According to the 2021 World Retail Banking report, 57% of consumers say they prefer to use online banking over traditional branches. And now 55% of consumers prefer to use mobile banking apps to make financial transactions, 47% more than the pre-pandemic period. (1)
In Vietnam, mobile payments grow strongly by 90% in quantity and 150% in value annually. Many banks reach more than 90% of the transaction value on digital channels. Since March 2021, more than 1.8 million payment accounts have been opened online under the new eKYC method, out of more than 100 million active payment accounts. (2)
Evolving digital banking services have made it easier and convenient for consumers to manage their finances, including activities ranging from bill payments to savings deposits or online shopping. However, digital financial transactions risk increased security risks for customers’ personal and account security, so data security is an important factor in consumers choosing which banks to bank in their financial transactions.
Information risk when consumers use bank services
Security-related risks of the banking system: The increasing development of digital technologies has also led to an increase in security vulnerabilities as well as the behaviors and tricks of high-tech criminals. According to Verizon’s 2021 Data Incidents report (3), financial institutions have the second largest number of data-related incidents compared to other industries. IT systems in banks always face many risks such as hackers, computer viruses, malicious code attacks on the server system, data as well as personal computers of bank employees. In addition, ATMs can also be illegally installed with readers to steal a customer’s PIN and card code.
Risks related to customers being scammed, banking fraud: Many customers due to ignorance, have been swindled by criminal groups in many sophisticated forms – through messages, calls, websites, social networks to steal account information and then make money transfers to other accounts. This is the main cause of loss for customers and greatly affects the reputation of the bank.
Risks of customer authentication: Currently, customers through eKYC online identification methods can open a bank account without having to go to the counter. The risk can occur when attackers can cheat by altering the image in the ID/CCCD, falsely obtaining personal information, resulting in the creation of a number of “virtual” payment accounts that are difficult to control to make illegal transactions.
Banks’ customer information security solutions
Management of access to services and data: Banks and financial institutions should invest in upgrading security infrastructure systems to ensure the highest level of security with firewall systems, IPS intrusion prevention systems, DDoS denial-of-service anti-attack systems, apply multi-factor authentication methods to ensure bank employees and customers can access safe and uninterrupted banking services.
Establishing information security policies in compliance with international and Vietnamese standards: Banks continue to apply information security in accordance with international standards such as information security management system in accordance with ISO 27001, applying PCI DSS card data security standards, apply SWIFT’s “Customer Security Framework”, comply with Decree No. 117/2018/ND-CP on confidentiality, providing customer information of credit institutions, foreign bank branches and Circulars of the State Bank. In addition, the policy must be periodically revised to keep the policy requirements and recommendations up to date.
Data encryption: Data systems and applications in banks need to encrypt data and information related to customers according to encryption standards such as TLS, AES256 when storing and dealing with customers to protect data.
Risk assessment: Banks need to periodically assess risks to IT infrastructure that implements internal security teams or companies that provide external security services. The information gathered during the risk assessment process can help analyze and assess the current level of security for critical data as well as quickly detect security weaknesses and vulnerabilities.
Tracking and analyzing user activity: Banks need to regularly monitor users’ transactions with banks to be able to detect suspicious events through AI technology and send alerts to customers.
Partner data usage risk management: Financial institutions and banks need to closely monitor and manage their partners’ access to customer data, ensuring that partners are as compliant with cybersecurity standards and regulations as banks.
Improve information security awareness to proactively protect users’ information and accounts
When using banking services, consumers need to pay attention to some of the following measures:
- Comply with the regulations and guidelines of banks providing services, register to receive notifications of changes in transaction balances via email, SMS and mobile application.
- It is necessary to regularly change the password to access the service, personal email and only log in on the bank’s official website.
- When participating in online shopping and payment transactions, users should only make transactions at reputable e-commerce sites to ensure that no bank account and credit card account information is stolen.
- It is recommended to regularly update information security warnings from banks and mass media, do not access unverified websites, strange links sent via text messages, emails of unknown origin, via social networks,…
Banks and financial institutions need to be proactive, follow the principles of information security to provide customers with the highest level of security while providing modern digital banking experiences, at the same time developing programs to help raise awareness about customer information security. This helps the bank build a reputation and image with customers, ensure the loyalty of existing customers and attract more new customers.
(1) World retail banking report. 2021
(2) Báo tuổi trẻ. 2021 Covid-19 thúc đẩy quá trình chuyển đổi số trong ngân hàng
(3) Verizon. 2021 Data breach investigations report