Hacker redirects to end user
Internet and mobile phone users in Vietnam are among the highest in the world with 156 million mobile phone connections, accounting for 158.3 percent of the population (according to GSMA Intelligence). Therefore, Vietnam is considered an ideal market for e-wallets because the majority does not like swiping cards. However, the strength of this type of electronic payment is also the “Achilles heel” in terms of security.
“Small to Great”
At a seminar on ensuring the safety of non-cash payments just held in Ho Chi Minh City, speakers from major e-wallets, e-banks and security and privacy companies all warned against technology crime (hacker) is expanding the attack object.
Inadvertent end-users when transacting online will create opportunities for hackers to cheat and appropriate money. Photo: TAN THANH
Accordingly, hackers are not only focusing on financial – banking facilities, but are increasing attacks on end users. The danger is that the new cybercriminals are not only hackers but also scammers with tricks to hit the psyche of ordinary users. Instead of performing system intrusions and stealing large amounts of money, scammers now tend to use user traps to take small amounts of money. The trick of “accumulating small to big” is easier but highly effective because it can trick a large number of users because the victim only loses a small amount of money, so it is often ignored.
Explaining more about this trend, Mr. Ngo Tuan Vu Khanh, Director of Kaspersky Vietnam, said that the solutions to combat payment fraud at the end user side are very limited. Currently, banks and payment services only protect the system, while payment fraud occurs in end users up to 80%.
This security expert analyzes: “Many software has the ability to monitor phone screens, so OTP security is not completely safe. A financial transaction has many activities, software, solutions. Anti-payment fraud measures must monitor and flag behavior before reaching the end user.Banking apps have world-standard security, but it’s just system security rather than anti-fraud. cheat”.
To combat payment fraud, technically, security firms now have tools such as using artificial intelligence (AI), machine learning, deep learning… that can detect transactions on websites Dark web about accounts, credit cards, source code, end-user accounts… Fake Internet Banking links, call centers, apps can also be detected and warned.
Don’t leave it to the supplier
Many major e-wallet providers in Vietnam said that they are increasing the application of AI, machine learning … to immediately detect anomalies in customer transactions to promptly protect safety.
Currently, OTP (one-time password) is used in 2-factor authentication to increase security for account holders. However, this code can be stolen by bad guys with tricks or spyware installed on the account holder’s phone.
Experts warn account holders never to reveal the OTP code to anyone else, not to use the option to receive the OTP code via call (hackers can eavesdrop through software or take advantage of the unconditional call diverting service. ). To avoid screen theft by spyware, mobile device users should install anti-virus and security software for their devices (as they do on computers).
According to Ngo Tran Vu, CEO of Nam Truong Son Security Company – NTSS, scams where hackers take over victims’ accounts and use them to trick their friends are still common, causing many people to fall into the trap. Experiences from other countries show that end-user security neglect is the weakest link and the most difficult to upgrade in the security system’s components. If the end user is not aware of security and is negligent when transacting online, no matter how modern the security system the bank has, it still cannot be protected. In addition, the use of jailbreaking copyright is still popular, security methods are not optimally effective.
Mr. Vu acknowledged: “Many users today have the misconception that they leave security to service providers and trading sites, so they don’t have security software on their devices. Mobile devices have a habit of installing many apps without control, creating opportunities for hackers to attack the device.
To help users, financial service providers, security software providers, mobile device carriers and distributors should work together to provide free security software to customers.
Enhanced anomalous transaction identification
Regarding solutions to combat payment fraud and protect users, according to a representative of Saigon Thuong Tin Commercial Joint Stock Bank (Sacombank), many banks have applied solutions to increase security such as accompanying payment applications. The application has a payment browsing function. This application provides OTP instead of receiving OTP via SMS sent to the phone or providing transaction signing function – this is the highest authentication method according to the regulations of the State Bank. In addition, banking applications and payment browsing applications have device security requirements when installed, increasing security later.
Banks are strengthening identification and identification of unusual transactions to immediately alert customers via SMS, email, and banking applications. A deputy general director of a joint-stock bank said that it is difficult to find a complete solution to combat payment fraud in end users, because tools such as Soft OTP/Token OTP/biometrics… have all been developed. declared but in the end must be protected by the end user first.
T.Phuong
at Blogtuan.info – Source: nld.com.vn – Read the original article here
