Hackers pose growing threat to internet banking system

Hackers attacked more than 1,000 websites last year, double the 2008 figure and three times more than that in 2007, said Pham Viet The, head of the Computing Department at the Ministry of Public Security.

A survey of 40 banks conducted by the Bach Khoa Inter-network Security Centre (BKIS) found that 20 of them were unsecured.

The investigation revealed vulnerabilities in money transfers and discovered that the password recovery function to user accounts could also be used to change the customer’s password. Customer question and complaint forms could be used to install dangerous codes into the server and control the internet banking system, the survey found.

Banking security networks were always at risk of being attacked if they did not have proper management systems, said director of the Ministry of Information and Communications’ Viet Nam Computer Emergency Response Team (VNCERT) Vu Quoc Khanh, adding that the banking sector was a favourite target for hi-tech criminals.

Statistics show that 80 per cent of banks nationwide have established, or planned to establish, internet banking solutions. However, there is an agreement within the sector that internet banking increases the risk that banks will be attacked by network criminals.

Dang Manh Pho, director of the IT Department at the Bank for Investment and Development of Viet Nam (BIDV), said the bank had made significant investments in technology, including a banking security system which accounted for 20-30 per cent of the total costs. The bank spent VND1.6 trillion (US$82 million) on its banking security network in 2009 and another VND1 trillion ($47.6 million) in 2010.

BKIS experts offered solutions for banks to overcome the risks to their internet banking systems, such as independent assessments to determine the weaknesses in their systems combined with application of ISO 27001 standards on information security management, overall computer anti-virus solutions and digital signature certification to secure bank transactions.

Nguyen Minh Duc, general director of BKIS, said the existing vulnerabilities in network securities at Vietnamese banks was attributed to the lack of an independent security assessment process of internet banking systems as well as a lack of standards on information security. — VNS