According to Mr Hoa, data security solutions deployed by banks in Vietnam can be divided into five common categories, including:
Fraud prevention: Prevent unauthorised transactions, impersonation or identify theft via transactions on a spoofed website. Solutions to this problem include two-factor authentication, fingerprint biometrics, and 3D facial recognition.
Data risk control: Build a monitoring system to warn of unusual behaviour in data retrieval, mainly focusing on sensitive information such as personal identification, transaction history, and related financial information.
Network infrastructure security: Apply the latest standards, regularly update patches and processes related to the operation of systems for communication, data transmission, and information encryption between relevant parties in banking transactions.
Phishing attack prevention: With the development of technology, phishing attack methods are increasingly sophisticated and can involve the use of advanced technologies such as "deepfake AI". Countermeasures mainly revolve around raising awareness of suspicious signs.
Preventing loss and unlawful interference of data: Attacks such as injecting malware to steal or change information illegally can be prevented through the application of advanced encryption technology like blockchain, which disperses stored data and prevents unlawful overwriting of information, ensuring the integrity of transaction data.
Mr Hoa remarked that there are currently many international standards that Vietnamese banks can apply to improve their risk control in general and information security in particular. "However, more input from real-life situations is always needed to ensure that the actual practice is updated and effective as technology advances and transforms all the time," he stressed.
Data privacy: an integral counterpart
An equally important task is the implementation of data privacy. According to Dr Huy Pham, Founder of RMIT Fintech-Crypto Hub, although Decree 13/2023/ND-CP (effective from 1 July 2023) has issued a legal framework for personal data protection, its implementation in the finance and banking sector will take some time to roll out.
Dr Huy said: “To be able to fully comply with the regulations in Decree 13, financial institutions and banks need to strengthen their control over the processing and storage of personal data from the employee level up because they often interact and communicate directly with customers – possibly through their personal phones. So, serious violations of personal data protection can easily occur.
"For example, a customer's personal information might be transmitted from one securities company to another via their respective employees without the customer's consent."