70% of personal information is stolen when paying via the internet

According to recent statistics from banks, about 70% of personal information is stolen because customers are negligent in security and do not understand enough when paying via the internet; leading to the loss of card information, from which criminals get the information to illegally transfer money.

Warning to customers

Recently, many banks have continuously sent messages or emails to customers reminding them to increase the security of online transactions, by asking cardholders to change their passwords to different difficult characters, or to perform a few more steps to be more secure when making transactions over the internet.

Since the end of October, many Vietcombank customers when making online transactions have received a notification to change their password right on the screen interface after logging in to use the service, causing them to panic and believe that the security status of this bank has a problem.

Responding to this, a representative of Vietcombank said: "In addition to monitoring and strengthening the system, we also increase warnings to customers, to ensure maximum security for card users when making online transactions, not that there is any problem with the system."

Similarly, Vietnam Maritime Commercial Joint Stock Bank (Maritime Bank) has just announced to customers about the implementation of online security authentication service (3D Secure) for Maritime Bank Mastercard cardholders when making transactions.

Banks are constantly advising customers to change their passwords and be careful when making transactions over the internet.

A representative of Maritime Bank said that in the past, when making online payments, Maritime Bank Mastercard cardholders only needed to enter cardholder information, card number and card verification number (CVC). Now, to further enhance the security of their bank accounts, these cardholders need to enter an additional OTP (one-time password) to complete online payments.

To ensure safety, OTP will only be sent to the cardholder via text message or email that the cardholder has registered with the bank. The service is automatically registered and completely free for all customers who own a Maritime Bank Mastercard (including debit and credit cards) and have activated the online payment feature.

“With this security service, cardholders will be completely assured when making online transactions, avoiding information theft,” said a Maritime Bank representative.

Previously, to increase convenience for customers, Maritime Bank has deployed a free PIN creation and change service on Internet Banking. Instead of having to do it directly at the ATM or transaction counter, with this service, Maritime Bank cardholders can create and change their own PIN on electronic banking.

More and more sophisticated tricks

Banks say that money in the account is protected with 2 layers of security: account/password (username/password) and OTP code sent by the bank to the phone number you registered with the bank (called SMS OTP), or generated on a special device that the bank provides to the user, or installed only on the device registered with the bank (called Smart OTP or active OTP).

The user is the one holding the two security keys above, so he needs to know how to protect his "safe", because if he is not careful, it will be stolen by thieves with many fraudulent tricks.

The most common in online transactions is that criminals impersonate relatives by using stolen social network accounts, asking to transfer money or receive money through a link sent via email or text message, aiming to lead customers to linked websites that have set traps for customers to provide the above layers of protection and then get information.

More sophisticatedly, criminals impersonate police officers, prosecutors or bank security officers to call and inform customers that their accounts have been hacked and ask for their account numbers and transaction passwords; or impersonate bank employees to call and ask for information; or inform customers that they have won a prize and ask them to fill in information at a link that provides relevant information about passwords and OTPs.

According to Vietcombank representative, many people after logging into their account and making payment do not log out; thus, later people can easily use it, or run programs to easily get the password.

Previously, banks relied on their partners for security, but now banks themselves have taken additional measures to enhance security. For example, since the beginning of November 2017, if customers pay online via Vietcombank account after accessing the service, if they do not make any transaction within 5 minutes, Vietcombank will automatically disconnect the transaction session.

To continue using the service, you must log in again. In addition, the validity period of the OTP code is limited to 5 minutes for receiving OTP via text message; 2 minutes for receiving OTP via EMV - OTP card and eToken device. The access password is also only valid for a maximum of 12 months from the date of the last password change. The structure of the service access password is also more strictly regulated.

Maritime Bank representative recommends: When using Smart OTP, users must absolutely use it on secure smartphones, that is, do not arbitrarily install strange software on the phone, because that will help hackers control and steal the user's security code, thereby making illegal money transfers.

According to Saigon Giai Phong Newspaper