70% of personal information is stolen when paying over the internet

According to recent statistics from banks, about 70% of personal information is stolen because customers are negligent in security and do not understand enough when paying via the internet; leading to the loss of card information, from which criminals can get the information to illegally transfer money.

Warning to customers

Recently, many banks have continuously sent messages or emails to customers reminding them to increase the security of online transactions, by asking cardholders to change their passwords to different difficult characters, or to perform a few additional steps to ensure more security when making transactions over the internet.

Since the end of October, many Vietcombank customers when making online transactions have received a notification that they need to change their password right on the screen interface after logging in to use the service, causing them to panic and believe that the security status of this bank has a problem.

Responding to this, a representative of Vietcombank said: "In addition to monitoring and strengthening the system, we also increase warnings for customers to ensure maximum security for card users when making online transactions, not that there is any problem with the system."

Similarly, Vietnam Maritime Commercial Joint Stock Bank (Maritime Bank) has just announced to customers about the implementation of online security authentication service (3D Secure) for Maritime Bank Mastercard cardholders when making transactions.

Banks are constantly advising customers to change their passwords and be careful when transacting over the internet.

A representative of Maritime Bank said that in the past, when making online payments, Maritime Bank Mastercard cardholders only needed to enter cardholder information, card number and card verification number (CVC). Now, to further enhance the security of their bank accounts, these cardholders need to enter an OTP (one-time password) to complete online payments.

To ensure safety, OTP will only be sent to the cardholder via text message or email that the cardholder has registered with the bank. The service is automatically registered and completely free for all customers who own a Maritime Bank Mastercard (including debit and credit cards) and have activated the online payment feature.

“With this security service, cardholders will be completely assured when making online transactions, avoiding information theft,” said a Maritime Bank representative.

Previously, to increase convenience for customers, Maritime Bank has deployed a free PIN creation and change service on Internet Banking. Instead of having to do it directly at the ATM or transaction counter, with this service, Maritime Bank cardholders can create and change their own PIN on electronic banking.

increasingly sophisticated tricks

Banks say that money in the account is protected with 2 layers of security: account/password (username/password) and OTP code sent by the bank to the phone number you have registered with the bank (called SMS OTP), or created on a special device that the bank provides to the user, or only installed on the device registered with the bank (called Smart OTP or active OTP).

The user is the holder of the above 2 security keys, so he needs to know how to protect his "safe", because if he is not careful, it will be stolen by thieves with many fraudulent tricks.

The most common in online transactions is that scammers impersonate relatives by using stolen social network accounts, asking to transfer money or receive money through a link sent via email or text message, aiming to lead customers to linked websites that have set traps for customers to provide the above layers of protection and then get information.

More sophisticatedly, criminals impersonate police officers, prosecutors or bank security officers to call and inform customers that their accounts have been hacked and ask for their account numbers and transaction passwords; or impersonate bank employees to call and inquire about ways to exploit information; or notify customers that they have won a prize, asking them to fill in information at a link that provides relevant information about passwords and OTPs.

According to Vietcombank representative, many people after logging into their account and making payment do not log out; thus, later people can easily use it, or run programs to get the password easily.

Previously, banks relied on partners for security, but now banks themselves have applied additional measures to enhance security. For example, since the beginning of November 2017, customers who pay online via Vietcombank account after accessing the service, if they do not make any transaction within 5 minutes, Vietcombank will automatically disconnect the transaction session.

To continue using the service, you must log in again. In addition, the validity period of the OTP code is limited to 5 minutes for receiving OTP via SMS; 2 minutes for receiving OTP via EMV - OTP card and eToken device. The access password is also only valid for a maximum of 12 months from the date of the last password change. The structure of the service access password is also more strictly regulated.

Maritime Bank representative recommends: When using Smart OTP, users must absolutely use it on secure smartphones, that is, do not arbitrarily install strange software on the phone, because that will help hackers control and steal the user's security code, thereby making illegal money transfers.

According to Saigon Giai Phong Newspaper