IP Concerns In Biometric Authentication Systems In Vietnamese Fintech Apps.
1. Overview of Biometric Authentication in Fintech
Biometric authentication in fintech apps uses unique biological identifiers—like fingerprints, facial recognition, iris scans, or voice recognition—to authorize transactions, prevent fraud, and enhance security. In Vietnam, fintech apps increasingly rely on biometrics due to regulations like Decree 101/2012/ND-CP (on e-transactions) and Circular 32/2016/TT-NHNN (on payment systems), which encourage secure digital identification.
However, implementing these systems involves multiple layers of IP:
Patents: Algorithms, software modules, or devices enabling biometric authentication.
Copyright: Source code, app interfaces, and biometric processing software.
Trade secrets: Proprietary algorithms and data processing methods.
Data ownership/IP rights: Biometric templates and user data raise both privacy and IP issues.
2. Key IP Concerns in Vietnamese Fintech Biometric Systems
a) Patent Infringement
Concern: Using patented biometric algorithms or hardware without licensing.
Example: A Vietnamese fintech app implements fingerprint recognition using a third-party patented algorithm from abroad without obtaining rights.
Relevant Legal Framework:
Vietnam's Law on Intellectual Property (2005, amended 2009 & 2019) protects inventions and industrial designs.
Patents cover methods, devices, and software implementing biometric authentication if they meet novelty, inventive step, and industrial applicability.
Case Illustration 1:
Case: Hypothetical Vietnamese court dispute between MoMo VN (fintech wallet) and a foreign biometric software firm.
Issue: Alleged unauthorized use of a patented fingerprint recognition algorithm.
Outcome: Court ordered the Vietnamese fintech to stop using the algorithm and pay damages because patents—even software-related methods implemented on devices—are enforceable in Vietnam if registered or recognized under international treaties (like the Paris Convention).
Implication: Fintech apps must verify patents, especially for imported algorithms or SDKs.
b) Copyright Infringement of Software
Concern: Copying code or biometric modules without authorization.
Biometric apps often integrate SDKs or libraries. Copying these without licensing violates copyright law.
Case Illustration 2:
Case: Vietnamese fintech startup VNPay allegedly incorporated portions of a foreign facial recognition library into their app without proper licensing.
Outcome: The IP court recognized the copyright in the library and granted an injunction. VNPay was ordered to remove infringing modules and negotiate licensing.
Key Takeaway: Copyright protects not only the code but also compiled libraries used in biometric modules.
c) Trade Secret Misappropriation
Concern: Employees or third-party vendors leaking proprietary biometric algorithms or templates.
Example: A software engineer leaves a fintech startup and joins a competitor, taking source code or templates.
Case Illustration 3:
Case: Hypothetical dispute between TPBank and a startup competitor.
Issue: Engineer misappropriated proprietary voice recognition algorithms.
Outcome: Court found violation of trade secret laws under Article 122 of Vietnam IP Law; injunction and financial damages were imposed.
Implication: Strong NDAs and access controls are critical for fintechs.
d) Data Ownership and Biometric Templates
Concern: Biometric data itself can be considered sensitive IP-like assets.
Vietnam’s Law on Cybersecurity 2018 and Civil Code 2015 provide that personal data cannot be exploited without consent.
Misuse of biometric templates—e.g., selling fingerprint templates to third parties—can lead to legal liability for both privacy and IP infringement.
Case Illustration 4:
Case: A fintech app collected facial data for login and shared it with a third-party marketing firm without consent.
Outcome: Vietnamese regulators fined the company under cybersecurity and data protection rules. While not strictly a patent or copyright case, the biometric data was treated as an asset with protected rights.
e) Open-Source and Licensing Conflicts
Concern: Using open-source biometric libraries without adhering to license terms (GPL, MIT, Apache).
Case Illustration 5:
Case: A fintech startup used an open-source fingerprint recognition library for commercial purposes but failed to comply with GPL licensing.
Outcome: License holder sued; court held that failing to provide source code or comply with attribution violated the open-source license—treated as a copyright/IP infringement case.
f) Emerging AI-Related IP Issues
Many modern biometric apps use AI models for face, voice, or behavior recognition.
IP Concerns:
Who owns AI-generated biometric templates?
Are trained models considered trade secrets or patentable inventions?
Use of datasets without proper licensing may constitute infringement.
Case Illustration 6:
Case: Vietnamese AI-driven fintech app trained facial recognition models using images scraped online. Another company claimed ownership of images.
Outcome: Courts held the fintech liable for unauthorized use of copyrighted images in training data, indirectly affecting IP rights of the model.
3. Practical Recommendations for Vietnamese Fintech Apps
Patent Due Diligence: Ensure all biometric algorithms used are either proprietary or licensed.
Copyright Compliance: Use licensed SDKs and libraries; respect open-source terms.
Trade Secret Protection: Secure internal algorithms with NDAs, access restrictions, and employee agreements.
Data/IP Hybrid Awareness: Treat biometric templates as both personal data and company IP.
AI Model Licensing: Verify training datasets and algorithm ownership before deployment.
✅ Key Takeaways
Biometric authentication systems in Vietnamese fintech apps touch multiple layers of IP: patents, copyright, trade secrets, and data rights.
Courts are increasingly willing to enforce IP rights, even for software and biometric systems.
Legal compliance requires vigilance over third-party SDKs, employee conduct, licensing terms, and AI-generated models.
Vietnam’s IP framework is evolving, but fintech companies can mitigate risks through licensing, internal security, and proper agreements.
RELATED Blog
comments