The increase in distance commerce in the past two years as a result of the covid-19 pandemic has gone hand in hand with an increase in the use of cashless payments and online banking transactions. As a toolkit supporting online transactions, including e-financial transactions, digital signatures have been an essential part of the digitisation strategy of the banking sector in Vietnam. Even though the legality of digital signatures has been recognised by Vietnamese law, some risks and obstacles still undermine their use.
E-financial transactions and digital signatures
"E-financial transactions" are financial transactions that are implemented by electronic means. Along with the permission of electronic know your customer (e-KYC) – which anti-money laundering law introduced – in practice, e-financial transactions will be automatically performed through pre-established information systems. Customers can therefore enjoy automatic services, from carrying out e-KYC and signing the contract to the execution and settlement of transactions. In order to sign an automatic e-financial transaction, the customer must have an authenticated electronic signature.
Currently in Vietnam, digital signatures are the only form of electronic signature that is as authenticated and sufficiently valid as an individual's wet-ink signature, a signature of a representative or a seal of an organisation. Therefore, they have been widely used by both organisations and individuals, but mostly enterprises, for signing contracts, paying bills and declaring taxes. In the banking sector, commercial banks have accepted their customers' use of digital signatures to open accounts or make payments via online banking services. The adoption of digital signatures in the banking process has offered not only customers but also banks a dramatic reduction in cost, paper and the time used for transaction completion, and it has led to enhanced customer satisfaction as well.
Obstacles and risks associated with digital signatures in e-financial transactions
Despite the advantages of digital signatures, there are some concerns regarding their use.
The first issue is the risk of invalidation. Under Decree 130/2018/ND-CP, in order to be granted a secure digital signature for use in e-financial contracts, customers must submit to the public certification authorities an application dossier for the issuance of a digital certificate. This consists of an application form and auxiliaries, including a copy of an identity card or passport for individuals and, for organisations, a copy of the establishment decision or certificate of business registration or investment certificate, together with an identity card, citizen identification card or passport of the legal representative. All of these documents must be submitted, together with their originals, for the purpose of certification.
If the customer e-signs the application and submits it online or signs the application by wet-ink signature and submits it by post, their signature and identification will not be verified and certified, and therefore their signature may be invalid. In order to use digital signatures, customers need to provide physical documents. As a result, the application dossier that is submitted online may be invalid as well, which may lead to the invalidation of customers' signatures, as well as the invalidation of the relevant transactions.
Therefore, to ensure the validity of digital signatures, customers should come to the office of the public certification authorities with both the copies and originals of the document in hand and sign their application by wet ink. As such, while digital signatures may be used entirely online, their creation must be offline to ensure their validity. This fact renders automatic e-financial transactions unable to be fully automated, contrary to the expectation of financial institutions. In other words, to be able to activate automatic e-financial transactions, customers still have to perform part of the transactions physically with a digital signature certification service provider – and in order to perform automatic e-financial transactions with financial institutions, customers must have already obtained their digital signature.
Currently, financial institutions, especially banks, are using one-time passwords (OTPs) or multi-factor authentication for e-financial transactions, which has the same effect as a certified electronic signature. However, the validity of these forms of electronic signature is not guaranteed.
Finally, Vietnamese laws have been silent on the notarisation of e-contracts with digital signatures in e-financial transactions, especially for e-banking transactions. According to Decree 35/2007/ND-CP, e-banking transactions will be applied to all transactions in the banking sector, but not to the issuance of drafts and other valuable papers. Under the law, some contracts between a bank and its customers must be notarised, such as real estate mortgage contracts to secure loans. However, there are no regulations on the notarisation of e-contracts that have been set out in any relevant legal documents. In practice, the use of digital signatures must adhere to the use of the e-contracts. The lack of regulations on the notarisation of an e-contract will therefore prevent banks and their customers from using digital signatures in transactions that must be notarised under the law.
How to increase relevance of e-signatures for banking transactions
In addition to the legal issues above, the cost of digital signature solutions on the market today is relatively high for individual customers and is a big price to pay for small businesses. Digital signatures are usually used for simple transactions that are of negligible value; they are seldom used for important transactions, such as loans or high-value payments. Digital signatures are one of the most effective tools for digital transformation in the banking sector in particular and the entire economy in general. Therefore, in order to promote digital banking, the legal framework for digital signatures, as well as e-contracts, needs to be completed and fine-tuned.
Firstly, regulations allowing e-KYC for digital signature issuance and guidance on technical measures to ensure authentication should be promulgated. To meet the criteria of digitalisation, digital signatures should be created and used entirely online and their validity still guaranteed. In order to do so, digital signatures should be issued based on e-KYC (KYC for bank account opening has been enabled). Hence, it is recommended that article 23 of Decree 130/2018/ND-CP should be amended so that the application dossier for a certified digital signature can be submitted entirely online, and, at the same time, the requirement to submit original documents for comparison should be abolished. To be consistent with article 23, article 25 should also supplement the provision specifying that digital signature certification service providers can use appropriate technical measures, methods and information sources (ie, e-identification systems and e-authentication services provided by the Ministry of Public Security under Decision No. 34/2021/QD-TTg, which may support and strengthen the effectiveness of e-KYC) to verify information in the application dossier for a certified digital signature. In addition, article 25 should also set out obligations for digital signature certification service providers to take their own responsibility when using technical measures, methods and information sources during e-KYC procedures to guarantee that digital signatures certified and the transactions constituted thereby are valid.
Furthermore, the regulation on the notarisation of contracts in the Law on Notarisation should be amended and supplemented to include e-contracts. Particularly, in order to extend the use of digital signatures and e-contracts in banking transactions that must be notarised, such as real estate mortgages, the Law on Notarisation should include regulations on procedures to notarise e-contracts.
These recommendations are expected to fill loopholes in the laws, which limit or prevent the wide use of digital signatures in the banking sector and promote the digitalisation of the banking industry.
Having to sign banking transactions by wet ink is an obstacle to popularising the use of digital signatures. In practice, instead of using digital signatures, many banks have used OTPs in combination with multiple elements (eg, username and password) and biometric factors (ie, fingerprint and face) for banking transactions. However, to some extent, the use of digital signatures does not meet the provisions of the law on the legality of banking transactions. Hence, increasing the relevance and strengthening the benefits of digital signatures for banking purposes is an important task in the strategy of digitising the banking industry in Vietnam.