Security for Electronic Payments in Digital Era

9:30:48 AM | 9/7/2023

The banking industry is one of the pioneers in people-centric digital transformation. In the digital era, ensuring the security and safety of electronic payments is always a vital matter.

When deploying technology software systems, credit institutions and commercial banks prioritize ensuring the highest level of safety at all times

Striking development

Mr. Nguyen Quoc Hung, Vice President and General Secretary of the Vietnam Banking Association, stated that the 2020-2025 period witnessed significant growth in payment transactions. Before 2016, credit institutions could only process 0.5 - 1.0 million transactions a day. However, daily transactions have now jumped to 8 million, with a cash equivalent value of VND900 trillion (US$40 billion). With such a large number of daily payments, digital transformation is considered a very important and practical movement in the banking industry.

According to statistics, as of June 2023, the value of transfer payment transactions increased by 52.35% compared to 2022. The value of payments via POS, QR code, internet banking and mobile banking jumped in both value and quantity. Meanwhile, the amount of cash withdrawals via ATMs declined by 6.3%. Indeed, digital transformation helped reduce cash use and boost the fastest and most convenient payment.

In addition, about 40 banks adopted eKYC method for opening 11 million payment accounts while about 20 banks opened 10.8 million card payment accounts for customers via eKYC method. This is one of the positive results in card payments.

Nowadays, it takes only 15-20 minutes to open a bank account at home instead of having to go to a bank location to fulfill many time-consuming procedures and papers as before. Users know how to use online platforms for bank transfers or payments. Banks have also cooperated with Fintech companies to open e-wallets to enable customers to pay basic services online such as power bills, water bills, house rents and phone bills. Users can make all payment transactions, both large and small, quickly and easily using their smartphones with the help of QR code payment. The government’s request for connection and sharing of population database has been instrumental in integrating customer accounts with population data. This has helped reduce illegal money transfer services or loan sharks while popularizing finance in remote areas, border areas and islands through electronic lending. The government has also adopted measures such as Mobile Money to boost noncash payment not only in urban areas but also in remote areas, border areas and islands. After one year of implementation, Mobile Money has over four million users and this number is growing.

Heightened risks of fraud

The State Bank of Vietnam (SBV) developed the strategy for 2021-2025 to carry out the digital government plan and the banking industry took the lead in this process, with commercial banks investing VND15 trillion in digital transformation.

Mr. Pham Anh Tuan stated that digital transformation must go hand-in-hand with safety, security and confidentiality of users’ information. Only by doing so, digital transformation will be sustainably developed and users will trust in digital banking products and services provided by banks.

However, besides the above advantages, risks of fraudulent electronic payments also increased sharply, with many complicated and unpredictable developments. According to Mr. Nguyen Quoc Hung, when carrying out digital transformation, the government and the SBV always place safety indices above all. Therefore, credit institutions and commercial banks, when deploying technology software systems, give priority to ensuring the highest safety at all times. Nevertheless, crooks still manage to take advantage of loopholes to defraud customers of money. There is a typical case that a customer accidentally provides personal information such as citizenship identity, payment card number, account number, password, OTP code or payment code for crooks when they use social networks, surf the internet or make electronic payments.

In addition to the risks mentioned earlier, dishonest people may upgrade mobile SIM cards or internet subscription packages on SIM to dispossess mobile phone numbers from which they can get bank account passwords. Furthermore, they use fake messages, send malicious links/brand names to cheat and take money from customers’ accounts.

The SBV and credit institutions have repeatedly warned against scams and directed credit institutions to review and raise awareness for their customers. However, this primarily depends on the vigilance and caution of each citizen. Customers need to be alert and vigilant, never provide any personal information to third parties, and stay careful in cyberspace to minimize risks and lose money to hackers.

One of the biggest difficulties today is that the legal corridor has not kept up with the progress of science and technology. According to Mr. Pham Anh Tuan, many products and services are powered by modern advanced technologies but a lagging legal corridor is hindering application as well as behaviors.

Moreover, felonies have increased at a higher rate than in previous years. The banking industry as well as other ministries have drastically adopted preventive measures in recent years but still trailed new developments. Mr. Tuan added that if all transactions were done securely with 3D Secure, no money would be lost. Even if customers’ card numbers and CVV digits are exposed, a transaction will not be successful without a confirmation code sent to the registered telephone number via SMS message used to authenticate such transaction.

Infrastructure compatibility is a major obstacle in the banking industry. Currently, banks, police agencies, and telcos use their own data, which cannot be used by others. If these data infrastructures are compatible, integrated and connected, banks can check whether the phone number is owned by such customer or whether such customer uses the right phone number when a customer opens an account, registers his/her phone number or uses mobile banking. These infrastructures are gradually coming together to build a common ecosystem and utilize it effectively to prevent fraud.

In particular, people’s preferences and habits of using cash in remote areas and islands are still prevailing. Their limited skills in using digital banking services may be exploited by fraudsters to take their money.

Quickly completing the legal corridor and ensuring smooth operation

The State Bank of Vietnam (SBV) is committed to ensuring the security and safety of electronic payments and gradually reducing fraudulent acts. To achieve this, the SBV will continue to improve the legal corridor by amending Decree 101 and introducing a decree on a controlled testing mechanism (sandbox) of financial technology (fintech) activities in the banking sector.

The SBV will focus on ensuring the smooth and uninterrupted operation of the country’s important payment systems. The SBV will actively urge credit institutions and payment service providers to increase investment in information security and confidentiality in line with steps stated in the banking digital transformation plan issued by the SBV Governor. At the same time, the SBV will actively apply new technologies to digital transformation, build a seamlessly integrated data ecosystem with related ministries and sectors to provide better experiences for customers. For example, according to Plan 01 in which the SBV collaborates with the Ministry of Public Security, some credit institutions have moved to integrate their mobile banking application into VneID application (electronic application for citizen’s identity) of the police. Or in other words, when logging into the VneID application, users can open and use bank accounts with electronic citizen’s identity authentication.

Additionally, according to Mr. Pham Anh Tuan, the SBV will continue to coordinate with relevant authorities to detect and prevent fraudulent acts.

The SBV is committed to ensuring the security and safety of electronic payments and gradually reducing fraudulent acts. To achieve this, the SBV will continue to improve the legal corridor by amending Decree 101 and introducing a decree on a controlled testing mechanism (sandbox) of financial technology (fintech) activities in the banking sector.

Anti-money laundering, anti-fraud and anti-scam systems of credit institutions must be effectively deployed and applied. The role and responsibility of credit institutions need to be further enhanced, with higher awareness, in providing services, not just for profit. Last but not least, the SBV will continue to widely communicate and disseminate financial knowledge and warnings to the people in a bid to gradually reduce damage caused by fraudulent acts and scams as in the past time.

Mr. Van Anh Tuan
Senior Director of Information Security, Techcombank

If good management policies are in place and clear, they will help credit institutions effectively carry out digital transformation. Once policies are in place, banks will continue to synchronize from people to policies and technology; continue to invest in new technologies and anti-phishing technologies like DeepFake phishing or underlying information security technologies to application information security and authentication technologies to make sure that the identity of the account holder performing the transaction is right. They will also apply encrypted data protection technologies or Tokenization-based data processing to make sure that data is confidential as per Decree 13 on personal privacy protection recently released by the government.
In addition, it is possible to set up a swift response network from the police to banks and credit institutions. When a customer is scammed, they can coordinate with other parties to prevent money flow and keep the money for the customer. In essence, when the scammer gets the money, the money will also move among banks but they will move faster.
By following a policy process, banks continue to adopt new policies, especially regulations on information security and other security standards which are based on world standards as well as regulations from the government and the SBV. Banks can develop and apply a set of standards and their daily operations and systems development are based on that set of standards.
Ms. Winnie Wong
Country Manager of Mastercard in Vietnam, Cambodia and Laos

Cyberattacks are inevitable, especially in the banking industry. Therefore, when digital transformation is adopted, not only financial institutions but the whole country needs to join hands to protect financial transactions.
To ensure safety, banks need to invest in technology and cooperate with regulatory agencies such as the SBV to ensure policy compliance and have a legal basis in the event of an incident. In addition, human perception is a key factor. Even if we have good technology and good personnel, if users still decide to make a transaction, we can’t stop it. Therefore, enhancing awareness is something that the banking industry needs to work together for. We are also promoting awareness-raising communications together with other stakeholders.

By Anh Mai, Vietnam Business Forum