As per a draft circular recently released by Vietnam’s Ministry of Science and Technology, users must re-verify their identity when changing devices with SIM cards. Photo: Duc Thien / Tuoi Tre
The rules are outlined in a draft circular guiding subscriber information verification for terrestrial mobile telecommunications services, recently released by the ministry for public consultation.
Under the draft circular, subscribers must authenticate their identity via carrier apps, websites, or at transaction offices.
Those failing to comply risk having outgoing calls suspended starting March 1 this year.
Verification must match at least four data fields, including personal identification number, full name, date of birth, and facial biometrics.
Facial biometric verification must meet international accuracy standards and be capable of detecting spoofing attacks involving images, videos, or 3D masks, in order to prevent fraud and identity impersonation.
Proof of successful biometric matching must also record the exact time of verification for each mobile number.
Carriers such as Vinaphone said they are working with the Ministry of Public Security and the Ministry of Science and Technology to align subscriber data with the National Population Database.
Users will receive notifications through the VNeID app listing all numbers registered under their ID, and must confirm which ones they actively use.
For vulnerable groups, including the elderly, those without smartphones, and residents in remote areas, carriers will coordinate with local police to provide direct verification support.
“We hope customers will proactively cooperate and complete subscriber verification as guided by authorities and mobile operators, contributing to a safe, transparent, healthy, and sustainable telecommunications environment,” a mobile carrier leader told Tuoi Tre (Youth) newspaper.
Many cybersecurity experts have welcomed the move to apply biometric verification to mobile subscribers in a manner similar to bank accounts, particularly the requirement for re-verification when changing end-user devices.
Previously, biometric verification was typically conducted only once at SIM registration, with no subsequent checks.
This created a common loophole allowing individuals to legally register SIM cards and later resell or transfer them to fraud rings without detection.
As a result, non-genuine and “junk” SIM cards have continued to circulate despite verification requirements.
In addition, earlier technical standards for biometric verification were not uniformly regulated, with each telecom operator adopting different technologies and procedures.
This led to inconsistent verification quality, weakening biometrics as an effective technical barrier against SIM fraud.
According to Vu Ngoc Son, head of research, consulting, technology development and international cooperation at the National Cybersecurity Association, the draft circular addresses these weaknesses through a series of fundamental changes.
Biometric verification is no longer a one-time action but is now tied to high-risk events throughout the subscriber lifecycle, particularly device changes.
“Mandatory re-verification in these situations will prevent the post-verification trading of SIM cards, which is the primary supply source for fraud activities,” Son said.
He added that successful biometric verification in banking has shown that tighter digital identity control quickly eliminates fraudulent accounts and disrupts scam networks.
Beyond preventing SIM trading, requiring biometric verification when changing devices also creates a technical barrier against SIM hijacking.
Even if criminals obtain a physical SIM card or personal information, they will be unable to complete activation without passing biometric verification that matches the original data.
“This is a ‘hard lock’ mechanism for identity, similar to the multi-layer security measures banks apply to protect high-value accounts,” Son said.
Max: 1500 characters
There are no comments yet. Be the first to comment.