Safeguarding data is vital for banking’s digital future

Safeguarding data is vital for banking’s digital future

Experts from the Vietnam Blockchain Union and RMIT University underscored the pivotal role of data security and data privacy in propelling the digital transformation of the finance and banking sector.

As the Vietnamese government advances the national digital transformation agenda, the banking industry as a whole and individual commercial banks are speeding up the digital transformation of all their operations, thereby improving their capacity to provide modern products and services and meet customer needs.

This is clearly reflected in the rise of cashless payment services. Statistics from the State Bank of Vietnam show that non-cash payments amassed around 11 billion transactions in 2023, an increase of nearly 50% year on year, with a total transaction value of more than VND200 quadrillion VND. QR code payments alone increased by nearly 172% in volume and over 74% in value.

Data security: an indispensable foundation

According to Mr Nguyen Viet Hoa, Head of Community Information, Vietnam Blockchain Union (part of the Vietnam Digital Communications Association), the finance and banking sector has always been associated with the construction, management and operation of data systems – going from primitive means such as physical books and records, to core banking systems storing billions of digital records every day.

“Throughout that evolution, data security has played a key role in protecting the entire system so that it can operate safely, transparently and effectively. Organisations inside and outside the finance-banking sector have been developing a plethora of solutions to minimise vulnerabilities and the risks of suffering attacks that result in data breaches," Mr Hoa commented.

A customer hovers a bank card on top of a POS machine Cashless payment is becoming increasingly popular. (Photo: Pexels)

According to Mr Hoa, data security solutions deployed by banks in Vietnam can be divided into five common categories, including:

Fraud prevention: Prevent unauthorised transactions, impersonation or identify theft via transactions on a spoofed website. Solutions to this problem include two-factor authentication, fingerprint biometrics, and 3D facial recognition.

Data risk control: Build a monitoring system to warn of unusual behaviour in data retrieval, mainly focusing on sensitive information such as personal identification, transaction history, and related financial information.

Network infrastructure security: Apply the latest standards, regularly update patches and processes related to the operation of systems for communication, data transmission, and information encryption between relevant parties in banking transactions.

Phishing attack prevention: With the development of technology, phishing attack methods are increasingly sophisticated and can involve the use of advanced technologies such as "deepfake AI". Countermeasures mainly revolve around raising awareness of suspicious signs.

Preventing loss and unlawful interference of data: Attacks such as injecting malware to steal or change information illegally can be prevented through the application of advanced encryption technology like blockchain, which disperses stored data and prevents unlawful overwriting of information, ensuring the integrity of transaction data.

Mr Hoa remarked that there are currently many international standards that Vietnamese banks can apply to improve their risk control in general and information security in particular. "However, more input from real-life situations is always needed to ensure that the actual practice is updated and effective as technology advances and transforms all the time," he stressed.

Data privacy: an integral counterpart

An equally important task is the implementation of data privacy. According to Dr Huy Pham, Founder of RMIT Fintech-Crypto Hub, although Decree 13/2023/ND-CP (effective from 1 July 2023) has issued a legal framework for personal data protection, its implementation in the finance and banking sector will take some time to roll out.

Dr Huy said: “To be able to fully comply with the regulations in Decree 13, financial institutions and banks need to strengthen their control over the processing and storage of personal data from the employee level up because they often interact and communicate directly with customers – possibly through their personal phones. So, serious violations of personal data protection can easily occur.

"For example, a customer's personal information might be transmitted from one securities company to another via their respective employees without the customer's consent."

Mr Nguyen Viet Hoa (pictured left) and Dr Huy Pham (pictured right) Mr Nguyen Viet Hoa (pictured left) and Dr Huy Pham (pictured right)

Concurrently, the advancement of artificial intelligence (AI), generative AI, and their applications in the finance and banking sector causes growing concerns as to whether customers' personal information could be legally used in AI training.

“Will data subjects have full control over their personal information if financial institutions and banks apply AI in their systems? If these organisations unlawfully use customer data in AI training, how can the data subjects track such activities and potentially initiate a lawsuit?” Dr Huy hinted.

The RMIT expert said that in principle, data subjects can request that organisations not use or remove their personal information when training AI models.

A notable example is OpenAI's ChatGPT tool, which was briefly banned in Italy until the company provided solutions that enabled data subjects in Italy to allow or refuse the use of their personal data in AI training.

However, unlike Google and other search engines, generative AI models such as large language models cannot easily fulfil such requests as oftentimes, they cannot retrieve or remove specific pieces of information on command. Moreover, currently popular large language models are also not transparent – they are essentially “black boxes” and users do not clearly know how the answers are formed.

“Therefore, the Government and relevant authorities need to provide specific instructions and regulations on the use of personal data for AI training in the finance and banking sector. At the same time, they should encourage financial organisations and banks to use responsible and explainable AI models,” Dr Huy concluded.

Story: Ngoc Hoang

Masthead image: fizkes – stock.adobe.com

30 January 2024

Share

  • Digital
Engage

Related news

news-thumbnail-news-thumbnail-tackling-the-quality-crisis-with-synthetic-solutions-AdobeStock_cherdchai.jpg

The hidden costs of using ‘synthetic data’ to train AI models
Icon / Small / Calendar Created with Sketch. 21 Jan 2025

Earlier this month the billionaire and owner of X, Elon Musk, claimed the pool of human-generated data that’s used to train artificial intelligence (AI) models such as ChatGPT has run out.

Teenages sitting at computers

Protecting Vietnamese children online amid growing digital risks
Icon / Small / Calendar Created with Sketch. 10 Jan 2025

As social media use soars in Vietnam, online threats to children grow. Stronger laws, educational programs, and partnerships with tech platforms are essential to create safer digital spaces.

Teachers in Can Tho city practice using generative AI tools.

Over 1,400 educators attend free AI training delivered by RMIT
Icon / Small / Calendar Created with Sketch. 20 Dec 2024

RMIT Vietnam has delivered a free training program for teachers across Vietnam to enhance their capabilities in applying AI technologies in teaching and learning activities.

Cyber security icons

How Vietnam's new Data Law transforms cyber security and economy
Icon / Small / Calendar Created with Sketch. 17 Dec 2024

Vietnam's new Data Law is a major step in strengthening cyber security and data protection. It addresses key challenges while promoting digital economic growth and enhancing international collaboration.

Load more +