TRƯỜNG ĐẠI HỌC KINH TẾ

KHOA TÀI CHÍNH – NGÂN HÀNG

----------

GROUP PRESENTATION

Topic 5: Risk management of E-banking

Instructor: ThS. Phung Thi Thu Huong
Class: 211_FIB3062 - E 3
Group 1: Nguy Huy Tu
Vu Thai Duy
Luong Cao Trung Hieu
Nguyen Khanh Huyen
Nguyen Thi Thanh Ngan
Trinh Huu Viet Anh

Ha Noi - 2021
Introduction...........................................................................................................1
Main content.........................................................................................................1
I. Overview of e-banking...................................................................................1
1. The concept of e-banking............................................................................1
2. Classification of e-banking..........................................................................1
II. Risk management in e-banking operations.................................................2
1. Risk..............................................................................................................2
2. Risk management........................................................................................2
3. Classification of risks in e-banking activities...............................................2
4. Classification of risks in E-banking activities..............................................3
III. RISK MANAGEMENT IN E-BANKING ACTIVITIES IN VIETNAM..3
1. Overview of e-banking in Vietnam.............................................................3
2. Risk management in Vietnam's bank..........................................................4
a. Operational risks in e-banking activities at Vietnamese commercial
banks...............................................................................................................4
b. Strategic risk management in e-banking activities at Vietnamese
commercial banks...........................................................................................6
c. Reputational and legal risk management in e-banking activities at
Commercial Banks in Vietnam......................................................................8
IV. Evaluation of risk management activities in the operation of Vietnamese
banks10
1. Strengths:...................................................................................................10
2. Limitations:..................................................................................................11
V.  Solutions to improve risk management of Vietnam's e-banking operations 12
1. On the state side........................................................................................12
1.1. Promulgate legal documents, create legal corridors for e-banking
activities........................................................................................................12
1.2. Unified orientation on application of necessary technology platforms
and safety standards......................................................................................13
2. On the commercial banking side...............................................................13
 2.1. Strategic Risk Management................................................................13
2.1.1. Establish an effective risk management monitoring mechanism.....14
2.1.2. Focus on quality of personnel............................................................14
2.2. Operational risk management.............................................................15
2.2.1. Evaluation and approval of the basic contents of the bank's security
control process..............................................................................................15
2.2.2. Authentication and the rights of customers when making
transactions over the Internet.......................................................................15
2.2.3. Protect the integrity of e-banking transactions, records and
information...................................................................................................16
2.3. Management of legal and reputation risk............................................16
2.3.1. Provide full information about the bank..........................................16
Reference............................................................................................................18
 Introduction
Today, the development of science and technology, especially
information technology, electronics and informatics, has impacted all aspects of
life, socio-economic activities, changing the perception and methods of
production and business of many fields, many different economic sectors,
there's a banking sector there. If in other fields, information technology is only
to help the management, but for the banking industry, this is a part of the
business. The development and competition trend of banks based on advanced
technology - e-banking activities - is an inevitable and objective trend in the era
of international economic integration. In fact, e-banking brings many benefits to
customers, banks and the entire economy.
However, the "race" into this market occurs quite a lot of problems in
terms of risk. Therefore, studying the situation and finding solutions to improve
risk management capacity in e-banking activities is something that Vietnam's
banking industry in general and commercial banks in particular always aim for.
Therefore, we aim to analyze and clarify the topic: "Risk management of e-
banking"

Main content
I. Overview of e-banking

1. The concept of e-banking. 

Electronic banking is a service that uses computers and telecommunications to

allow banking transactions to be performed via telephone or computer rather
than through direct person-to-person contact. Its features include electronic
money transfers for retail purchases, automated teller machines (ATMs), money
transfers, and bill payments. Some banks offer home banking, whereby a person
with a personal computer can perform transactions, either through a direct
connection or by visiting a website. Electronic banking has greatly reduced the
transfer of cash from one place to another or even from one person to another.

2. Classification of e-banking.

– Internet Banking: banking transactions via the global Internet;

– Phone Banking: banking transactions via phone network;

 – SMS Banking banking transactions via SMS of mobile phones;

– ATM: banking transactions through the ATM system;

– WAP Banking: web banking transactions on mobile phones;

– Call Center / Contact center: answer questions, provide information and

conduct banking via telephone switchboards;

– Mail Banking, Fax Banking, Video Banking: banking transactions via email,
Fax, Video

II.  Risk management in e-banking operations

1. Risk 

    -  Dynamic risks are risks associated with change, especially in the economy.
Those are risks whose consequences can be beneficial, but can also bring losses
(changes in customer tastes may be suitable for the product that the business is
trading or not, Is the change in technology suitable with the financial capacity
of the business, is the change too fast or not? ...)

  -  Static risks are risks, the consequences of which are only related to the
occurrence of loss or not, but not the ability to earn, and are not affected by
changes in the economy. Static risks are often related to objects: property,
people, civil liability. 

2. Risk management

     -   Risk management is a process that includes activities to identify,

analyze, measure and evaluate risks, in order to find measures to control and
overcome the consequences of risks for business activities. for optimal use of
business resources.

3. Classification of risks in e-banking activities.

- Strategic risk: is fluctuations in income and capital arising from adverse

business decisions, improper implementation of decisions or from changes in
the bank's operating environment.

- Operational risk: is the risk that arises from the possibility of damage to the
bank due to the failure of the system to ensure the necessary consistency and
level of reliability.
 - Reputational risk: is the risk of bad public opinion about the bank, causing
serious difficulties for the bank in accessing capital or customers leaving the
bank.

- Legal risks arise from violations, or from non-compliance with established

laws, regulations or practices, or from unclear regulation of the parties' legal
rights and obligations with respect to the transaction.

- Other risks:

+ Credit risk: is the risk that a counterparty will not pay a debt in full,
whether this occurs at the time the debt is due or any time thereafter. Usually
occurs in credit cards, when the cardholder is unable to pay or does not fully
pay the credit card expenses.

+ Risks of information security: are risks of common types of fraud in

electronic payments such as: Stealing security information to appropriate the
right to use electronic bank accounts/cards, Specifically, crooks steal/collect
customer's card/e-banking service security information (account number,
password, OTP code, PIN code...) then appropriate the right to use the account
to profiteering.

4. Classification of risks in E-banking activities.

  Strategic risk: is fluctuations in income and capital arising from adverse

business decisions, improper implementation of decisions or from
changes in the bank's operating environment.

 Operational risk: is the risk that arises from the possibility of damage to
the bank due to the failure of the system to ensure the necessary
consistency and level of reliability.

 Legal risks arise from violations, or from non-compliance with

established laws, regulations or practices, or from unclear regulation of
the parties' legal rights and obligations with respect to the transaction.

 Reputational risk: is the risk of bad public opinion about the bank,
causing serious difficulties for the bank in accessing capital or customers
leaving the bank.

III. RISK MANAGEMENT IN E-BANKING ACTIVITIES IN VIETNAM

 1. Overview of e-banking in Vietnam

It can be said that the Vietnamese banking system has started to

participate in the electronic distribution channel environment since officially
joining the SWIFT system in March 1995. In May 2002, the interbank
electronic payment system officially opened to allow credit institutions to
develop retail and wholesale banking services.

Figure 1: Interbank electronic payment model

Bank A Bank B

1
5

Processing center
Ly Ly Center
2 Ly Ly Center 4

Payment/Settlement Cent bank

3

Source: Banking Vietnam 2007

Currently, e-banking services are provided by Vietnamese commercial

banks through the main channels as follows: banking through automated
transaction machines, banking through card acceptance system, banking via
computer network (Home-banking and Internet-banking), automatic telephone-
banking and mobile-banking.

2. Risk management in Vietnam's bank

a. Operational risks in e-banking activities at Vietnamese commercial
banks

Vietnam is in the early stages of implementing e-banking applications,

social awareness as well as the level of application of people and businesses is
still relatively low. Disruptive behaviors and high-tech crime tend to increase,
affecting consumers' confidence in this relatively new type of service. The form
of crime is quite diverse, from forging ATM cards, stealing passwords to
unauthorized intrusion into the bank's database system.
According to a survey by the BKIS Center for Cybersecurity, a type of
large bank has vulnerabilities in information systems that make it possible for
hackers to break in. Most banks do not have a cybersecurity policy. Banks often
hire partners to write their own software. Insecurity occurs when they don't put
cybersecurity provisions on the contract. The problem is that banks are not
aware of the importance of cybersecurity, so there is no cybersecurity policy.
The most visible are the vulnerabilities on the website system, the vulnerability
of the operating system has not been patched in time ... With these
vulnerabilities, hackers can take control of the server, thereby raising access or
collecting information to gain control of other banking systems. Unfortunately,
the above issue is not uncommon in Vietnam.
In recent years, Vietnam's central banks have suffered great losses due to
operational risks when deploying e-banking services, which are mainly caused
by human factors.
On the bank's side, it can come from the staff. For example, employees
mistakenly deposit money into a tray of money with other denominations. And
there are risks arising from the process, when the issuing bank sends the card
and PIN to the card by mail but does not follow the principle of sending with
two separate envelopes at different times, so that card and PIN are stolen for
use. Recently, Eximbank employees fraudulently opened credit cards when
authorized to carry out packages from marketing, appraising information to
handing cards to customers.
For cardholders, the risk is mainly due to accidentally exposing the PIN
number and losing the card without notifying the issuing bank, then by
coincidence, someone else gets the card, knows the PIN number and they use it
to withdraw ATM cash. More than 60% of cardholders are always
accompanied by someone else when operating at an ATM, which cardholders
should have done alone.
The expansion of e-banking services requires an increase in technology
and comes with new security risks. On the other hand, the opening up to
integration and the strong development of banking and financial services,
especially electronic services, has blurred the limits of space, creating favorable
conditions for high-tech crime. On the other hand, the risk management
experience is not much, the card management system has not been
standardized...Vietnamese banks are now being targeted by international high-
tech criminals, while domestic hackers have also acquired new knowledge and
technology and started moving from pure sabotage to self- profit activities.
Fraudsters have attached a reading device to a card swallowing drive on an
ATM or bank computer system to steal customers' account information, thereby
easily producing multiple fake magnetic cards. Worse, it happens that the bank
employee or unit accepts the card as an "insider" and abeves the theft. They also
attached a camera that allows close-ups of the keyboard on the ATM to steal pin
numbers (passwords) that access the cardholder's account from a fake card.
However, the crux of the problem is that most Vietnamese banks currently only
issue magnetic cards, which are highly susceptible to counterfeiting if fraudsters
hold data on the track of the magnetic strip (card number, first character symbol
symbol structure and end of bank-registered number) or CIF information,
customer code and customer account information. In addition to the current fake
card, criminals also combine placing fake ATMs or attaching skimming devices
to card readers at ATMs or EDC devices at card acceptance points (POS).
There are also risks beyond the bank's controls that are a nuisance to
customers. For example, if you are trading without power, the ATM does not
work, the user cannot draw the card to use in other machines, and it is not
known if the transaction order has been recorded at the center or not. Or the
state of telecommunications network infrastructure for mobile-banking services
is not really good to ensure that messages are sent quickly and smoothly.
Because when buying items or needing to pay urgently the purchased item,
customers send a message asking for payment but the message is stuck at any
"stage": from the customer to the bank, or from the bank responding ... The
transaction is unlikely to be successful…
b. Strategic risk management in e-banking activities at Vietnamese
commercial banks
In the project "Modernizing IPCAS customer accounting and payment
system" funded by the World Bank, the Bank for Agriculture and Rural
Development has developed a security policy for Agribank's entire system.
First, protect the service delivery system (server system), including:
- Network protection: use a 2-layer firewall, applying intrusion detection
equipment to the network and to the server.
 - Application and system protection: control application vulnerabilities,
especially web applications. The next-generation firewall application has anti-
attack layer application, anti-virus, system access control, data encryption on
the server...
Second, protect transactions including: Encrypting transaction contents,
ensuring confidentiality; Ensuring the integrity of the transaction, any changes
must be detected; Identify the origin of the transaction, ensure against rejecting
transactions or transactions from fake sources. The technical measures that
protect these transactions are encryption, digital authentication, and digital
signatures.
Third, protect the trading clients. Use hard cards for authentication,
antivirus and Trojan, use personal firewalls...

Figure3: Agribank's security policy

Source: Agribank, Banking Vietnam Conference 2007

Some other security measures
In the face of the growing prevalence of card fraud, banks have taken
concrete measures to minimize risks for customers and for banks:
- Install a surveillance camera system at automated teller machines: each
ATM is equipped with 3 cameras, of which 2 are placed in different discreet
locations that can observe and record the face of the customer withdrawing
money and where the customer receives money from the machine. The entire
keyboard on the ATM is not within the camera's view, so the security is pinned
to the customer. The third camera is placed at the back of the ATM to control
the operations on the bank staff's machine. The ATM system of VCB Bank and
EAB bank has successfully implemented this measure, limiting many risks for
customers, and responding reasonably when complaints arise.
Figure5: Monitoring/monitoring with IP camera - Sony's solution

Source: CMC System Integrating Company, Banking Vietnam 2007

ATMs with security software exclude strange devices, allowing only pre-
programmed devices to be able to start the system, that any strange equipment is
added to the machine, the whole system will stop working and the center will
know immediately to check and handle. The on-board keyboard is also
encrypted so that it is difficult for the subject to steal the guest's secret code.
c. Reputational and legal risk management in e-banking activities at
Commercial Banks in Vietnam
After the impressive growth of e-commerce activities, banks have faced
reputational and legal risks when a series of complaints from customers about
the quality and safety of services:
 Firstly, the situation of ATM system does not work due to transmission
errors, clogging, technical failures occur frequently, especially during
holidays and Tet holidays.
 Second, some customers complain about the loss of funds in the account
without adequate explanation. In the majority of card risk complaints, the
 reasons indicated came from customers, because they were not careful when
preserving the card and the secret code, because they forgot the amount they
had spent... However, there are cases where customers are very upset
because they have given enough evidence that the risk does not come from
their side but is still rejected by the bank. So many people draw their own
conclusions: if there is a risk, the bank is always right, and the customer
always suffers. Many customers have developed insecurity, some even
refuse to use the card to prevent risk.
Thus, along with the strong growth of ATM-banking, the legal and
reputational risks in this service that the bank faces also increase. In these
disputes, both banks and customers have their own way of arguing, everyone
thinks they are right. The end result is that both sides are damaged. The real
thing of the customer is money, time, and the realness of the bank in addition to
the cases of material compensation is also the reputation, and the customer's
trust in the bank, these are the biggest losses and once lost, it is not easy to get it
back.
In many countries, when there is a risk, banks often apply in the form of:
customers are always right, i.e banks will temporarily suffer. The proof that the
user intentionally violated the duty of the court and if any will be handled
according to the law. However, in Vietnam some cases reflect the opposite
situation. Most of the money withdrawn from the account is considered as the
customer has withdrawn money.
Many people believe that the State Bank of Vietnam licenses banks to
provide card services but has not taken measures to protect consumers' rights.
Currently, legal documents can be applied to ATM transactions with only 3
documents:
 Decision No. 371/1999 of the Governor of the State Bank of Vietnam on the
promulgation of regulations on issuance, use and payment of bank cards
 Decision 349/2002 on the promulgation of regulations on the development,
allocation of management and use of security key codes in the interbank
electronic payment system
 Directive No. 02/2004 on strengthening the work of ensuring safety in
interbank electronic payment activities.
However, none of these three documents have clear and specific
provisions that can apply to the case of a customer losing money in a card
account. The only legal basis for resolving disputes between card users and
 banks is the card registration contract. And customers complain that vietnam's
legal system has not adequately protected the interests of consumers.
In the card issuance regulation, there is also no provision that the card
issuer must ensure the quality of service. An important issue in legal risk
management is ensuring the availability of service delivery. However, service
disruptions still occur, typically on February 19, July 7, August 5, September 1,
2004, and most recently on Feb. 1, 2004.
31/10/2007, with large numbers on Vietcombank's ATM system.
Especially on Tet holidays, ATMs often have to stop providing services due to
machines not provide enough money when the amount of cash withdrawn
skyrockets. The reason for this situation is that banks have not calculated the
number of customers in each region to upgrade the service to match the
demand, even on the holiday when the machine runs out of money, there are no
bank employees to deposit.
IV. Evaluation of risk management activities in the operation of Vietnamese
banks
1. Strengths:
Quickly adapt to market fluctuations
Currently, most Vietnamese commercial banks are in the early stages of
implementing e-banking services, however, the implementation is on a narrow
scale, mainly in big cities. With an increasing number of commercial banks
participating in this service, it is difficult for banks to gain a large market share.
But this can be considered as one of the advantages of banks. Because with such
a small market share, market fluctuations have little impact on the bank's
activities, the bank can quickly come up with measures to adapt to such
fluctuations.
Begin to realize the importance of safety and security
Given the complex nature of e-banking activities, banks have realized the
importance of customer information security. In the project of modernizing the
payment and customer accounting system of the World Bank, a number of
banks such as Agribank, Vietcombank, etc. have developed security policies for
the information system. Banks have started to equip ATMs with cameras,
whereby complaints will be resolved more quickly and to the satisfaction of
both parties. Customers do not have to be upset because they do not understand
why they have lost money, and the bank will solve the complaint in the shortest
time while still retaining the trust of the customer.
The language used in the transaction is easy to understand
The system of terminals is installed with easy-to-use software. With both
Vietnamese and English functions, including ATMs that support voice function,
it has created conditions for people to easily use the service.
2. Limitations:
Limitations in strategic risk management
- Risk assessment is still weak. The bank's service development plans have not
specifically identified risks that may cause damage to the bank, and the
allowable damage level cannot be estimated, so no specific supervision
measures have been proposed. and risk prevention.
- Products and services are still monotonous. The utilities on the distribution
channels are relatively similar, especially new distribution channels such as
Internet-banking, phone-banking, etc., mainly for information retrieval, but no
transaction facilities. There is no big difference between banks, so they cannot
create their own competitive advantages. In some cases, when one bank
launches a new service, another bank quickly imitates it, but lacks the depth of
technology investment, which leads to a loss of trust among consumers.

Limitations in operational risk management

- Security issues, safety is not good. Measures to authenticate customer
transactions are simple. The most common method currently applied by banks is
through passwords and PIN numbers, causing inconvenience to customers as
well as creating conditions for high-tech criminals to steal account information.
On the other hand, in the card business, banks are still slow to switch from
magnetic card technology to chip card.

Limitations in reputational and legal risk management

- Not providing enough information for customers. Most banks admit that the
race to expand market share makes them not pay enough attention to warn
customers about the risks when participating in online transactions. At
transaction points or on the bank's website, there are almost no safety
instructions when using the service, but only instructions on how to use the
service. For example, when a new customer uses a card, usually the bank must
provide the customer with specific instructions on risks, how to set up
passwords, responsibilities of each party, etc., such as the appendix of the
contract, In Vietnam, banks only provide brochures introducing services and
banks without specifying the responsibilities of each party. is oral. “In a card
market that is still in its infancy, overemphasizing risk may discourage
customers from using the card” is the bank's explanation for this problem.
- The stage of handling customer complaints is not good. In most of the
complaints related to the risk of using the card, the reason indicated that the
bank comes from the customer, because they are not careful when keeping the
card and secret code, because they forget the accounts. I have spent... But there
are cases where there is not enough evidence that the risk does not come from
the customer but the bank denies their responsibility. Meanwhile, in many
countries, if the customer's fraud cannot be proved, the bank must completely
bear the measurement loss. Therefore, a bad public opinion has been formed: if
there is a risk, the bank is always right, and the customer always suffers. Many
customers have developed insecurity, some even refuse to use the card to
prevent risks.
- The level of readiness to provide services is not high. The problems of denial
of service often occur such as the machine running out of money, power
failure... causing many inconveniences to customers. Some banks cut off power
to ATMs in low-demand areas at night, making the 24/7 ATM service
meaningless. In fact, Vietnamese law does not have any regulations requiring
service providers to ensure quality as well as measures to protect consumers.
V.  Solutions to improve risk management of Vietnam's e-banking
operations
1. On the state side
1.1. Promulgate legal documents, create legal corridors for e-banking
activities
We are just taking the first steps in the development of e-commerce in
general and e-banking in particular, and must build a legal foundation for these
activities to develop.
The Law on Electronic Transactions promulgated by the National
Assembly on November 29, 2005 and effective since March 1, 2006 has had a
great impact on electronic transaction activities. Basically, the Law on E-
Transactions has covered most aspects of e-commerce transactions such as
acknowledging the legality of e-messages, electronic signatures, electronic
authentication, electronic contracts, inspections and dispute settlement terms,
violate. However, e-transactions still do not fully express the unique
characteristics of e-commerce, so it is necessary to document under the law.
The Decree on e-commerce issued by the Government on June 9, 2006 is the
first decree to concretize the law on e-transactions. The decree focuses on e-
vouchers and state management of e-commerce. Currently, the banking sector
has issued documents under the law as the basis for safer and more effective e-
banking activities:
+ Decision No. 35/2006/QD-NHNN on the principle of risk management
in e-banking activities issued on July 31, 2006.
+ Decision No. 04//2006/QD-NHNN on regulations on safety and
security of information technology systems in the banking industry issued on
January 18, 2007
+ Decree No. 35/2007/ND-CP on electronic transactions in the banking
industry issued on March 8, 2007
Besides, the completion of legal provisions specifying each type of e-
banking, on the rights and obligations of the parties involved in e-commerce
transactions, as well as regulations on the application and development of e-
commerce such as security, intellectual property rights, laws on data protection
of personal information, consumer protection, security, computer crime ... In
accordance with international practice.
1.2. Unified orientation on application of necessary technology platforms
and safety standards
The policy mechanism in accordance with international standards is the guiding
basis for banks to carry out modernization. Therefore, the State Bank must
orient on technology development as the basis for credit finance to implement
uniformly. Promulgate mechanisms and operations in accordance with
international standards so that when banks modernize technology, these
regulations are applied compatible with modern technology. 
The State Bank should have a unified orientation on the application of the
technology platform and safety standards necessary for the development of the
payment system. modern and safe; develop coordination mechanisms in early
detection and prevention of fraud and card tampering; Developing regulations
on risk provision for banks in the field of e-banking in general and operational
risks in particular is an urgent and important issueto facilitate banks that have
been and will participate in electronic distribution channels in Vietnam. In
parallel, it is necessary to implement synchronously throughout the banking
system, creating unity and minimizing costs incurred during the transition.
2. On the commercial banking side
2.1. Strategic Risk Management
2.1.1. Establish an effective risk management monitoring mechanism
- Implementing E-banking, managers and bank officials need to be fully aware
of the complex nature of E-banking applications and must have certain
knowledge of banking techniques and technologies. This is necessary whether
the bank's e-banking systems and services are directly managed or leased third-
party services. Monitoring procedures should be carried out regularly and
effectively to detect and promptly handle any risks arising or any illegal
intrusions that may appear in e-banking systems.
- Risk management processes for e-banking activities must be integrated into
the bank's overall risk management mechanism, and the bank's risk management
policies and procedures should be regularly reviewed, revised and upgraded in a
timely manner to ensure the appropriateness and ability to handle new risks. E-
banking activities now as well as in the future. The things to consider include:
Assess the risks associated with e-banking of banking institutions.
+ Establishing reporting mechanisms, procedures and work schedules to ensure
the security and management of banking activities are carried out in a
reasonable manner (such as: unauthorized cyber intrusion, breach of employee
security and any excessive abuse in the use of computers).
+ Detect potential risk factors to make plans to ensure security, integrity and
originality of E-banking products and services.

2.1.2. Focus on quality of personnel

Employees need to be equipped to coordinate closely between the two
areas of banking and information technology to be able to:

 Improve the information technology level of professional staff and managers

of banks, helping them to actively orient and choose the latest technologies
for banks
 Fostering economic knowledge, banking professions, updating modern IT
knowledge for IT professionals throughout the banking industry to be able to
apply the latest technologies in the banking industry.
 Build trained and empowered technical teams to analyze systems, detect
arising and promptly handle e-banking-related emergency situations.
Besides professional knowledge, recruiting staff with good ethical
qualities is also one of the measures to help banks develop the bank's banking
operations in the safest and best way. Because, no matter how modern the
technology is, a certain stage in the processing must have the impact of the
human hand. Therefore, in addition to the first thing to do is to modernize to
minimize those impacts in the process of processing, the next step for the stages
and steps that cannot be automated, it is necessary to have honest and
responsible employees in the job, then come the inspection and control stage to
make sure no fraud can be done.
2.2. Operational risk management
2.2.1. Evaluation and approval of the basic contents of the bank's security
control process
The bank's security control system should be regularly upgraded and maintained
continuously to ensure the safety of E-Banking technology and data systems,
avoiding threats arising from within or from the outside. This means
establishing reasonable decentralization, strict data and logic access control, and
strict infrastructure security controls in order to maintain permissible limits for
both internal and external users.
E-banking has a rapid growth rate in the Internet environment; To ensure
effective security controls on e-banking activities, the Bank needs to develop a
comprehensive security process, including policies, procedures, and identify
potential threats. The basic elements of an E-Banking security process include:
• Assign tasks to each manager/expert in overseeing the establishment and
maintenance of privacy policies.
• Data control, logical control, and close monitoring of processes aimed at
preventing unauthorized access from within and outside to databases and E-
banking applications.
• Regularly check and evaluate security control solutions and procedures at all
stages; develop security solutions, upgrade software, service packages and other
necessary methods.

2.2.2. Authentication and the rights of customers when making

transactions over the Internet
Using trusted methods to identify and check customer authority, monitoring
customer activities during account activation is one of the necessary tasks to
minimize risks customer information is stolen, forged or illegally transferred.
- A number of authentication methods can be used: PIN number, password,
smart card, biometrics and digital authentication. The process can combine
some of the above factors together to increase safety. Through the assessment of
the potential risks of the E-Banking system to choose the appropriate
authentication method.
2.2.3. Protect the integrity of e-banking transactions, records and
information
Data integrity protection in E-Banking transactions is understood as
information in a state of transfer or retention that will not be changed without
permission. If the data integrity of transactions, records and E-banking
information is breached, it will result in financial, legal and reputational risks.
E-banking transactions are usually transmitted over a public network,
making it vulnerable; Therefore, banks need to have solutions to ensure the
accuracy, integrity and reliability of transactions, records and information.
Some measures to protect data integrity in e-banking environments:
E-banking transactions and records should be saved, checked and
changed in the best possible way to limit unauthorized access throughout the
entire processing process.
• E-banking transactions and record-saving processes must be carried out
in a modern technological environment, which is eligible for control, prevents
unauthorized access, and limits risks.
Control policies should be reasonably changed, in order to prevent
unauthorized changes to the E-banking system, which may negatively affect the
control process or reliability of the data.
• Any errors or changes in E-Banking records or transactions, must be
controlled through the transaction processing and monitoring function.
2.3. Management of legal and reputation risk
2.3.1. Provide full information about the bank.
In order for potential customers not to have to guess when concluding
about the legal status and status of banks before participating in electronic
banking transactions to avoid reputational risks, banks should ensure to provide
sufficient information on the website, For example:
 Bank name and head office address (and branches if possible)
 The banking supervisory authority with the authority and responsibility to
supervise the bank's head office
  Method of contacting customer service center about service issues,
complaints, suspected accounts misused ...
 Methods of approaching and using a customer's complaints tool or
complaints program
 Access to information about refunds or deposit insurance levels and the
level of protection afforded to customers (or the link to websites that
provide this information)
 Other necessary information or as required by law.
 Meet the requirements of legally appropriate customers
Securing customers' own information is an important task of each bank when
performing e-banking. In order to meet the challenges associated with the
security of information for customers, banks need to ensure that:
- The development and application of policy mechanisms and standards on
information security of customers need to comply with the provisions of law;
Dissemination of security knowledge related to the use of E-banking services
and products
Customers may refuse to share information related to their personal,
interests, financial position or banking activities with third parties
Customer data is not used outside the scope of permission.
- Implement the provisions of the law on ensuring the privacy of customers
when third parties access data through relationships with banks.

Conclusion:

E-banking services have become popular in developed countries but are

relatively new in developing and underdeveloped countries. In Vietnam,
although it is still a toddler and a surprise, the development of e-banking
services is an inevitable trend and is receiving more and more attention from the
Government, the financial-banking world and the public. public island.

Assessments on the current situation of risk management in e-banking activities

in Vietnam are still inadequate. With a limited technology base, an incomplete
legal system as well as a lack of management experience in a modern
technology-based business environment, the bank's response to risks occur.

To improve risk management capacity in e-banking activities, the State needs to

actively support banks through building a legal basis for e-banking activities in
particular and e-commerce. electronics in general, and at the same time invest in
telecommunications and information infrastructure. Along with this,
commercial banks must constantly improve risk management capacity in e-
banking activities by self-innovating technology, learning from the experiences
of countries that have been successful with this service.

I hope this presentation will contribute to clarifying the general theoretical

problem and contribute useful solutions in the process of improving the risk
management capacity of Vietnamese commercial banks in the process of
development. electronic banking services. Once again, I sincerely thank you and
everyone for listening.
Reference
1, Hội thảo Banking Viet Nam – 2007
2, Vũ Lê Quỳnh Giao - Trần Thị Huyền Chi (11/2005), Quản lý rủi ro đối với
hoạt động ngân hàng điện tử
3, TS. Tạ Quang Tiến (05/2006), Dịch vụ Ngân hàng hiện đại tại Việt Nam
4, Xuân Anh – Cục CNTH, Một số giải pháp về quản lý rủi ro trong hoạt động
ngân hàng điện tử