Five Basic Modes of High-Tech Crime in Banking Sector

9:50:17 AM | 1/18/2021

It is not rare to hear a story that fraudsters pretending to be bank staff read every transaction detail to ask customers to provide the OTP security code to avoid having the account deactivated, fanning concerns about bank account security. Recent banking fraud cases related to high-tech crime are increasingly common.

In recent years, catching up with the Industrial Revolution 4.0, the Vietnamese commercial banking system has actively applied modern digital technologies to improve operational performance, enrich customer experiences, and enable customers to use modern banking services and save transaction costs. However, along with that, risks and loopholes are being exploited by criminals to attack the system.

Excellent information technology knowhow of criminals, sophisticated methods and tricks, and difficulty in identifying specific locations, real identities and addresses on cyberspace are typical hardships to prevent high-tech crimes in the banking sector.

According to a report released at the Workshop on “Preventing and fighting against high-tech crime in the banking sector” jointly held in Hanoi City by VPBank and the Department of Cybersecurity and High-Tech Crime Prevention (PA05) - Hanoi Police, the year 2020 featured five basic high-tech crime methods in the banking sector: Stealing bank data, customer account information, credit card information; phishing tricks to deceive and steal account information; exploiting security loopholes in the banking process to hijack the system administration; attacking databases to control the system to steal money from credit institutions; and using accounts, bank cards and scratch cards for illegal acts.

Among these five methods, the most common is stealing bank data, customer account information and credit card information. This method is done by installing card information and password theft devices at ATMs (skimming) to steal/buy credit card information to make fake cards for unauthorized payment for restaurant, hotel and internet services, even steal the account and its password to access the accounting system to take the owner’s money. To deal with this method, PA05 recommended banks regularly monitor ATM operations to detect skimming devices early and users to cover their hands when entering transaction PIN codes on ATMs, not to give credit cards to others for payment or register information on less trusted websites.

The next is phishing. This method mainly invokes greed or trust of victims. Criminals forge specific situations: sending gifts, sending money and blocking accounts for investigation on request of the police, then send the victims a fake bank notice and tell them to access the attached (also fake) link to confirm the account. When the victims follow instructions, the account holder's information will be used by the criminals to log into the victims’ account and proceed to transfer all the money away.

To counter this method, PA05 recommended credit institutions to regularly check for fake websites and warn their customers not to log in to websites with suspicious signs and hyperlinks, or provide account and card information on these websites. The police also requested credit institutions to set up alerts when their customers’ accounts are used to log in from an unfamiliar device or when the authentication options are changed.

Facing this fact, many banks have identified and reviewed their issues in the fight against high-tech crime, focusing on drastic action programs according to recommendations and proposals from PA05 - Hanoi Police, mobile network partners such as FPT and Viettel as well as other advanced programs. Banks also constantly advised customers to stay alert to fraudulent acts in the cloak of the bank to steal their accounts and promptly prevented hundreds of suspected frauds.

By Quynh Anh, Vietnam Business Forum