In a decisive move to dismantle the widespread network of fraudulent and unregistered SIM cards fueling illicit activities, Vietnam’s Ministry of Science and Technology has put forth a draft circular that fundamentally redefines mobile subscriber identity verification. The proposed regulations aim to close persistent security gaps by requiring biometric authentication every time a SIM card is transferred to a new mobile device. This initiative targets the core of problems like identity impersonation, SIM-based scams, and the proliferation of “junk” SIMs, which have long been a challenge for law enforcement and a threat to consumer security. By linking a user’s digital identity directly and repeatedly to their physical biometrics, the government intends to create an environment where anonymity for criminal purposes becomes significantly more difficult, ushering in a new standard for telecommunications security across the nation and ensuring that a SIM card remains tethered to its legitimate, verified owner.
A New Era of Digital Identity Verification
The new directive mandates that any time a subscriber moves their SIM card to a different handset, they must undergo a rigorous identity re-verification process through their mobile carrier’s designated platforms, such as a mobile app, website, or a physical service center. This process is far more stringent than previous requirements, demanding a successful match of at least four key data points: the user’s personal identification number, their full name, date of birth, and, most critically, their facial biometrics. To prevent sophisticated fraud, the facial recognition technology employed by carriers must comply with high international accuracy standards. It is also required to incorporate advanced anti-spoofing capabilities, ensuring the system can differentiate a live person from fraudulent attempts using static images, pre-recorded videos, or even 3D masks. Every successful verification is to be time-stamped and logged against the specific mobile number, creating an auditable trail of authorized device changes and securing the link between the subscriber and their service.
To ensure comprehensive implementation, the initiative involves a coordinated effort between mobile network operators and government agencies, with carriers like Vinaphone working directly with the Ministry of Public Security. This collaboration is designed to synchronize and cleanse subscriber information by cross-referencing it with the official National Population Database, a centralized and secure repository of citizen data. As part of this alignment, subscribers will receive notifications through the government’s VNeID digital identity application, which will display all phone numbers currently registered under their national ID. Users will then be prompted to confirm which of these numbers they personally own and use, disavowing any that are unfamiliar. Recognizing the digital divide, special accommodations are being established for vulnerable groups, including the elderly, citizens without smartphones, and those residing in remote regions, with carriers tasked to work alongside local police to provide direct, in-person assistance for identity verification.
Addressing Critical Security Loopholes
Cybersecurity analysts have lauded the proposed regulations as a crucial and long-overdue evolution in the country’s approach to digital identity security, directly addressing a fundamental flaw in the previous system. Under the old framework, biometric verification was only required once, at the initial point of SIM card registration. This created a significant loophole that was widely exploited; individuals could legally register SIM cards in their name, complete the one-time identity check, and then sell or transfer these fully active SIMs to third parties, including criminal organizations, without any further oversight. This practice became the primary engine for the circulation of fraudulent SIMs used for scams, illegal gambling, and other illicit online activities. Furthermore, the lack of uniform technical standards for biometric verification among different telecommunications operators resulted in inconsistent quality and security levels, with some systems being far easier to bypass than others, weakening the entire framework.
The draft circular effectively re-architected the country’s security posture by transforming identity verification from a static, one-time event into a dynamic, continuous process triggered by high-risk actions like changing a device. This shift established what experts called a “hard lock” on a user’s identity, which effectively neutralized the black market for pre-registered SIM cards. The new system drew parallels to the multi-layered security protocols successfully employed in the banking sector, where stringent digital identity controls had already proven effective in rooting out fraudulent accounts. This approach not only halted the trade of illicit SIMs but also erected a formidable technical barrier against SIM hijacking. Criminals who managed to obtain a victim’s physical SIM card or personal data found themselves unable to activate it on a new device, as they could not pass the mandatory biometric check that was inextricably linked to the original registered owner’s face, thereby securing the digital identities of millions of mobile subscribers.
