Future of digital banking hinges on data security: experts
Future of digital banking hinges on data security: experts
Data security and privacy play a pivotal role in the digital transformation of the finance and banking sector, according to experts.
A customer makes payment using a QR code. Cashless payment is becoming increasingly popular. — Photo courtesy of MoMo |
As the Government advances the national digital transformation agenda, the banking industry as a whole and individual lenders are speeding up the transformation of all their operations, they said.
Nguyễn Viết Hòa, head of community information, Vietnam Blockchain Union (part of the Vietnam Digital Communications Association), said the finance and banking industry has always been associated with the construction, management and operation of data systems – going from basic means such as physical books and records to core banking systems storing billions of digital records every day.
“Throughout that evolution, data security has played a key role in protecting the entire system so that it can operate safely, transparently and effectively. Organisations inside and outside the finance-banking sector have been developing a plethora of solutions to minimise vulnerabilities and the risks of attacks that result in data breaches."
He said data security solutions deployed by banks in Việt Nam could be divided into five common categories: fraud prevention, data risk control, network infrastructure security, phishing attack prevention, and preventing loss and unlawful interference of data.
There are international standards that Vietnamese banks could adopt to improve risk control and information security, he said.
"Nevertheless, more inputs from real-life situations are always needed to ensure that actual practices are updated and effective as technology advances and transforms all the time."
Data privacy
An equally important task is ensuring data privacy.
Dr Huy Phạm, founder of RMIT Fintech-Crypto Hub, said though Decree 13/2023/ND-CP (effective from July 1, 2023) has created a legal framework for personal data protection, its implementation in the finance and banking sector would take some time.
“To be able to fully comply with the regulations in Decree 13, financial institutions and banks need to strengthen their control over the processing and storage of personal data from the employee level up because they often interact and communicate directly with customers, possibly through their personal phones. So, serious violations of personal data protection can easily occur.
"For example, a customer's personal information might be transmitted from one securities company to another via their respective employees without the customer's consent."
Concurrently the advancement of artificial intelligence (AI), generative AI and their applications in the finance and banking sector causes growing concern as to whether customers' personal information could be legally used in AI training.
“Will data subjects have full control over their personal information if financial institutions and banks apply AI in their systems? If these organisations unlawfully use customer data in AI training, how can the data subjects track such activities and potentially initiate a lawsuit?”
Data subjects could request that organisations not use or remove their personal information when training AI models, he said.
A notable example is OpenAI's ChatGPT, which was briefly banned in Italy until the company provided solutions that enabled data subjects in Italy to allow or refuse the use of their personal data in AI training.
But unlike Google and other search engines, generative AI models such as large language models could not easily fulfil such requests since they are often unable to retrieve or remove specific pieces of information on command, he pointed out.
Moreover, he said, popular large language models are also not transparent – they are essentially “black boxes” and users do not clearly know how the answers are formed.
“Therefore, the Government and relevant authorities need to provide specific instructions and regulations on the use of personal data for AI training in the finance and banking sector.
“At the same time they should encourage financial organisations and banks to use responsible and explainable AI models.”