VietNamNet Bridge –Vietnamese banks are using the most advanced security technologies available in the world for their systems, according to experts. Representatives of commercial banks and payment portals have affirmed that their websites have not been hurt by the OpenSSL HeartBleed flaw which was discovered some days ago.

Online transaction accounts exposed to danger

The risk the “bleeding heart” can cause is so serious that experts have recommended that people stay away from the Internet and online transactions until websites confirm they have finished patching the holes and upgrading their systems.

However, Vietnamese banks all have insisted that their systems were never at risk, and that it is therefore still safe to use their e-banking services.

A senior executive of Maritime Bank said HeartBleed only affects websites using the OpenSSL security protocol, while Maritime is using SSL Cert of Verisign.

A representative of VietinBank has also affirmed that the bank’s system has been not affected by the trouble. Immediately after hearing about the bug, the bank’s workers checked the system and came to the conclusion that there was no problem.

The same conclusion was also arrived at by an independent security firm hired by VietinBank to verify its system. The bank has been utilizing international-standard security technology  for Internet banking services. Meanwhile, payment transactions are protected by Visa’s DSS PCI and Mastercard’s 3D Secure.

The other major banks, namely Techcombank, NamA Bank, LienViet Post Bank, Sacombank, Vietcombank, ACB, BIDV and HDBank, have all asserted that they are safe from HeartBleed.

The State Bank of Vietnam on Friday morning released a report declaring that the entire banking system is operating normally, and that it has not been affected by HeartBleed.

As for payment portals, Nganluong.vn said that it checked and updated the system immediately on the night of April 7 after receiving notice about HeartBleed.

However, as the OpenSSL flaw is serious, and all the websites using OpenSSL - not only banks’ or payment portals’ websites - are exposed to risk, users are still being advised to be cautious with their transactions.

Experts have recommended that users change their passwords immediately, or face potentially high risks.

Ngo Tuan Anh, Vice Chair of BKAV, the best known Internet security solution provider in Vietnam, said on Thursday that banks using digital signatures for online transactions are not affected by the flaw. He explained that the “key”, an extra level of security in online transactions, is something that stays in users’ hands. Hackers exploiting Heartbleed might be able to detect the user names and passwords of accounts, but that is not enough for them to access the accounts.

That said, the number of commercial banks using digital signatures for online transactions remains modest. To date, only a few banks – namely, Orient Bank and Asia Commercial Bank - have announced the application of public digital signatures.

The most important factor behind the hesitancy of banks to apply digital signature technology is financial. Banks reportedly have injected big money into OTP (one time password) systems, therefore they are not prepared to give up their newly developed systems to switch to even newer ones.

On Thursday, BKAV demonstrated a tool that it said can help users find out if websites are safe.

Anh said BKAV, after reckoning up the websites affected by HeartBleed, will make the information public, so that administrators can patch the holes and minimize the damages.

Binh Minh