VET conducted a pocket survey to determine the understanding and views of consumers about information security on online payment transactions.
Online payment gateways allow e-commerce websites to accept online payments for their goods and services via bank cards. According to unofficial figures, in the 2009-2013 period the number of e-commerce websites with online payment facilities was 30 times higher than a decade ago. With more than 15 years of development, over 56 million various types of bank cards have been issued, with annual transactions exceeding $40 billion.
Online banking and online payment have brought increasing convenience to all, especially with the better technology and faster internet speed now found in Vietnam. Moreover, it’s been forecast that online payments via mobile phones will boom shortly, as more and more companies now providing such services offer even more services that help users conduct transactions and payments anytime, anywhere.
In addition to the convenience, however, are a number of risks, especially in information security. To get a clearer picture of awareness about such issues and to assess the perceived level of security in online transactions, VET conducted a pocket survey of 41 respondents who regularly conduct money transfers and/or payment transactions via e-banking, online payment portals, and e-commerce websites, both domestically and internationally.
Of the 41 respondents, 49 per cent usually use computers to conduct online payment transactions, with the same figure using smartphones, while laptops are used in 31.8 per cent of transactions.
In explaining their choice of device, 95 per cent of those who conduct transactions on their smartphone said they do so because of the convenience, while the figures for those using computers or laptops were 84.6 per cent and 43.5 per cent, respectively. Many users choose a computer because of the more stable and faster internet connection or the higher capacity for successful transactions compared to other devices, with respective percentages being 65.2 per cent and 60.9 per cent. Meanwhile, only a few users consider information security issues when choosing which device to use. Only 21.7 per cent said that use computers because of their greater information security compared to laptops and smartphones, while 15.4 per cent said they use laptops and 14.3 per cent said they use smartphones for the same reason.
Assessing these results, an expert in the information security field said users remain generally unaware of information safety and security. Using smartphones to conduct online payment transactions, he said, is particularly dangerous because the level of information security is much less than on computers and laptops. But it seems that users only care about convenience and not so much about protecting their account information.
This is clear to see in the pocket survey. When asked whether they know about information security and the risks to their account information on online payment systems, over a half of respondents displayed limited knowledge. Three per cent know nothing at all and 51.2 per cent said they only know a little.
However, if they received an alert about their account information possibly being at risk via notifications and warnings from service providers, most would be cautious and read this information carefully. Some 83.8 per cent of respondents said they will read the information carefully and follow any instructions. Ten per cent would spend more time studying the information, seek advice from others, or contact their bank to confirm the accuracy of the information and then follow any instructions.
After the recent OpenSSL HeartBleed attack, online service payment providers, especially banks, adopted measures to address the attack quickly and effectively and also recommended customers change their account password and cease conducting online transactions until the threat had definitely passed. Seventy per cent of respondents did so, while 15 per cent ceased conducting online transactions but changed their account password later or even not all (with 10 per cent changing later and 5 per cent not all). The remainder said that they will still continue conducting online transactions after changing their account password immediately (5 per cent), will change their password later (5 per cent), or won’t change their password (5 per cent).
Although they are happy to be able to conduct online transactions, people are concerned that their account information may be hacked and don’t have complete faith in the information security systems of service providers. Eighty-seven per cent of respondents don’t completely trust the security systems of domestic e-commerce websites, while 63.3 per cent don’t trust the systems of international providers. In particular, nine of the 41 respondents have had trouble in the past with information security when conducting online transactions.
In terms of why information security may be easily at risk of being attacked by hackers, 50 per cent of respondents said that the first and most important reason is that service providers use ineffective security technologies. Only 20 per cent cited as this as the second reason. A lack of knowledge or a tendency to make light of information security by creating short and simple passwords such as their date of birth, phone number, or their own names, or saving their account username and password on e-banking websites, were considered the most important reason by 35 per cent of respondents, with the same number ranking it second. Other reasons, in order, were the non-use of effective anti-virus software on their computers, or a failure to regularly update them, downloading unreliable software with warnings about potential risk from viruses, purchasing products from unreliable e-commerce websites and, finally, using free wi-fi to access personal and sensitive information.
Of respondents that said the first and most important reason that their account information is at risk of being attacked by hackers is due to service providers, especially banks, 85.5 per cent agreed that if their accounts were indeed hacked and they lost money then service providers should be held responsible because their security system failed to protect their information. Only 14.5 per cent said that it’s their own responsibility, because they revealed personal information.
In order to protect their account information, users have now adopted a range of various measures. The most popular are checking the reliability of e-commerce websites before conducting online purchasing and payment transactions, not lending their bank card to other people or revealing their account information to others, always watching out for emails or websites seeking personal information and not opening emails or clicking links from strange or unreliable addresses, and not saving personal information on their device and not sharing passwords with others. Each of these measures is applied by nearly 60 per cent of respondents. Over 30 per cent also apply measures like using complex passwords and changing passwords regularly, updating anti-virus software regularly, and not using free wi-fi when accessing personal information or conducting online payment transactions. Forty-two per cent use all these measures to protect their personal information.
The results of the pocket survey confirm that awareness among Vietnamese consumers about protecting their personal information remains extremely poor and they primarily rely on service providers to ensure the security of their personal information.