What’s the path to stronger digital trust in Vietnam?

By Nga Dao

The alarming situation

I receive spam emails, texts, and calls almost every day and about almost everything: from warning a security threat or inviting to a promotional event to offering sales or investment opportunities. Spam is annoying, but I’m still lucky they haven’t stolen my money. Last month, a friend of mine lost VND50 million (about US$2,000) in an investment scam; and last week, a relative lost VND10 million (around US$400) by a fake Facebook page selling air tickets. These are only a few among thousands of online fraud reports.  It’s undeniable that spam and scams exist and can be anywhere.

In 2022, the Authority of Information Security recognized around 13,000 online scams and announced the 16 most common types of scams in Vietnam[1]. These numbers went up to 16,000 cases and 24 types in the first 11 months of 2023[2] with ‘cheap-priced package tours’, Deepfake and Deepvoice video calls among the most common tricks.

Scams target not only citizens but also the government. According to the MPS’s statistics, 2,500 fraud cases took place in the digital space from May 2020 to May 2021. Of these, 527 cases involved criminals faking to be government officials and deploying scams for financial fraud [3].

Scams are not just the risks; they cause real significant losses. It was reported[4] that 70 percent of Vietnamese people fall victim to scams and each Vietnamese suffered an average loss of VND17.7 million (US$734) in online scams in 2023. In total, last year Vietnam lost approximately VND391.8 trillion (US$16.23 billion) to scams, equivalent to 3.6% of the nation’s GDP. And, this is not to mention their potential impacts on the victims’ mental health which would not be easy to measure.

Main reasons and challenges

The prevalence and consequences of scams, regarded as adverse outcomes of technology, can be ascribed to the actions of both individuals and institutions. The lack of awareness and vigilance about online fraud and cybersecurity requirements along with the ignorance or absence of privacy policies and guidelines may help explain the situation.

A survey[5] by a local cybersecurity firm found that 80 percent of entities engaged in e-transactions in Vietnam failed to comply with privacy regulations fully, particularly the Government’s Decree 13[6] on personal data protection, and many organizations have no institutional privacy policies.

A review[7] by a local think tank also revealed local governments’ limited awareness and practice of privacy protection in e-government and e-service portals. Many regional portals lack a published privacy policy, and their interfaces merely prompt users to verify the accuracy of provided information without providing tools for expressing privacy preferences. It concluded that none of the 63 provinces and cities in Vietnam have set a good practice in all respects regarding personal data protection.

Meanwhile, experts have pointed out several legal challenges such as inconsistencies between the Penal Code and Cybersecurity Law concerning the definitions of cybercrimes as well as loopholes in regulations on administrative sanctions for online violations, which would require a thorough review and appropriate amendment of the relevant decrees[8].

What can be solutions?

Building digital trust is a key task under Vietnam’s National Digital Transformation Program adopted in 2020[9]. It is also a key requirement to ensure information and cyber security for digital government, digital economy, and digital society according to the newly-issued master plan on ICT infrastructure development (2021-2030 period with a vision to 2050)[10]. The urgent need for and importance of this issue has been highlighted on several occasions, by both the MIC and MPS leadership[11].

Raising people’s awareness and equipping them with knowledge and skills to recognize and mitigate online risks is identified as a key solution to fighting fraud. For this purpose, Vietnamese authorities have launched several awareness campaigns in the past few years[12]. This is essential indeed but not yet sufficient. Clear and consistent regulations and guidelines are important and necessary to enable effective compliance and enforcement. For this reason, the Government may need to conduct a comprehensive review of relevant regulations and make proper adjustments. Considering Vietnam has already issued a decree on personal data protection (PDP) and launched the National PDP Portal (https://baovedlcn.gov.vn/), it is expected that there will be further concrete and timely guidance as well as constant review by authorities to promptly identify and fix potential problems. This process would help draw good lessons and provide valuable inputs for the formulation of the first-ever PDP Law of Vietnam shortly.

 

[1] https://vietnamnet.vn/en/the-most-common-types-of-scams-on-vietnam-s-cyberspace-2100300.html

[2] https://nhandan.vn/bao-dong-do-lua-dao-qua-mang-post791168.html

[3] https://vietnamlawmagazine.vn/greater-attention-to-online-personal-data-protection-needed-to-win-public-trust-in-digital-transformation-recent-review-results-suggest-48945.html

[4] https://thesaigontimes.vn/wp-content/uploads/2024/01/State-of-Scam-Report-2023-Vietnam.pdf

[5] https://vietnamnet.vn/en/80-of-electronic-transaction-providers-do-not-follow-personal-data-regulations-2238460.html

[6] Issued on April 17, 2023, and effective as of July 1st, 2023.

[7] https://vietnamlawmagazine.vn/greater-attention-to-online-personal-data-protection-needed-to-win-public-trust-in-digital-transformation-recent-review-results-suggest-48945.html

[8] https://tapchitoaan.vn/lua-dao-chiem-doat-tai-san-tren-khong-gian-mang-thuc-trang-va-giai-phap9284.html

[9] Decision 749/QD-TTg dated June 3rd, 2020.

[10] Decision 36/QD-TTg dated January 11, 2024.

[11] Such as https://vietnamnews.vn/economy/1068691/cyber-security-becoming-a-big-concern-for-firms-individuals.html;

[12] Such as the National Cyber ​​​​Security Center’s (NCSC) launch of a website (in cooperation with Google) in 2022, to raise public awareness of increasing online frauds; and the MIC’s online fraud campaign in 2023.

Posted in

Related Articles

The Problem with Malaysia’s PADU Initiative

By Edika Amin The Problem with Malaysia’s PADU Initiative   At the time of writing, PADU also known as the Government’s Central Database System’s registrations has reached 1.63 million people, including those of children under 18 who have completed the registration process. There was a recent influx in registration numbers following the announcement that targeted subsidies […]

Why does ASEAN need an Institute for Innovation, Technology and Industry (AITII)?

By How Yong Yang ASEAN, or the Association of the Southeast Asian Nations, has made countless headlines in recent years for different reasons: political, economic, and security. Professor Kishore Mahbubani, former President of the United Nations Security Council, has said that ASEAN should be given the Nobel Peace Prize for its capacity to maintain peace, […]

Consumer data privacy: a snapshot of new regulations in Vietnam

By Nga Dao The first half of 2023 has witnessed some key developments in Vietnam’s data privacy legislation. These particularly include the issuance of the first-ever decree on personal data protection (Decree 13/2023/ND-CP or PDPD) in April and the adoption of the Law on E-Transactions and Law on Consumers’ Right Protection in June, both of […]