The Payment Department under the SBV reported early this week that in 2016, out of the total 70 million transactions at 100 million ATMs, the number of fraud cases was not significant.
Nonetheless, Government agencies and institutions in the financial and banking sector have been authorised by the SBV to increase security levels within the banking system.
Nguyen Toan Thang, Secretary General of the Vietnam Banks Association, said that commercial banks are co-operating with public security departments to fix these security breeches, while the SBV frequently monitors banks’ security levels.
Commercial banks frequently alert their account holders to information leaks, fraudulent practices and at the same time seek to establish air tight interbank information exchanges to protect their customers and themselves.
However, the SBV also warned that the nature of ATM card fraud is complex and changing, with a wide array of manoeuvres available to criminals - from phishing, identity theft to illicit malware installation, especially with mobile devices, to obtain account information and passwords from cardholders.
One such case occurred at the Dong A Commercial Joint Stock Bank in April, wiping out VND129 million (US$5,766) from a customer’s account.
Last week, seven transactions from a Joint Stock Commercial Bank for Foreign Trade of Vietnam (Vietcombank) account were made, totalling VND30 million (over US$1,300). The account owner said he received text messages informing him of the change of his account balance on May 14 morning.
Vietcombank’s representative told Viet Nam News that its contact centre was contacted the same day by the said customer. The bank promptly locked the account and helped him carry out necessary procedures. The bank said his rights would be ensured if he did not make the transactions himself.
Serious procedures must be taken by commercial banks to protect their customers, which include sending warning messages to customers about swindles, encouraging customers to change their PIN regularly, registering SMS notifications of all changes in the account balance and updating personal information.
To minimise risks, Vietcombank recently announced adjustments of conditions for using internet banking services. However, customers claimed the new regulations placed unreasonable responsibility on the users. Vietcombank immediately suspended the new regulations.
After many other thefts, which always occur at midnight, many banks have cut short their automated service hours. For example, Agribank announced that its ATM service would operate from 6am to 9pm, instead of offering 24/7 online transactions as regulated by the central bank.
Regardless of the public backlash against bank security measures, it is reasonable to assume that both the customers and the banks are at fault. “This signals gaps in the management of credit cards in particular and in the bank’s security in general. The most urgent requirement now is to mend the gap in the banking system’s security," a banking expert told the Vietnam News Agency.
Furthermore, at a conference on online security in late 2016, Jason Yuen from Ernst & Young Malaysia Advisory Services said there would never be a completely reliable network, especially for the banking sector. Yuen predicted the number of hacking incidents affecting Vietnamese banks would grow, and they would continue to be hard to trace and stop.
“Banks should take these security threats as a systemic risk, which means that without a precise strategy, a bank that invests US$20 million in online security is no safer than one investing US$10 million,” he advised.
A 2016 report from Russia’s Kaspersky Lab on spam and phishing showed that Vietnam was the second originator of spam and junk mail in the world.