Protecting cross-border payment transaction data

Modern payment tools such as e-wallets, international cards or fintech services have shortened the distance, connecting millions of businesses and individuals around the world , and are a strong driving force for e-commerce, tourism and international investment. However, the reality in Vietnam and many countries around the world shows that there are still many barriers.

The story of Mr. Nguyen Hoang Long - Deputy General Director of Vietnam National Payment Corporation (Napas), when he could not pay by international card at a shopping mall in China, is a clear proof. Despite the presence of international tools, the payment ecosystem in many markets is still fragmented, causing difficulties for tourists and businesses.

This situation is also happening in Vietnam, when tourists from China, Thailand or Korea encounter difficulties when spending at small shops and traditional markets. This not only causes inconvenience but also causes Vietnam to miss out on a large amount of potential revenue. Realizing this, Vietnam is taking positive steps. Napas has been connecting with regional partners such as Thailand, Cambodia, Laos, Indonesia, Singapore, allowing people to pay directly in each country's local currency.

In particular, the connection with China, Vietnam's largest tourism market, is being rushed to completion. The system is expected to be tested by the end of this year, opening up great opportunities for the tourism and trade industries. However, convenience always comes with risks, the risk of cyber attacks and personal data breaches has also increased dramatically, causing huge financial losses and undermining user confidence, with far-reaching impacts on global economic security.

Mr. Vu Ngoc Son - Head of Research, Consulting, Technology Development and International Cooperation (National Cyber ​​Security Association), pointed out the existing dangers. The forms of attacks are increasingly sophisticated and diverse. Firstly, phishing and spoofing. Hackers send emails, messages or create fake websites of banks and payment gateways to steal login information, thereby making illegal transactions. Secondly, using malicious software (Malware, Ransomware, Trojan) to penetrate the system. These software record keyboard operations, change account numbers or encrypt all data to demand ransom.

Third, account hijacking and transaction fraud. Hackers take control of bank accounts or the SWIFT system to issue fake money transfer orders. This type of attack is especially dangerous because transactions often go through many intermediary banks, making it difficult to recover. Fourth, personal data and financial information leaks. Sensitive data such as credit card information, account numbers, and KYC (Know Your Customer) data are often stolen and traded on the “dark web”. This information is then used to open fake accounts or carry out other fraudulent activities. Fifth, supply chain attacks. A vulnerability from a small partner can pave the way for hackers to infiltrate the entire large system. Sixth, denial of service (DDoS) attacks, temporarily paralyzing major payment systems, disrupting global transactions and directly affecting users.

According to Associate Professor, Dr. Pham Thi Hoang Anh (Banking Academy), cross-border transactions require a clear bilateral legal framework, unified technical standards and a coordination mechanism for handling incidents. For management agencies, the priority is to harmonize laws according to international practices such as GDPR (EU General Data Protection Regulation) or ISO/IEC 27001. Early standardization will help reduce conflicts when incidents occur, while building trust for users and businesses.

“Personal data must be protected from the very minimum steps such as strict authorization, monitoring access logs, deletion or anonymization when the purpose of use is no longer needed,” Associate Professor, Dr. Pham Thi Hoang Anh emphasized.

According to Mr. Vu Ngoc Son, financial institutions and businesses need to take drastic actions. First, update and patch software urgently. Second, apply multi-factor authentication (MFA), adding an additional layer of security beyond passwords. Third, build an AI-based abnormal transaction monitoring system to proactively detect and prevent fraudulent behavior. Fourth, regularly audit and assess the security of partners and third parties in the supply chain.

However, the final and most important layer of protection still lies with the user himself, each individual needs to raise awareness and equip himself with self-protection skills. Users need to be careful when receiving strange emails and messages related to international payments; avoid using public wifi when making financial transactions; and use virtual cards or limited e-wallets to minimize risks when shopping online. The sustainable development of cross-border digital payments will depend on the ability to build a solid security system. Only when personal data is securely protected and user trust is strengthened, can Vietnam create a solid foundation for comprehensive expansion and development of the digital economy.