Online banking in Vietnam

Online banking is the process of doing transactions, or payments taking place online. It is two faces of the matter, undoubtedly, there are some advantages of online banking, however, the risk of it still exists, especially, hackers attack.

Definition:

             In the era of information explosion like now, we can meet any information technology applications anywhere, especially in the field of banking and finance, the application of information technology in the development of banking services play an important role of contribution to create the high-competitive economy and bring more benefits to customers.
             Online banking is a service offered by banks which allows accessing the account information and doing transactions, online payment. Nowadays, most of banks offer this Online Banking service. Online banking allows customers do any online transaction without going directly to the banks. Here are some facilities that Online Banking offers:
- Account Information management (payments, savings, and loans): balance inquiries, transaction statement.
- Transfers within or between bank to bank
- Transfer money by ID / Passport: inside and outside the system.
- Online Bill Payment (electricity, water, phone, internet charge).              

Advantages of Online Banking:

* Convenience:

 Once there is a phone or laptop with Internet connection and web browser, customers can do any kind transaction they want. Moreover, Online Banking is available 24/24 hours, 7 days/ week according to the working hours of the bank. This is especially significant for customers having not much time to go to the bank directly making deals, small and medium-sized customers/ individual customers having not many transactions with bank, or not big amount of transaction. These are benefits that traditional banking transactions is difficult to achieve with the faster and more accurate of Online Banking


*Saving money, increasing profits:
 

 

Methods of transactions

Average cost for 1 transaction (USD)

1

Bank’s staff

1,07

2

Phone

0,54

3

ATM

0,27

4

Internet

0,015


*Expanding field of operation, raise competition ability:

Online banking is a solution of commercial banks to improve service quality and operation efficiency, thereby enhancing the competitiveness of commercial banks. The more important thing is that Online Banking also helps commercial banks perform the “globalization” project without opening any branch else in the country as well as abroad. * Improving the efficiency of capital
In terms of the bank's business, Online Banking will help to improve the efficiency of capital use because of payment orders are done quickly. Bank can collect money fast and enable capital flows fast as well.


* Improving customer care and attracting customers:

Due to facilities gained from technology application, software, network service providers, Online Banking attract and retain customers using transactions with the bank, become loyal customers. With modern banking model like this, the ability of providing various customer services to many individual customers/ business of Online Banking is very high.

* Provides package service:

One more feature of Online Banking is to provide package service. Accordingly, banks can be associated with insurance companies, stock company and other financial companies to provide synchronized service to meet the basic needs of a customer or a group of customers for services relating to banking, insurance, investments, stock market...

Risks of hackers’ attacks:

               Vietnam’s banking security network is at high risks of being attacked by hackers if they do not have proper management system, Vu Quoc Khanh, director of Vietnam Computer Emergency Response Team (VNCERT). The banking sector was a favorite target for hi-tech criminals, he said. Statistics showed that 80% of banks nationwide have established, or planned to establish, internet banking solutions. However, there is an agreement within the sector that internet banking increases the risk that banks will be attacked by network criminals. A survey of 40 banks conducted by the Bach Khoa Inter-network Security Centre (BKIS) found that 20 of them were unsecured. The investigation revealed vulnerabilities in money transfers and discovered that the password recovery function to user accounts could also be used to change the customer's password.

                 There are 7 popular risks of security as the table below:

 

Risk

Problem solution

Input data management

SQL Injection

Hacker could steal customers’ information only by normal request

-Control well input data
- Choose to use Store procedure

Cross Site
Scripting (XSS)

Hackers could run a poisonous code on user’s computer by taking advantage of website money transfer

-Control well input data
- Use more encodes HTML entities…

Malicious File Uploading

Hackers could attack directly to hosting system by taking advantage of the function of “Feedback/Suggestions/Complain” on website

-Check customers’ attached expanding file parts carefully
- Decentralize closely on hosting

Logical management

Authentication

 Hackers take advantage of information confirmation procedure to steal data of system

-Deliver sensitive information through session instead of parameters
-Check session and correlative account

Cross Site Request Forgery
(CSRF)

Hackers treat users to transfer money to them by clicking accidentally on the link having code of transfer order

-Sensitive tasks have to use CAPTCHA
-Use more hard token, PKI

Environment & Operating System

Software Patch

Software companies often open holes and hackers could exploit them

-Update frequently patch
-Catch up with network security frequently to prevent Zero Day’s holes

Not good system configuration

Due to progress un-synchronization, some excessive functions are still activated and being taken advantage 

-Check and checklist frequently about information security and reject unnecessary functions

Process, Operation

Reveal account number, personal information and disable account

Implement standards of ATTT ISO 27001

 

http://www.pcworld.com.vn/articles/tin-tuc/tin-trong-nuoc/2010/04/1218784/7-lo-hong-cua-internet-banking-tai-viet-nam
http://www.vietinbank.vn/web/home/vn/research/08/080131.html


 

By Nguyễn Oanh on Jun 10, 2013 4:43:41 PM

Other articles in genre