Transaction Handbook

Security System

Security Principles

To ensure the confidentiality of customer information, BSC adheres to the following principles:
+ No Disclosure of Confidential Information: Personal information, account details, card information, passwords, and OTPs should not be provided to anyone under any circumstances. BSC will never proactively request customers to provide such information through any form.
+ Avoid Storing on Mobile Devices: Do not store photos of personal identification documents (ID card, passport), bank account numbers, or passwords for securities or banking applications on mobile devices.
+ Regular Password Changes: Periodically change your securities trading account password and avoid using weak passwords (e.g., names, birthdays).
+ Use Official Applications Only: Install only official applications from the App Store or Google Play and avoid accessing suspicious links.
Frequent Monitoring: Regularly check account transactions.
+ Restricted Device Access: Do not log in or conduct transactions on devices you do not own. If necessary, avoid saving device information, and ensure unknown devices are removed from the list of verified devices.
+ Personal Device Control: Do not lend or grant access to your devices to anyone.
+ Adhere to government and regulatory policies, and do not guide others in performing public services through social media.
+ Do not sell or provide personal information (e.g., ID card details, bank account information) to third parties.
+ Stay updated on fraud schemes through public media, the Ministry of Public Security website, or the VneID application. Educate family and friends to prevent scams.
+ Customer Information Protection: All customer information on BSC’s systems is protected by industry standards.
+ Client-Side Security: Data transmission is secured using 256-bit Secure Socket Layer (SSL) encryption.
+ Server-Side Security: BSC’s servers are protected by firewalls and intrusion detection/prevention systems (IDS/IPS), monitored continuously to block unauthorized access. Customer passwords are one-way encrypted, ensuring even server administrators cannot view them.
In the event of a security breach, customers must immediately notify BSC to prevent potential exploitation.
+ All customer interactions with BSC systems are conducted via email. To protect personal information, customers must also secure their email accounts.
+Avoid Recording Information: Do not write down account details in unsafe places.
+Logout Practices: Always log out of BSC’s online services when finished, and avoid quick browser closures.
+ Password Security: BSC will never ask for your account password. Do not use easily guessed passwords like birthdays or phone numbers. If you suspect your account information has been compromised, notify BSC immediately.
+ During promotional activities (online, via phone, or at branches), BSC may collect personal information from individuals who consent to provide it. This data may be used for product consultations, services, or marketing materials. Customers can opt to receive marketing materials via email or post and can stop receiving them upon request.
Both BSC and its customers play vital roles in combating fraud. Customers must ensure they do not intentionally or unintentionally disclose their account information to others.

Account Security Measures at BSC

  • Device Authentication Upon Login: This is a security method where BSC’s system requires customers to verify their identity when logging in from a new device. Upon attempting to log in on a new device, customers will receive a verification request via SMS OTP, SmartOTP, Email OTP, or through a previously registered device using the Notification system.
    This ensures that customers have full control over devices authorized to access their account, effectively preventing unauthorized access from unwanted parties.
***Note:
  • To take a SmartOTP code for transactions, you should open the BSC Smart Invest application on the registered device, select the Smart OTP icon on the Market screen, and use the OTP corresponding to the account for the transaction.
  • For Notification-based authentication, customers must have SmartOTP installed and have successfully verified their device on another registered device.
  • Two-Factor Authentication (2FA)
    To ensure absolute security and enhance the protection of customer assets, BSC recommends enabling two-factor authentication (2FA) for logging in and conducting transactions on BSC’s online trading platforms. Steps to set up 2FA:
    + Step 1: Access the BSC Webtrading platform or the BSC Smart Invest application.
    + Step 2: Navigate to Menu -> Security -> Two-Factor Authentication Settings -> Select the desired authentication method -> Choose Change.
    + Step 3: Confirm the setup to activate 2FA.
***Note:
  • For SmartOTP Authentication:
    To take the SmartOTP code for transactions, investors should:
    Open the BSC Smart Invest application on the registered device.
    Select the Smart OTP icon on the Market screen.
    Use the corresponding OTP for the account you intend to trade with.
    For accounts utilizing SmartOTP authentication, when performing transaction verification on the Webtrading platform, the system will provide an additional authentication method via Notification.

Register for Two-Factor Authentication on BSC Webtrading

Register for Two-Factor Authentication on BSC Smart Invest

Location of Smart OTP on the BSC Smart Invest App

BSC Offers

View all
icon BSC Trading icon BSC Smart Invest icon Online Support
Less
Short link