Financial institutions are reporting losses in the billions. According to a whitepaper published by Accenture titled ‘Unmask digital fraud today’ on digital fraud, the expected global loss associated with transaction fraud is worth at least US$31.3 billion.
The advances in technology and high-speed internet have transformed the payment market, giving financial institutions unprecedented access to consumers. Unfortunately, it has brought with it new-age hackers who have unleashed new threats, making financial institutions and customers prone to online data fraud.
Southeast Asia is the most vulnerable region to fraud compared to the rest of Asia Pacific (APAC). A 2019 report by AppsFlyer, titled, ‘Fraud rising: How bots and malware are compromising APAC’s Apps’, found that Southeast Asia’s losses accounted for 40 percent of the total estimated fraud losses in APAC which totalled US$650 million. The report revealed that finance apps have the highest rates of fraud in the region, perhaps due to the higher pay-outs they offer and their popularity as the third-largest app category.
Bot attacks is the leading method of fraud in the region with an average of 64.2 percent across six Southeast Asian countries: Vietnam, Malaysia, Singapore, Thailand, the Philippines and Indonesia. The highest prevalence of bot attacks in the region is in Vietnam (87.1 percent), Singapore (66.3 percent) and Indonesia (58.6 percent). Thailand and Malaysia’s finance platforms are more prone to click flooding, while finance apps in the Philippines’ are more susceptible to install hijacking (50.3 percent).
The report cited Southeast Asia’s significant scale of markets and high mobile internet penetration rates as contributing factors for fraudulent activities online. According to We Are Social and Hootsuite's latest Global Digital 2019 report, there were 391 million mobile internet users in Indonesia, Thailand, Malaysia, Singapore, Philippines, and Vietnam in 2018.
Another reason for the region’s high fraud rates is the share of Android devices in the region which accounts for four times the rate of fraud for iOS devices. The report also says that due to few resources and higher prices, many app developers are forced to buy from media sources with a lower price point, where fraud is more prevalent, thus exposing themselves to heightened risks.
Security risks in Vietnam
The AppsFlyer data showed that in March 2019, Vietnam’s fraud rate in the finance sector was 58.2 percent, the highest in Southeast Asia. According to Grant Dennis, CEO of PwC Consulting Vietnam, the country’s anti-fraud measures may not be developing at the same pace as the economy. PwC published a report in 2018 on fraud, focusing on Vietnam, and found that 52 percent of the 7,000 respondents in 123 territories have suffered economic crime/fraud in the past two years. The most common fraudulent activities were asset misappropriation (40 percent) and bribery and corruption (36 percent).
According to the report, 46 percent of Vietnamese polled had performed a general fraud risk assessment, with almost half of them saying they had been targeted by cybercrime in the past two years. When asked how fraud was detected, 16 percent of respondents said it was by internal tip-offs or by accident. Only three percent of fraud was detected through internal audits.
And the damage is not just financial. Marcus Paciocco, director of forensic services at PwC Consulting Vietnam, said that "even though the non-financial damages may not be quantifiable, they can lead to potentially worse consequences than financial loss, such as irreversible damage to their organization’s reputation and employee morale."
Vietnamese banks also face challenges in network security and inadequate legal framework brought on by digitalisation. Based on a Bank for Foreign Trade of Vietnam (Vietcombank) statistic, 94 percent of banks are investing in digitisation while 42 percent of them consider digital banking a top priority. According to a 2018 Ernst & Young Vietnam report, 8,319 cyber-attacks on banks occurred in 2018 and 560,000 computers were known to be affected by malware capable of stealing bank account information. Vietnamese banks are facing a potential loss of US$642 million caused by computer viruses.
At a recent Vietnam Banking Conference in Ho Chi Minh City, Lê Anh Dũng, deputy head of the State Bank of Vietnam’s Payment Department, said that “in Vietnam, security risks such as fraud, customer fraud, network attacks on bank infrastructure, and user data leakage are rising.” Dũng said that the government of Vietnam should develop a legal framework for user data security and information security to create a safe and reliable digital transaction system.
Future adoption of new technologies is expected to grow in finance, and financial institutions must stay alert and treat fraud as an ongoing initiative. Until financial institutions find a way to prevent fraud, there is a real risk of credibility and trust loss.
Intensifying ASEAN’s cybersecurity efforts