When technology becomes a “double-edged sword”
There is no denying that artificial intelligence (AI) is opening up unprecedented opportunities for growth and innovation. In the banking sector, AI helps optimise operations, improve customer experience, and create digital ecosystems connecting businesses, partners and users.
Within the digital-creation banking model, data plays a central role. Banks are no longer merely providers of financial services; they are also building platforms, sharing data and integrating deeply into corporate value chains.
Pham Tien Dung, Deputy Governor of the State Bank of Viet Nam, noted that artificial intelligence is not only a driving force behind innovation and operational efficiency, but is also fundamentally reshaping how financial institutions are managed and operated. AI is currently being researched and applied across many areas, including credit assessment, customer scoring, fraud detection, process automation and service quality enhancement. As a result, it contributes to improving system efficiency while expanding access to financial services for people and businesses.
However, experts warn that this development is also being exploited by high-tech criminals. Whereas fraudulent activities in the past mainly relied on simple tactics such as fake text messages or emails, they have now entered a new phase characterised by far greater sophistication.
Deepfake technology can recreate voices, images and even videos with remarkable realism. With only limited input data, such as a short voice recording or personal photographs, AI systems are capable of generating fake content that is almost impossible to distinguish with the naked eye. Several cases around the world have shown companies being deceived into transferring large sums of money following online meetings in which all participants were entirely AI-generated.
Notably, AI goes far beyond simple impersonation. These systems can also analyse data, build victim profiles, personalise scam scenarios and interact in real time. Fraud is therefore no longer a series of isolated acts, but is increasingly evolving into an “industry” operating through closed and large-scale processes.
Risks from data leakage vulnerabilities
According to Associate Professor Dr Dang Ngoc Duc, Director of the Institute of Financial Technology at Dai Nam University, digital-creation banking represents a more advanced stage of digital banking, in which financial institutions not only serve businesses but also accompany them in creating new value through data and digital ecosystems.
However, the broader the scope of data sharing, the greater the risks become. Tran Quoc Chinh, Vice Chairman of CMC Corporation and Chief Executive Officer of CMC Cyber Security, argued that the biggest challenge today lies not in technology, but in trust. “Both banks and businesses remain hesitant about sharing data because even a minor vulnerability could spread throughout the entire ecosystem,” he stressed.
In a context where data is no longer confined within a single organisation but interconnected among banks, businesses and fintech companies, the risks of leakage and unauthorised exploitation increase significantly. In particular, when personal data is exposed, criminals can use AI to assemble highly sophisticated scam scenarios tailored to the psychology and behaviour of each victim.
Drawing from practical implementation experience, experts have identified three major bottlenecks hindering efforts to ensure data security and combat fraud in the digital environment.
The first is trust in data sharing. Without transparent mechanisms governing ownership rights, scope of use and accountability, stakeholders are unlikely to engage in deep connectivity.
The second is the lack of technical standardisation, particularly regarding APIs. The fact that each bank and system uses different connection standards increases costs for businesses while also heightening cybersecurity risks.
The third is that cybersecurity capabilities have not kept pace with the speed of development. In many cases, organisations expand their ecosystems more rapidly than their ability to manage risks, creating security “gaps”. Beyond the banking sector, businesses themselves — especially small and medium-sized enterprises — are also facing significant limitations in technology, governance and cybersecurity awareness. Yet these are precisely the groups most vulnerable to fraud attacks.
Improving the legal framework and strengthening social capacity
In light of this situation, there is an urgent need to complete the legal framework governing personal data protection and cybersecurity. Ruma Balasubramanian, President for Asia Pacific and Japan at Check Point Software Technologies, stated that AI is reshaping both business innovation and cybersecurity risks, creating an urgent need for advanced and flexible security strategies. Traditional security approaches are increasingly revealing their limitations in the face of emerging threats.
Accordingly, a dual-track approach is required: AI must be designed and developed safely and under control, while AI itself should also be harnessed as a tool to strengthen defence capabilities and detect and prevent fraudulent activities.
Experts have proposed the early establishment of a clear legal framework for data sharing, covering ownership rights, scope of use and responsibilities in the event of incidents. At the same time, common technical standards — especially for APIs — need to be introduced to create a safe and synchronised foundation for digital ecosystem development. In addition, controlled regulatory sandbox mechanisms should be expanded, allowing new models to be tested under close supervision before wider implementation.
Another equally important factor is improving cybersecurity capacity among both businesses and the public. In the AI era, every individual can become a “link” in the security chain. A single careless action — such as sharing personal information, clicking on suspicious links or trusting a fake phone call — can lead to serious consequences.
Reality shows that combating high-tech fraud is no longer solely the responsibility of authorities or technology companies. It is a challenge for society as a whole, in which every individual and business must proactively adapt. As AI continues to develop rapidly, fraud schemes are expected to become increasingly sophisticated, combining multiple channels ranging from emails and social media to phone calls and video communications. The line between what is real and what is fake is becoming increasingly blurred, posing major challenges to digital trust.
Conversely, AI itself is also being used as a “shield” to detect and prevent fraudulent activities. The race between criminals and defensive measures is therefore likely to continue indefinitely. In that race, technology may serve as a tool, but the decisive factor will ultimately remain human beings.
Awareness, vigilance and a strong sense of personal data protection constitute the first and most important line of defence. When individuals know how to protect themselves, businesses treat security as a foundation, and organisations act responsibly, the digital ecosystem will be able to develop sustainably, transforming technology from a source of risk into a driver of future growth.
