“Fight fire with fire” is the strategy recommended by experts at RMIT Vietnam for fintech firms to combat AI-powered cybercrime - by leveraging artificial intelligence itself as a defense.

Using AI to counter AI

Associate Professor Pham Cong Hiep, Deputy Head of Research and Innovation at RMIT Vietnam’s School of Business, noted that Vietnam's financial technology (fintech) sector is growing rapidly, driven by the rise of digital payments, digital banking, and online lending platforms.

This rapid expansion, however, is making digital services and platforms prime targets for cybercriminals. New threats in the fintech space include AI-driven phishing attacks, deepfake crimes, fraudulent transactions, and identity theft.

Cybercriminals are increasingly using AI to craft fake emails, websites, videos, and even voice calls to trick victims into revealing personal information. “AI-assisted attacks can be automated, which makes traditional security systems struggle to keep up. As such, fintech companies in Vietnam must proactively adopt advanced security measures to protect their operations and customer trust,” said Associate Professor Pham Cong Hiep.

Elaborating on the “fight AI with AI” approach, he explained that artificial intelligence is a game-changer for cybersecurity in fintech. AI-powered tools are particularly effective in detecting fraud and securing financial transactions - critical components of fintech business operations.

Beyond real-time threat detection in digital transactions, AI tools help fintech firms identify fake identities and automate incident responses using robotic process automation (RPA).

For instance, deepfake technology can now mimic human faces, voices, and behaviors with astonishing accuracy, posing serious risks to electronic Know Your Customer (eKYC) processes. In response, AI tools using computer vision and deep learning can analyze subtle indicators such as unnatural eye movements, inconsistent lighting between face and background, or blurred facial features. This allows systems to automatically flag and block fraudulent identity verification attempts in real time.

How fintech firms can protect digital assets

Providing concrete recommendations, Associate Professor Pham Cong Hiep emphasized that building a company culture centered around cybersecurity, collaborating with experts, and adopting a Zero Trust architecture are essential steps for fintech companies to protect customer trust and foster sustainable growth.

Promoting cybersecurity awareness across the organization is the first priority. Transforming company culture to value cybersecurity isn’t just a technical matter - it’s a strategic imperative. This includes training employees at all levels, from frontline staff to executives, to recognize and respond to cybersecurity threats. Security measures should also be integrated into the product and service development lifecycle, ensuring cybersecurity is considered from design to deployment.

Highlighting the importance of collaboration, he added that fintech companies should work closely with regulators, cybersecurity authorities, and external security experts to develop and implement best practices for protecting sensitive financial data.

Equally important is the need to share threat intelligence with peers in the industry and participate in collaborative initiatives to tackle cybersecurity challenges collectively, thereby creating a safer ecosystem for all.

Fintech companies are also advised to adopt Zero Trust Architecture (ZTA), which operates under the principle of “never trust, always verify.” This means that all users, devices, and network traffic must be authenticated, authorized, and continuously monitored before gaining access to sensitive data.

“Even if a user or device is inside the corporate network, Zero Trust ensures access is only granted after rigorous verification. This is especially crucial in an era where cybercriminals are using increasingly sophisticated techniques to bypass traditional defenses,” emphasized Associate Professor Pham Cong Hiep.

Van Anh