Strengthening banking cybersecurity

The pace of digital transformation in Vietnam’s banking and finance sector is accelerating faster than ever. Cashless payments, digital banking, electronic identification, AI, and digital finance platforms are fundamentally reshaping how people transact, store assets, and access financial services. Behind every interaction, however, no matter how brief, lies a quiet battle between convenience and risk; between speed and security.

According to the National Cybersecurity Association, one in every 220 smartphone users falls victim to online fraud. More than half of agencies, organizations, and businesses in Vietnam have reportedly experienced cyberattacks. This has created an urgent need to strengthen risk management capacity, safeguard customer data, and enhance cross-sector coordination in combating high-tech crime.

At the “Building a Digital Trust Ecosystem for Sustainable Financial Growth” panel discussion, held within the Digital Trust in Finance 2026 forum, experts argued that the issue today is “no longer simply whether to pursue digital transformation or whether to adopt AI,” but rather “who will lead and how will stakeholders work together to ensure a transparent, secure, and trustworthy digital financial environment.”

Downside of AI in banking

Mr. Hoang Minh Tien, Deputy Director General of the Information Technology Department at the State Bank of Vietnam, said more than 70 per cent of credit institutions in Vietnam have already adopted AI in their operations. Many banks now record as much as 95-99 per cent of transactions through digital channels. However, he stressed that AI is also reshaping the risk profile of the banking and financial sector, particularly in fraud, impersonation, and cyberattacks.

Mr. Vu Duy Hien, Deputy Secretary General and Chief of Office at the National Cybersecurity Association, said AI is enabling cybercriminals to reach an entirely new level of sophistication. “Previously, carrying out a cyberattack required hackers to spend a great deal of time and effort preparing,” he said. “Today, AI has dramatically shortened that timeframe.”

In just seconds, AI can generate fake videos using a bank executive’s voice, impersonate advisors, or even mimic family members to request money transfers. Fraudulent websites and phishing emails can now be created faster and are increasingly difficult to detect.

According to Mr. Hien, this is an era of “AI versus AI.” One side uses AI to develop services, while the other exploits the same technology to commit fraud, leaving users increasingly unable to distinguish real from fake.

In the AI era, data has become a strategic asset, but it can also become the greatest vulnerability. Mr. Tien noted that AI relies heavily on data, and the banking sector processes enormous volumes of information, from identification and biometric data to account details, transaction histories, and financial behavior. More concerning, even anonymized data can potentially be reverse-engineered by AI models to recover personal information. “If data is not tightly governed, properly segmented, encrypted, purpose-controlled, logged, and monitored, then data itself, the bank’s strategic asset, could become its greatest vulnerability,” he warned.

Anti-fraud race

Mr. Nguyen Hung, CEO of TPBank, said the bank processes between 5 million and 7 million transactions each day. Without AI, “it would certainly be impossible to control,” he added, but the convenience also comes with an intense battle against fraud.

Bank data analysis, he went on, found that in most fraudulent transactions, once money reaches the destination account, it is transferred again within just 40-45 seconds. “After a few minutes, it has already moved through ten banks and eventually converted into cryptocurrency or another form for cash withdrawal,” he explained. That speed makes tracing or freezing funds extremely difficult and is one reason the banking sector has been forced to rethink fraud prevention.

Biometric authentication following Project 06 on Developing Resident Data and Electronic Identification and Authentication Applications to Support National Digital Transformation in the 2022-2025 Period, with a Vision to 2030, has significantly reduced fraud risks. However, criminals have quickly adapted. “Criminals are increasingly shifting to opening corporate accounts, setting up companies to create accounts, and using them to channel money,” he said.

Experts noted that the race between financial institutions and cybercriminals is continuous. While banks strengthen biometric authentication, behavioral monitoring, and AI-powered transaction analysis, fraud networks constantly evolve their methods to bypass protection systems.

Notably, banks are no longer merely institutions for deposits and lending, but are gradually becoming digital platforms, “a service that can be embedded into the products, services, and applications of other organizations,” Mr. Hung said.

This means the digital financial ecosystem is becoming increasingly interconnected: banks are linked to fintech companies; e-wallets connect with social media platforms; payment systems integrate with e-commerce; and data moves continuously across multiple layers of platforms. According to Mr. Tien, when one link fails, risks can spread rapidly, creating systemic risks.

When many organizations rely on the same AI model or depend on a handful of major technology providers, a single disruption can simultaneously affect multiple financial institutions. “AI risks do not stop at individual models or individual banks, but can spread through technology connections, data, suppliers, markets, and automated decision-making,” Mr. Tien warned. As a result, protecting customers is no longer the responsibility of a single bank, but of the entire ecosystem.

Human factors remain decisive

Speaking at the seminar, many experts emphasized that AI cannot replace humans. “AI is very good at reading documents and summarizing information, but very poor at taking responsibility,” Mr. Thai Tri Hung, Chief Technology Officer of MoMo, told the gathering. “Therefore, the final decision must still rest with people.”

Mr. Tien also argued that AI-driven decisions directly affecting customer rights, such as credit approvals, limits, or rejected transactions, require human oversight mechanisms. This is not only a matter of technology, but also one of ethics, transparency, and accountability.

According to experts, though AI is playing an increasingly important role in banking operations, human judgment remains decisive in risk management and customer protection. “The more powerful the technology, the greater the responsibility for governance,” Mr. Tien emphasized. “The smarter AI becomes, the higher the demands for transparency, security, and accountability.”