The Digital Authentication Market in Vietnam: A Wave of Transition from OTP to Biometric Authentication

Overview of the Digital Authentication Market in Vietnam

Digital authentication in Vietnam is primarily conducted through multi-factor authentication (MFA), with the second security layer most commonly being a one-time password (OTP). According to research by Kaspersky, 74% of Vietnamese users prefer SMS-based OTPs for electronic transactions. In addition, many banks and popular e-wallets use voice OTPs (codes delivered through automated phone calls) as a second layer of protection. Other methods include software tokens (OTP applications on mobile devices), hardware tokens (such as RSA devices), and email-based verification codes.

A recent report on digital banking trends in Vietnam highlights that MFA is widely adopted, with SMS OTP remaining the dominant method. Meanwhile, more advanced biometric authentication methods, such as fingerprint and facial recognition, are gradually gaining broader adoption.

Vietnam has achieved a high level of digitalization: 87% of adults now own bank accounts, and more than 95% of transactions are processed digitally (VNBA, 2024). As a result, the demand for secure and convenient authentication solutions is also rising. Most mobile banking applications today already integrate biometric authentication, such as fingerprint and facial scans, to enhance security. However, the majority of individual transactions still rely on traditional OTPs, meaning that security concerns remain concentrated around this method.

Limitations of OTP-based Authentication

Although OTPs are simple and user-friendly, they present several security vulnerabilities. First, message delivery delays caused by telecommunications networks or inactive SIM numbers can disrupt transactions. From a security standpoint, SMS and voice OTPs are not encrypted, making them susceptible to interception. Experts note that SMS messages can be accessed by malware on mobile devices or stolen via weaknesses in SS7 telecommunication protocols.

Another common threat is SIM-swapping. Criminals impersonate telecom operators, persuading users to “upgrade” their SIM cards, thereby taking control of victims’ numbers. This allows attackers to receive OTPs, reset passwords, and drain funds from bank accounts or e-wallets.

In addition, social engineering schemes directly exploit OTPs. Fraudsters impersonate banks, police authorities, prosecutors, or create fake websites and mobile applications to trick users into revealing their codes. Common scams include fake SIM suspension alerts, lottery notifications, or software upgrade prompts. The goal is always to obtain OTPs to hijack accounts or authorize fraudulent transfers.

At the FIDO Asia 2023 conference, Vietnam’s Authority of Information Security confirmed that traditional authentication methods such as username, password, and OTP can carry “significant risks” because OTPs are, in essence, just another form of password that can be stolen.

Under current regulations, SMS and email OTPs must be accompanied by security warnings for customers and are valid for only five minutes. However, compliance with these requirements does not fully mitigate risks. Banks that fail to standardize security technologies (such as issuing certificates, protecting applications, and implementing end-to-end encryption) or adopt modern methods on time may face legal liabilities in the event of data breaches.

Global and Regional Trends in Biometric Authentication

Globally, biometric authentication has emerged as a dominant trend. By 2024, approximately 64% of financial institutions worldwide had implemented at least one biometric modality. Among them, 57% used fingerprint recognition, 32% facial recognition, and 24% voice authentication. Advanced economies are increasingly adopting passwordless authentication solutions based on the FIDO standard, integrated directly into operating systems such as iOS and Android (FaceID, TouchID, Passkey).

In the Asia-Pacific region, consumers are also showing strong support for biometrics. A 2023 FICO survey revealed that 51% of respondents across India, the Philippines, Malaysia, Thailand, Singapore, and Indonesia were willing to use fingerprint authentication, 47%  facial recognition, 40% iris recognition, and 28% behavioral biometrics.

Vietnam joined the FIDO Alliance in late 2023, signaling its strategic shift from traditional OTPs to internationally recognized passwordless authentication. At the same time, the government and the State Bank of Vietnam (SBV) have been actively developing a national digital identity platform that incorporates biometric verification. This transition aligns with global and regional mandates, as regulators increasingly require biometric methods to strengthen financial security.

Key Biometric Technologies and Banking Applications

The primary biometric technologies currently in use include facial recognition, fingerprint scanning, voice recognition, and iris scanning, each with distinct advantages and limitations:

• Facial Recognition: Uses mobile phone cameras or webcams to capture facial data. Advantages include no need for additional hardware and seamless integration into mobile applications. Banks may request customers to take a selfie to match against ID card photos or system records for high-value transactions or remote account openings. However, liveness detection is essential to counter spoofing through photos or videos. In Vietnam, facial recognition has already been mandated for certain high-value transactions.

• Fingerprint Recognition: Relies on built-in smartphone sensors. It offers high accuracy, fast processing, and is familiar to users who unlock phones with fingerprints. Banks can enable fingerprint-based logins or transaction approvals without OTP entry. Despite its popularity, fingerprint technology can still be vulnerable to forgery in certain cases. Fingerprint scanning remains the most widely adopted biometric method globally, with 57 % of banks already using it.

• Voice Recognition: Analyzes unique vocal characteristics for identity verification, particularly suitable for call center or virtual assistant transactions. While convenient, it can be compromised by recording quality or deepfake voice technologies. Only a small number of banks worldwide have deployed this method.

• Iris Recognition: Scans the unique patterns of the human iris, offering exceptional security and accuracy. However, it requires specialized infrared cameras and is costly to implement. In Vietnam, iris recognition is not yet common in banking, though it may gain traction as supporting devices become widespread. Vietnam’s national citizen database roadmap includes iris and voice biometrics, indicating long-term application potential.

Biometric-based eKYC solutions are also advancing rapidly. Many Vietnamese banks now integrate national chip-based ID cards or the government’s VNeID application to verify customer identities through facial recognition and citizen database matching during account openings.

Why Vietnam is Transitioning from OTP to Biometric Authentication

Three primary drivers explain Vietnam’s shift toward biometrics.

1. Regulatory and Policy Requirements: The SBV and regulatory agencies are tightening safety standards for financial transactions, particularly for eKYC and high-value transfers. Biometrics ensure identity verification is conducted on an “authentic owner” basis.

2. Rising Security Risks: SIM-swap attacks, phishing, and scams exploiting OTPs have exposed vulnerabilities in legacy methods. Biometrics provide a more tamper-resistant layer of protection.

3. Digital Transformation and Customer Expectations: With digital banking expanding rapidly, customers demand faster, seamless, and more reliable experiences. Biometrics not only strengthen security but also improve user convenience.

In summary, a combination of regulatory pressure, escalating threats, accelerated digital transformation, and rising safety expectations is driving Vietnam’s strong transition toward biometric authentication.

The Role of Biometrics in Fraud Prevention and AML/KYC Compliance

Biometric authentication plays a pivotal role in securing transactions and combating fraud in banking. According to SBV, by early 2025, approximately 84.7 million individual customers, representing nearly 73% of digital banking users, had registered biometric authentication. As a result, cyber fraud incidents fell sharply: in the final five months of 2024, fraud cases declined by 50% and fraudulent accounts dropped by 72% compared to the first seven months of the year. The mandatory biometric requirement has significantly reduced unauthorized accounts, thereby lowering systemic risks.

From an AML and KYC perspective, biometrics ensure precise identity verification from the moment an account is opened. SBV’s Decision 2345 mandates that account holder information must match data stored in the national ID card with an embedded chip or the national citizen database, eliminating fake or proxy accounts. By integrating facial recognition against national records and fingerprint data from ID cards, banks can enforce stricter KYC standards and reduce money laundering risks. Currently, 22 banks and 13 payment institutions in Vietnam have already integrated VNeID or chip-based ID verification systems into their eKYC processes.

Practical Applications of Biometrics in Vietnam

Biometric authentication in Vietnamese banking has progressed beyond pilot programs and is now a standard operating practice for critical activities such as digital account opening, high-value transaction approval, e-signature validation, and risk management. Many leading banks have rolled out biometric activation campaigns for customers while integrating verification with the national citizen database (VNeID and chip-based IDs) to ensure account authenticity.

FPT eID plays a central role as one of Vietnam’s leading providers of digital identity and authentication solutions. Its ecosystem covers eKYC (individual authentication), eKYB (business authentication), and FPT.IDCheck (chip-based ID verification and anti-counterfeit). The system combines facial recognition, liveness detection, and chip data extraction.

Key advantages of FPT eID include:

• Rapid Integration with Banking Systems: A cloud-native API architecture enables seamless connection with mobile banking apps, core banking platforms, and CRM systems, supporting fast deployment of eKYC and eKYB solutions.

• Regulatory Compliance: Designed to meet SBV regulations and prevailing circulars on biometric authentication and secure transactions.

• Proven Effectiveness: Partner institutions report significantly shorter onboarding times, higher authentication success rates, and reduced manual verification workloads. For example, major banks such as VPBank have successfully leveraged FPT eID to accelerate account openings for both individuals and businesses while maintaining AML/KYC compliance.

• Anti-Spoofing Capability: FPT.IDCheck’s chip reading and photo-matching technology detects forged documents, manipulated images, or deepfake attempts that manual checks often fail to uncover.

FPT eID is therefore not only a provider of advanced biometric technologies but also a practical solution that helps banks simultaneously strengthen security and improve customer experience in the digital banking era.

Conclusion

Biometric authentication is rapidly becoming the new standard for transaction security in Vietnam. Supported by SBV regulations and reinforced by clear evidence of fraud reduction, it represents an inevitable progression. In the near future, passwordless authentication will gain further momentum as modern smartphones with built-in biometric sensors become ubiquitous. Meanwhile, the growing national digital identity infrastructure provides a strong foundation for long-term adoption.

Biometrics are no longer just a technological trend; they are now a regulatory and market imperative. Vietnamese financial institutions should treat this transition as a top strategic priority. By adopting biometric authentication in a timely and compliant manner, banks can enhance fraud prevention, meet AML/KYC requirements, and build customer trust in the era of digital banking.