What’s the path to stronger digital trust in Vietnam?

By Nga Dao

The alarming situation

I receive spam emails, texts, and calls almost every day and about almost everything: from warning a security threat or inviting to a promotional event to offering sales or investment opportunities. Spam is annoying, but I’m still lucky they haven’t stolen my money. Last month, a friend of mine lost VND50 million (about US$2,000) in an investment scam; and last week, a relative lost VND10 million (around US$400) by a fake Facebook page selling air tickets. These are only a few among thousands of online fraud reports.  It’s undeniable that spam and scams exist and can be anywhere.

In 2022, the Authority of Information Security recognized around 13,000 online scams and announced the 16 most common types of scams in Vietnam[1]. These numbers went up to 16,000 cases and 24 types in the first 11 months of 2023[2] with ‘cheap-priced package tours’, Deepfake and Deepvoice video calls among the most common tricks.

Scams target not only citizens but also the government. According to the MPS’s statistics, 2,500 fraud cases took place in the digital space from May 2020 to May 2021. Of these, 527 cases involved criminals faking to be government officials and deploying scams for financial fraud [3].

Scams are not just the risks; they cause real significant losses. It was reported[4] that 70 percent of Vietnamese people fall victim to scams and each Vietnamese suffered an average loss of VND17.7 million (US$734) in online scams in 2023. In total, last year Vietnam lost approximately VND391.8 trillion (US$16.23 billion) to scams, equivalent to 3.6% of the nation’s GDP. And, this is not to mention their potential impacts on the victims’ mental health which would not be easy to measure.

Main reasons and challenges

The prevalence and consequences of scams, regarded as adverse outcomes of technology, can be ascribed to the actions of both individuals and institutions. The lack of awareness and vigilance about online fraud and cybersecurity requirements along with the ignorance or absence of privacy policies and guidelines may help explain the situation.

A survey[5] by a local cybersecurity firm found that 80 percent of entities engaged in e-transactions in Vietnam failed to comply with privacy regulations fully, particularly the Government’s Decree 13[6] on personal data protection, and many organizations have no institutional privacy policies.

A review[7] by a local think tank also revealed local governments’ limited awareness and practice of privacy protection in e-government and e-service portals. Many regional portals lack a published privacy policy, and their interfaces merely prompt users to verify the accuracy of provided information without providing tools for expressing privacy preferences. It concluded that none of the 63 provinces and cities in Vietnam have set a good practice in all respects regarding personal data protection.

Meanwhile, experts have pointed out several legal challenges such as inconsistencies between the Penal Code and Cybersecurity Law concerning the definitions of cybercrimes as well as loopholes in regulations on administrative sanctions for online violations, which would require a thorough review and appropriate amendment of the relevant decrees[8].

What can be solutions?

Building digital trust is a key task under Vietnam’s National Digital Transformation Program adopted in 2020[9]. It is also a key requirement to ensure information and cyber security for digital government, digital economy, and digital society according to the newly-issued master plan on ICT infrastructure development (2021-2030 period with a vision to 2050)[10]. The urgent need for and importance of this issue has been highlighted on several occasions, by both the MIC and MPS leadership[11].

Raising people’s awareness and equipping them with knowledge and skills to recognize and mitigate online risks is identified as a key solution to fighting fraud. For this purpose, Vietnamese authorities have launched several awareness campaigns in the past few years[12]. This is essential indeed but not yet sufficient. Clear and consistent regulations and guidelines are important and necessary to enable effective compliance and enforcement. For this reason, the Government may need to conduct a comprehensive review of relevant regulations and make proper adjustments. Considering Vietnam has already issued a decree on personal data protection (PDP) and launched the National PDP Portal (https://baovedlcn.gov.vn/), it is expected that there will be further concrete and timely guidance as well as constant review by authorities to promptly identify and fix potential problems. This process would help draw good lessons and provide valuable inputs for the formulation of the first-ever PDP Law of Vietnam shortly.

 

[1] https://vietnamnet.vn/en/the-most-common-types-of-scams-on-vietnam-s-cyberspace-2100300.html

[2] https://nhandan.vn/bao-dong-do-lua-dao-qua-mang-post791168.html

[3] https://vietnamlawmagazine.vn/greater-attention-to-online-personal-data-protection-needed-to-win-public-trust-in-digital-transformation-recent-review-results-suggest-48945.html

[4] https://thesaigontimes.vn/wp-content/uploads/2024/01/State-of-Scam-Report-2023-Vietnam.pdf

[5] https://vietnamnet.vn/en/80-of-electronic-transaction-providers-do-not-follow-personal-data-regulations-2238460.html

[6] Issued on April 17, 2023, and effective as of July 1st, 2023.

[7] https://vietnamlawmagazine.vn/greater-attention-to-online-personal-data-protection-needed-to-win-public-trust-in-digital-transformation-recent-review-results-suggest-48945.html

[8] https://tapchitoaan.vn/lua-dao-chiem-doat-tai-san-tren-khong-gian-mang-thuc-trang-va-giai-phap9284.html

[9] Decision 749/QD-TTg dated June 3rd, 2020.

[10] Decision 36/QD-TTg dated January 11, 2024.

[11] Such as https://vietnamnews.vn/economy/1068691/cyber-security-becoming-a-big-concern-for-firms-individuals.html;

[12] Such as the National Cyber ​​​​Security Center’s (NCSC) launch of a website (in cooperation with Google) in 2022, to raise public awareness of increasing online frauds; and the MIC’s online fraud campaign in 2023.

Posted in

Related Articles

Indonesia’s Jeopardized Digital Freedoms – A Case Study in Spyware

By Grey Pilarczyk Indonesia has long had a mixed human rights record, particularly regarding the online activity of Indonesians. In recent years, political activists and independent media outlets in the country have faced a barrage of digital threats and cyber-attacks. On May 1st, Amnesty International released a stunning report detailing Indonesia’s use of highly invasive […]

Unpacking the EU AI Act: An ASEAN Perspective

By Nigel Hee The European Union (EU) recently unveiled the Artificial Intelligence Act, a novel piece of legislation that aims to regulate the development, deployment and use of artificial intelligence (AI) systems within the EU. The Act is predicated on a risk-based approach, classifying AI systems into different risk categories and imposing corresponding obligations and […]

Digital Sovereignty in ASEAN

By Mackenzie Gunther With large tech companies owning significant amounts of data, geopolitical tensions, the risk of critical data leaks, and the rising importance of self-reliance in the eyes of world leaders, the concept of who controls data is becoming a high priority.   The global context over the past decade has set the scene for […]