Can a customer who lost 500 million sue for poor security system?
Not only did one ATM account owner lose 500 million VND, but many others have also experienced similar situations for unknown reasons. Losing millions of VND because of accessing fake websites, how to protect yourself?
Perfect scenario to trick OTP code to withdraw money from accountAnother Vietcombank customer lost money in accountBanks should stop SMS OTP if they don't want customers to lose money unjustly
According to the bank's explanation, from the information provided by the customer, there is a basis to determine that this customer accessed a fake website with the address http://creatingacreator.com/kob/1/index.htm and the customer's information and password were stolen from here.
 |
| Instructions for using Vietcombank's smartOTP software activation (Illustration) |
If the transfer process is correct, the account holder must enter a one-time password (OTP) for the transaction to be carried out. However, the account holder who lost money said she did not receive any authentication code from those transactions.
The bank said there are two types of OTP codes: received via text message and smartOTP. To register for a smartOTP code, customers must be able to log in to the system. However, before that, customers had entered the fake website to enter their username and password, so the criminals had "got the house key" so they could log in and create a smartOTP for use.
According to Vietcomank's instructions for installing and using smartOTP, after successfully downloading the smartOTP application, customers must enter the phone number registered for VCB-SMS Banking service. After that, the application activation code will be sent to the phone number just entered.
Thus, to successfully register for the smartOTP service, hackers still need to use the customer's phone number that was directly registered when using VCB-SMS Banking.
So, should customers receive and send OTP codes for hackers to use and lose money?
On the other hand, if hackers can enter any phone number when registering for SmartOTP (which is not the phone number the customer previously registered when using VCB-SMS Banking service), is this security system secure enough?
Another possible scenario is that a hacker gains control of a customer's device due to the device being infected with malware.
The bank's conclusion is unilateral.
According to lawyer Tran Ngoc Quy (Ho Chi Minh City Bar Association), to verify the responsibility of both parties, we must first consider whether the customer followed the correct transaction procedure or not. However, if the bank concludes that the customer is at fault, it is only a one-sided view.
Customers who do not agree with this conclusion can file a lawsuit to protect their rights.
“Only when there is a legally effective court judgment will it be clear who is right and who is wrong in this case. This is the final judgment, while the bank’s conclusion is only the opinion of one party, not a judgment that customers must comply with,” said lawyer Tran Ngoc Quy.
Agreeing with the above opinion, Lawyer Truong Thanh Duc - Vietnam International Arbitration Center - said that the bank's conclusion is only a unilateral conclusion and if customers do not agree, they can sue in court or request arbitration to resolve the matter.
Whether to file a lawsuit or request arbitration depends on the clause in the original contract between the customer and the bank that states where the dispute will be resolved.
If there are signs of crime or fraud, customers can file a criminal complaint and request the police to resolve the matter.
Vulnerable account means there is a problem with the security system
Mr. Vo Do Thang (Director of ATHENA Cyber Security Center) assessed that mobile banking or Internet banking are very convenient services that banks provide to users, so that they can make transactions quickly and save the most time.
However, the incident of losing money allegedly due to accessing a fake bank link can also make many people worry about the safety and security of their assets in their ATM cards.
Lawyer Truong Thanh Duc said that although no security system is perfect, it is the bank's responsibility to try its best to ensure the highest level of safety for customers' assets.
“Banks can use one way or another, one layer or many layers of security, difficult security level… but the highest goal is still to ensure absolute safety for customers' assets and transactions.
Except for rare exceptions, if an account is easily hacked and money is lost, it means there is a problem with the security system," said Mr. Truong Thanh Duc.
Users must be extremely careful
According to Mr. Vo Do Thang, to protect themselves, customers must be extremely careful when accessing links or downloading banking applications from app markets.
“Customers should carefully read the link to see if it is 100% accurate as provided by the bank before entering the password for the transaction. In addition, do not download banking applications from unofficial sources.
You should only download banking applications from the exact link provided by the bank when introducing the service to customers," said Mr. Thang.
On the banking side, according to Mr. Vo Do Thang, to ensure safety and security, in addition to building a tight security system, we must also take into account the human factor, that is, the people who operate the system.
Mr. Ngo Tuan Anh, vice president in charge of network security at Bkav, also gave advice: users when making transactions on computers should pay special attention not to click on links sent via email or text messages. When needing to access, they should retype that address into the website, because hackers can easily fake websites with interfaces that are exactly the same as the real website.
You should also install security software on your computer or phone to avoid others secretly installing tracking software to monitor our sensitive information.
“We should only install applications from official stores, such as Google Play Store or Apple App Store, and should not install software from floating stores on the internet, because most of these software contain malicious code that can track and monitor information on our phones,” said Mr. Ngo Tuan Anh.
According to Tuoi Tre