Card and Payment Security Seminar (14th April 2014)

The Seminar with the theme “Card and Payment Security” was held on the morning of 12/4/2013, at State of Bank Vietnam, which is started from 8:30am to 12:40pm.

I. Participants

With the attendance of 7 Vietnam and foreigner speakers, the Seminar attracted the participants of 120 guests, who are the leaders and financial, banking and technology specialists IN Vietnam, including 63 representative delegates of 26/40 inviting banks (63% rate). (There are the representatives of 5 Government Commercial Banks)

  • Total number of participants: 120
  • Total banks: 26
  • Total banks do the survey: 22

I.1. The organizers:

– Vietnam Banking Association-VNBA: Ms. Tran Thi Hong Hanh – General Secretary and 2 other representatives in HCMC.

– Komtek Corporation: Mr. Nguyen Hoang Ly – President, Mr. Nguyen Tuan Hoa – Senior Consultant and 12 Staffs.

I.2. Guests:

– Finance Committee of the National Monitoring: Mr. Ha Huy Tuan –Vice President.

– State Bank of Vietnam-SBV:

  • Bui Quang Tien – Director, Payment Bureau – State Bank of Vietnam
  • – Deputy Chief Representative of State Bank HCMC branch;
  • State Bank HCMC branch;
  • Pham Quoc Trinh – Director Department of Information Technology HCMC

– Ministry of Public Security –Permanent Agency Southern Region, Representative of Currency Security Administration A84: 2 Representatives

– International guests:

  • Paladion: Mr. Jaipal Kolapurath – Regional Sale Manager(SEA);
  • HP – Partner of Paladion: Mr. Piya Paitoonrajitpipit – Security Solution Architect;
  • TIS: Mr. Masakatsu Goto – Section Chief of Financial Solution Sales Department; Mr. Suzuki Kazuto – Chief of Financial Soltuion Department; Mr. Kei Nakamura- Expert of IT Platform Services Sales Department; Mr. Tong Quoc Truong – Technical Expert
  • Credit Saison: Mr. Noriyuki Inaba – General Manager of Credit Planning Dept; Mr. Haruhisa Kaneko – Managing Director of Overseas Business Div; Mr. Shiga Masaki – Deputy Director of VSC;
  • Symantec: Mr. Yoshimasa Hiraiwa – Executive officer, SSL-Product Division
  • Parasoft Singapore (and Asean): Mr. Stanley Eu – Regional Director.

I.3. Commercial Banks: Representative leaders and officials of Card, Payment and Information Technology Department of 5 government commercial banks, and 19 joint-stock commercial banks, 1 joint- venture bank Indovina and 1 international bank HongLeong.

I.4. Others: Representatives of the information technology department, media agencies (Le Courrier du Vietnam – French Edition, Online Newspaper of the Government , Youth Newspaper, Transportation Newspaper (Economic page) , Customs Newspaper , Saigon Giaiphong – Chinese Edition, Vietnam Bankers’ Association (VNBA), Vietnam News, Saigon Tiep thi Newspaper, Vietnam Shipper, Bizhub, Stoxplus, Saigon Giaiphong – Investment & Finance …)

II. Content of Card and Payment Security Seminar

II.1. Ms. Tran Thi Hong Hanh General Secretary of VNBA had a welcome guest speech.

II.2. Mr. Ha Huy Tuan – Vice President, National Financial Supervisory Commission, presented “An evaluation of macro effects of information security in banking sector and international management experience”. According to Mr Tuan, in recent time most of countries around the world have especially interested in both technical solutions and administrative management methods in order to gradually prevent and mitigate the effects before these trends and the new threats of high-tech crimes. The procedures and rules for the internal operating activities are compiled strictly and standardized. Mostly the banks deployed and applied the international standards, such as ISO 27001 … In Vietnam , card and payment activities in the credit organizations have got some remarkable achievements, but there are still some limitations need to be concerned to develop, to actively cope with the risks and other forms of international crimes with many ploys and sophisticated forms in technology, card and payment sections, such as: need to apply the model of new technology solutions, new technology solutions; need to convert from magnetic stripe technology to EMV card …

II.3. Mr. Bui Quang Tien – Director, Payment Bureau – State Bank of Vietnam, introduced “Card and Payment Security: An Overview in Vietnam”. According to Mr. Tien, by the end of the October 2013 , Vietnam have 52 organizations registered to issue cards , with the number of nearly 64 million cards , including debit cards accounted for 92.4 %, credit card accounted for 3.6 % . Besides developing the numbers of cards, the banks are also interested in improving the quality of service, increased the high levels of safety for the cards by applying the chip technology in the issuing and payment for cards. Card payment infrastructure is concerned by banks to invest and develop, until now, there are approximately 14,700 ATMs and 122,000 POS installed. SBV directed the interconnected system to accept ATM, POS payments nationwide; simultaneously directing to build the card switching center, based on selecting the National Financial Switching of Vietnam (Banknetvn) is main point. Security and card payment operating safety are concerned by banks in Vietnam and implementing the measures. To proactively prevent, increase security of card payment activities, it’s necessary to complete the legal environment about security, safety, prevention, blocking and treatment for law violations in the fields of card payment, ATM, POS and payment methods by using high technology, enhancing security solutions, safety for the payment infrastructure. Research, develop card standards for the domestic market in Vietnam and process from magnetic stripe to EMV cards. Encouraging Vietnam banking system to complete procedures to achieve the security standard card PCI-DSS (Payment Card Industry Data Security Standard) certified by the PCI Standards Council ( PCI Standard Council)…

II.4. Mr. Hrishikesh Sivanandhan – Head of Consulting presented “Card Payment Security Threat Landscape”. Paladion was established in 2000 , provides risk management solutions, including: ensuring security , compliance, monitoring and management services , as expert and strategist in information risk management for leading organizations of the industry, such as BFSI , ITES , Telecom , Manufacturing , and also is the biggest and fastest growing company about information security in Asia . According to the speaker , 2013 is the year of malware development and the types of security risks . Speaker has introduced some contents of related to the theme of seminar, such as : ( i ) Card Payment Security Threat Landscape, motivation of threat and the types of thread; ( ii ) global fraud trends : ( iii ) Banking fraud landscape , including the fraud of a third party, the fraud of first party and internal fraud ; ( iv ) the recent data breach; ( v ) Introduction data ecosystem data and data protection measures .

II.5. Mr. Piya Paitoonrajitpipit – Security Solution Architect, presented “How HP Enterprise Security address PCI-DSS Requirements”. HP is a leading provider of compliance and security solutions and security for modern enterprises. With the market-leading products such as ArcSight , HP Fortify , HP Atalla and HP TippingPoint , the intelligent security platform of HP brings advanced correlation , protect applications and defense network to protect information technology infrastructure from the threats of computer network. Speaker introduced : ( i ) the way HP can meet the requirements of PCI-DSS standards , ( ii ) 12 requirements of PCI – DSS standards to ensure building and maintaining the secure network, protect cardholder data , maintain a vulnerability management program , implement strong access control measures, regularly monitor and test networks ; ( iii ) the important findings are, such as HP develop source code analysis ( SCA ) to detect and fix security problems in code development process , HP WebInspect detect important security issues for running applications.

II.6. Mr. Pham Quoc TrinhDirector, HCMC Branch Office, IT Department, State Bank of Vietnam, presented “Current issues and solutions related to Card and Payment Security”. Speaker has indicated some cases of card fraud with new trick happened in the past and proposed ​​some recommendations to improve the card security in the future

II.7. Mr. Nguyen Dang Huy – Security Expert, Dong A Bank, shared “Card and Payment Security Deployment: A Case Study in Dong A Bank”, This is one of the first commercial bank was established in the early 1990s in the context of Vietnam’s economy is more difficult and binding. Over 20 years of operation, Dong A bank had become the leading bank in the standards and security solutions to ensure data safety and enhance the quality of customer services. Therefore, the organizers invited the security experts – representative for DongA bank to share their experiences of implementing PCI – DSS standard in recent time. According to the speaker, the process of implementing PCI-DSS standard passed 3 steps : Consulting , Implementation , Testing and Certification. Speakers shared experiences in implementing each step, such as: choosing a reliable partner who was authorized by VISA ; hiring outsourced or self-implementation, deployed roadmap, conduct the real inspection to get PCI – DSS certification … Speakers also highlighted the difficulties in implementing PCI-DSS.

II.8. Noriyuki Inaba- General Manager of Credit Planning Dept, shared “Japan’s Credit Fraud Experience” Credit Saison company have 20 years’ experience in providing financial solutions and the second biggest company of issuing cards in Japan. Speakers shared “experience management and handling for using the illegal cards in Japan”, such as: (i) using illegal cards trend (there are 3 forms of using illegal cards are losing cards, counterfeit cards and card opened with fake information), (​​ii) the way to process of fraud card

II.9. Opening Discussion:

  • Speakers including 

(1) Dr. Tran Thi Hong Hanh, General Secretary;

(2) Mr. Bui Quang Tien – Director, Payment Bureau – State Bank of Vietnam;

(3) Mr. Nguyen Hoang Ly, President of Komtek Corporation;

  • The participants express their opinions around issues:
  1. It’s mandatory to have the security solutions to ensure the safety for system;
  2. The security level of the devices;
  3. The necessity of human resources for the security department….

III. Conclusion & report of seminar

Ms. Tran Thi Hong Hanh –General Secretary of VNBA:

Workshop Card and Payment Security will be a bridge between the banks, technology solution providers , and the international experts for meeting, sharing and exchanging implementation experiences. The information of seminar is looked forward to making helpful for the banks in implementing Card and Payment Security effectively in the near future.

The workshop was taken place in the exalted atmosphere, including the presentations of the speakers from the government agencies, security experts and risk management solution providers with the theme “Card and Payment Security”. The opinions of the leaders of related agencies such as the National Financial Supervisory Commission, Payment Department , Information Technology Department, and international specialists in the field of security who come from India, Thailand , Japan; created opportunities for the organization ‘s members of VNBA to receive much information about international standards and card and payment security./.