY OF EQUIPMENT SERVING BANK
CARD PAYMENT
Pursuant to the Law on
the State Bank of Vietnam dated June 16, 2010;
Pursuant to the Law on
Credit Institutions dated June 16, 2010; Law on Amendments to the Law on Credit
Institutions dated November 20, 2017;
Pursuant to the Law on
E-Transactions dated November 29, 2005;
Pursuant to the
Government’s Decree No. 35/2007/ND-CP dated March 08, 2007 on e-transactions in
banking operations;
Pursuant to the
Government’s Decree No. 101/2012/ND-CP dated November 22, 2012 on non-cash
payments; Government’s Decree No. 80/2016/ND-CP dated July 01, 2016 on
amendments to Government's Decree No. 101/2012/ND-CP dated November 22, 2012 on
non-cash payments.
Pursuant to the
Government’s Decree No. 16/2017/ND-CP dated February 17, 2017 defining the
functions, tasks, powers and organizational structure of the State Bank of
Vietnam;
...
...
...
Bạn phải
đăng nhập hoặc
đăng ký Thành Viên
TVPL Pro để sử dụng được đầy đủ các tiện ích gia tăng liên quan đến nội dung TCVN.
Mọi chi tiết xin liên hệ:
ĐT: (028) 3930 3279 DĐ: 0906 22 99 66
The Governor of the
State Bank of Vietnam hereby promulgates a Circular on amendments to Circular
No. 47/2014/TT-NHNN dated December 31, 2014 of the Governor of the State Bank
of Vietnam defining technical requirements concerning security and
confidentiality of equipment serving bank card payment (hereinafter referred to
as the “Circular No. 47/2014/TT-NHNN”).
Article
1. Amendments to Circular No. 47/2014/TT-NHNN
1. Clause 9 of Article 2
is amended as follows:
“9. “strong
encryption” means an encryption method based on the algorithm tested and widely
accepted in the world with a minimum key length of 112 (one hundred and twelve)
bits and appropriate key management techniques. The minimum algorithms include
AES (256 bits); RSA (2048 bits); ECC (224 bits); ElGamal (2048 bits).”.
2. Point d Clause 1 of
Article 3 is amended as follows:
“d) Internal Internet
Protocol address (IP address) and routing information shall not be provided for
other organizations without the approval by a competent person. Measures shall
be in place to hide internal IP address and information about the routing table
when connecting with the third parties;”.
3. Point c Clause 3 of
Article 3 is amended as follows:
“c) Access from the
cardholder data environment to public Internet shall be subject to the approval
by a competent person and kept under strict control.”.
4. Clause 5 is added to
Article 4 as follows:
...
...
...
Bạn phải
đăng nhập hoặc
đăng ký Thành Viên
TVPL Pro để sử dụng được đầy đủ các tiện ích gia tăng liên quan đến nội dung TCVN.
Mọi chi tiết xin liên hệ:
ĐT: (028) 3930 3279 DĐ: 0906 22 99 66
5. Clause 8 is added to
Article 5 as follows:
“8. Regular reviews shall
be carried out to make sure that hardware and software receive technical
support from the manufacturer.”.
6. Clause 1 of Article 6
is amended as follows:
“1. The access to
all components of an information system serving card payment must be
authenticated by at least one of the following methods: secret keys;
authentication card or equipment; biometrics.”.
7. Point c Clause 4 of
Article 6 is amended as follows:
“e) Unused or expired
accounts or accounts that have been inactive for a period of up to 90 days
since the last login shall be revoked or deactivated;
8. Clause 3 of Article 10
is amended as follows:
“3. There must be phone
numbers of card acquirers on all POS.”.
9. Point c Clause 1 of
Article 14 is amended as follows:
...
...
...
Bạn phải
đăng nhập hoặc
đăng ký Thành Viên
TVPL Pro để sử dụng được đầy đủ các tiện ích gia tăng liên quan đến nội dung TCVN.
Mọi chi tiết xin liên hệ:
ĐT: (028) 3930 3279 DĐ: 0906 22 99 66
10. Clause 1 of Article
15 is amended as follows:
“1. Methods of strong
encryption and appropriate security protocols shall be used to protect card
authentication data during transmission of information through the network
connected to external networks (Internet, wireless network, mobile
communications network and other networks).”.
11. Point b Clause 1 of
Article 17 is amended as follows:
“b) Camera shall be used or
other measures shall be taken to monitor the entry into or exit from the server
room, releasing and printing area, holder data processing and storage area. The
monitoring data must be retained, securely protected and accessible for at
least 03 months.”.
12. Point i is added to
Clause 1 of Article 18 as follows:
“i) Policies and
processes shall be promulgated to monitor all access to network resources and
cardholder data and disseminated to all individuals and departments related to
card operations.”.
Article
2.
The
phrase “Cục Công nghệ tin học” (“Informatics Technology Department”) in
Articles 20, 22 and 23 of the Circular No. 47/2014/TT-NHNN are replaced with
the phrase “Cục Công nghệ thông tin” (“Information Technology Department”).
Article
3. Responsibility for implementation
...
...
...
Bạn phải
đăng nhập hoặc
đăng ký Thành Viên
TVPL Pro để sử dụng được đầy đủ các tiện ích gia tăng liên quan đến nội dung TCVN.
Mọi chi tiết xin liên hệ:
ĐT: (028) 3930 3279 DĐ: 0906 22 99 66
Article
4. Implementation clause
This Circular comes into
force from February 15, 2021./.
PP. THE GOVERNOR
THE DEPUTY GOVERNOR
Nguyen Kim Anh