Local cybercrime threats on the rise

June 26, 2019 | 09:55
Though the quick advancement of fintech has helped cashless payments increase in Vietnam, it has also created a fertile land for cyber-criminals to exploit. Luu Phuong reports.  
local cybercrime threats on the rise
As technology gets more sophisticated, regular citizens may find it difficult to remain aware of the safest ways to carry out payments, Photo: freepik

In January, the government released Resolution No.01/NQ-CP indicating the State Bank of Vietnam to build a ­national comprehensive financial strategic scheme. Accordingly, the ­financial sector will develop a non-cash ­consumption strategy.

At the end of last month, seven commercial banks began issuing domestic chip cards. It is expected that 21 million chip cards will eventually be issued.

On June 16, the country held its first Cashless Day. Non-cash payments were encouraged for shopping and other transactions, and consumers were entitled to preferential policies from credit institutions, payment ­intermediaries, retailers, and other service providers.

According to the State Bank of Vietnam (SBV), in the first quarter of 2019, the interbank e-payment system has handled 37.33 million transactions with the value of VND20.69 quadrillion ($899.56 billion), an on-year increase of 23 per cent in quantity and 17.8 per cent in value.

In the whole country, there are 18,670 automated teller machines (ATM) and 261,700 point-of-sale (POS) devices. The number and value of transactions using domestic banking cards continue to rise, reaching 65 million transactions for VND171 trillion ($7.4 billion).

The number and value of financial transactions through Internet platforms increased by 68.8 and 13.4 per cent respectively, on-year. About 50 commercial banks have connected to the electric tax payment system of the General Department of Taxation.

The statistics also show that there were 26 organisations providing e-wallet services for about 10,000 customers across the country. By the end of last year, there were 4.2 million e-wallets linked to bank accounts. On average, the entire banking system handled VND300 trillion ($13.04 billion) per day in 2018, up 25 per cent compared to the previous year.

“Vietnam’s financial sector was successful in e-payment growth, in terms of both Internet and mobile payment, with the respectively rates of 19.5 and 169 per cent. PwC listed Vietnam among the countries with highest growth of mobile payment in 2018,” Nguyen Kim Anh, Deputy Governor of the SBV said at the Banking Vietnam conference last month in Hanoi.

However, Anh also said that cyber-criminals attacking banks is on the rise.

Hoang Minh Tien, deputy director of the Information Security Department under the Ministry of Information and Communications (MIC) said, “The change to non-cash finance exposes many potential risks in loss of security due to increasingly sophisticated and complex attacks, causing more and more serious damage to the economy as well as to the prestige of financial institutions.”

According to a recent survey of 30 commercial banks and joint stock companies, as well as 16 financial service providers in Vietnam, the main attacks that financial businesses have to cope with are malicious code (50 per cent), fake emails (46 per cent), and spyware (23 per cent). The most important security issue is data leaks (60 per cent), while attacks from outside account for 40 per cent.

Illegal activities

In late May, four men were arrested in the northern province of Thai Nguyen by the Ministry of Public Security’s (MoPS) Department of Cyber Security and High-Tech Crime Prevention. The four defendants were allegedly exploiting advances in technology to carry out a range of offences, including stealing money and appropriating customer database system.

Do Tuan Anh, one of those arrested, said their organised criminal gang started illegal activities from 2013, laying the groundwork by taking advantage of vulnerabilities in cybersecurity in local companies’ databases and websites. After taking control of websites’ administration, the criminals made up fake accounts in order to buy mobile cards.

In some complicated cases, Tuan Anh hired foreign hackers to steal data from these websites. From ­September 2018 to April 2019, the gang ­attacked the databases and intellectual property ­information of five companies, and illegally ­appropriated thousands of phone cards and game cards valued at nearly $218,000.

Before this case, Nguyen Huu Tien’s virtual currency platform VNCoins JSC took over VND2 billion ($87,000) from 6,000 people. Through his website, Tien and his ­accomplices called for investment with a high benefit of 1.8 per cent per day, while also seeking investment in VNCoins with a profit of 2.5 per cent per day.

Elsewhere, Le Minh Tam’s Sky Mining took over VND300 billion ($13 million) from investors after ­persuading them to buy their virtual money digger with the promise of ­interest up to 300 per cent and ­returning capital within 12 months. In 2018, Tam reportedly fled to the United States after the company ­imploded.

According to an MoPS report, appropriating credit card information to create fake payment cards continues to be complicated. Notably, many of the criminals are foreign tourists who pay through wireless card payment machines without going through the Vietnamese banking system.

At the same time, some people use Voice over Internet Protocol (VoIP) to assume the identities of authorities such as the police to threaten people or remind them of charges or violations, then asking victims to transfer money to their bank accounts.

VoIP, also called IP telephony, is a methodology and group of technologies for the delivery of voice communications and multimedia sessions over internet protocol networks such as the Internet. There have also been reports of fraudulent activities of appropriating assets on social networks, with criminals pretending to be someone in their friend list and asking to borrow money.

Meanwhile, according to an SBV report on the national risk assessment on money laundering and terrorist financing between 2012 and 2017, the banking sector is at greatest risk of money laundering, with nearly 90 per cent of all suspicious transaction reports sent to the SBV’s Anti-Money Laundering Department related to the banking sector.

“I use an e-wallet on a daily basis when I shop at malls or when I dine at restaurants thanks to its convenience. It helps me out of the trouble of carrying cash or a physical wallet all the time,” said Cao Minh Duc, a five-year-experienced senior in the finance industry. “This conventional payment method also has lots of attractive promotions such as discounts, cash back, or rewards for accumulated points which normal cash does not offer.”

“However, I would be worried of losing my mobile phone. My e-banking and e-wallets are installed inside and they are vulnerable to cyberattack,” Duc said.


Hot on the heels of recent digital frauds, deputy director of the MoST’s National Cyber Security Centre Tran Quang Hung warned that these incidents were just the tip of the iceberg. “The incidents should ring a bell for local authorities and providers alike. The threat of e-wallet insecurity is a board-level risk issue, which requires continuous efforts to protect customers from scamming and identity theft.”

As a fintech company providing payment solutions for many banks with dozens of millions of transactions a day, Vietnam Payment Solution JSC (VNPAY) recognises that risks are regular, therefore service policies are important to manage and prevent risks. “Assuring of technology and human resources, we require customers to satisfy a certain condition when using the service or during the transaction process,” Le Tanh, general director of VNPAY told VIR.

According to Alwaleed Alaabani, head specialist on finance at the World Bank in Vietnam, the country has a lot of potential in fintech startups and related talent. “The private sector and the Vietnamese government should co-operate with each other, discuss the risks, and provide solutions,” he told VIR.

According to MoMo e-wallet’s representative, users should take measures to protect themselves against cyber incidents involving e-wallets. “They should use their personal information such as passport or national identity number to register the account to directly link to their bank and e-wallet accounts,” said Truong Cam Thanh, director of Zalo Pay.

“For mobile devices, customers should install e-wallets in non-interfering operating systems. They should also update anti-malware applications and change passwords frequently in order to add multiple layers of ­security”.

What the stars mean:

★ Poor ★ ★ Promising ★★★ Good ★★★★ Very good ★★★★★ Exceptional