1. Introduction
Amidst rapid digital transformation, online banking services in Vietnam are experiencing strong growth in both scale and usage. According to the State Bank of Vietnam (2024), by the end of 2024, over 87 % of adults will have bank payment accounts, and over 95 % of transactions at many commercial banks will be conducted through digital channels. However, the digitalization process also increases the risk of personal information security breaches. A report by the National Cybersecurity Association (2024) shows that 46.15 % of agencies and organizations in Vietnam experienced at least one cyberattack in a year, with common forms including phishing, malware, and bank application impersonation. Simultaneously, a survey by B2B International and Kaspersky Lab (2016) showed that 55.5 % of users were concerned about the risk of fraud when conducting online banking transactions, and 68.5 % would use the service more if security measures were better ensured. This practice shows that personal information security is becoming a major challenge in the digital transformation process of the banking industry. Therefore, the research topic « The impact of digital transformation on personal information security in online banking services» is of significant importance in evaluating the impact of digital transformation on customer information security, thereby proposing solutions to improve information security and promote sustainable development of digital banking in Vietnam.
2. Literature Review and Theoretical Foundation
2.1. Literature Review
Studies both in Vietnam and abroad on the impact of digital transformation on personal data security in online banking services show that digital transformation creates opportunities to improve banking efficiency while also increasing risks related to customer data security. Many studies affirm that the application of digital technology, e-banking, and online platforms helps improve service quality, increase access to finance, and enhance customer experience (Nguyen Quoc An et al., 2021; Luong Van Hai, & Nguyen Thi Hong Lan, 2022). However, along with the development of digital banking, risks such as online fraud, personal data theft, cyberattacks, and information leaks are increasing (Saqib Saeed et al., 2023; Md Waliullah et (State Bank of Vietnam, 2024) al., 2025). Studies have also focused on analyzing various factors affecting personal data security in the context of digital transformation, such as security technology, information security policies, customer risk perception, digital skills of bank employees, and customer trust in online banking services (Vo Thi Ngoc Ha, 2023; Tran Linh Anh et al., 2024; Juan-Gabriel, 2023). However, most current studies mainly consider each factor individually without comprehensively analyzing the impact of digital transformation on personal data security in online banking services within a unified research model.
2.2. Theoretical basis and general issues regarding digital transformation and personal information security in online banking services
Theoretical basis : The research is built on the application of fundamental theories including: Theory of Reasoned Action (TRA), Technology Acceptance Model (TAM), Theory of Perceived Risk (TPR), and e-Commerce Acceptance Model (e-CAM). Specifically, TRA and TAM help explain customer behavior in accepting and using digital banking services through factors such as perception, attitude, usefulness, and ease of use of technology. TPR clarifies the impact of perceived risks such as online fraud, data theft, and privacy violations on the behavior of using online banking services. Simultaneously, e-CAM allows for the assessment of the relationship between the benefits of digital transformation and security risks in the electronic transaction environment.
Digital transformation : Digital transformation is the process of applying and integrating digital technology into all organizational operations to create fundamental changes in operating models, processes, and the way value is delivered to customers.
In the banking sector, digital transformation is the process by which commercial banks apply digital technology to digitize operations, restructure business models, and develop online banking services such as Internet Banking, Mobile Banking, and digital banking to improve operational efficiency and customer experience.
Personal information security in online banking services: Personal Information Security (PIS) is understood as protecting individuals' personal data and information from unauthorized access, leakage, theft, alteration, or misuse in the digital environment.
Personal Information Security in online banking services is the process of protecting customers' personal data and transaction information from the risks of unauthorized access, theft, or misuse in the digital transaction environment, through a combination of technological, governance, and legal solutions to ensure transaction security, maintain customer trust, and support the sustainable development of digital banking
3. Research methodology
The research was conducted in two stages: qualitative and quantitative research, with a focus on analyzing survey data to assess the impact of digital transformation on personal information security in online banking services. Qualitative research was conducted by synthesizing research works, scientific articles, and reports related to digital transformation, online banking, and personal data security to build a research model and hypotheses. Simultaneously, the research team conducted interviews with experts in the banking and information security fields to refine the measurement scale and complete the survey questionnaire.
Quantitative research was conducted through a survey using a Google Form questionnaire designed for customers who have used or are currently using online banking services in Vietnam. The questionnaire consisted of two parts: (i) personal information and online banking usage behavior; and (ii) evaluation of factors affecting personal data security using a 5-point Likert scale, from “1: strongly disagree” to “5: strongly agree”. The research team distributed 300 questionnaires; after eliminating invalid responses, 283 valid responses were used for analysis. The collected data was coded and processed using SPSS 20 software through the following steps: reliability testing of the measurement scale using Cronbach's Alpha, exploratory factor analysis (EFA), and regression analysis to test research hypotheses and determine the impact of digital transformation factors on the security of personal information in online banking services.
4. Research Model and Methodology
Based on previous studies and theoretical frameworks related to digital transformation, information security, and online banking, the study proposes the following hypotheses:
H1: Security technology has a positive impact on the security of personal information in online banking services.
H2: The level of security professionals has a positive impact on the security of personal information in online banking services.
H3: Digital information security policies have a positive impact on the security of personal information in online banking services.
H4: Customer risk perception has a positive impact on the security of personal information in online banking services.
H5: The level of digital transformation application in banking services has a positive impact on the security of personal information in online banking services.
Fig. 1. Research Model. Source: Author's suggestion
4. Research Results
4.1. Characteristics of the Survey Sample
Table 1
Descriptive Statistics of the Research Sample
|
Criteria |
Content |
Number of respondents (People) |
Percentage (%) |
|
Gender |
Male |
132 |
46.64 |
|
Female |
148 |
52.30 | |
|
Other |
3 |
1.06 | |
|
Age |
16–25 years old |
223 |
78.80 |
|
26–35 years old |
26 |
9.19 | |
|
36–45 years old |
25 |
8.83 | |
|
Over 45 years old |
9 |
3.18 | |
|
Occupation |
Student |
190 |
67.14 |
|
Employed |
59 |
20.85 | |
|
Self-employed |
30 |
10.60 | |
|
Other |
4 |
1.41 | |
|
Average monthly income |
No income |
93 |
32.86 |
|
Under VND 5 million |
88 |
31.10 | |
|
From VND 5 million to under VND 10 million |
45 |
15.90 | |
|
From VND 10 million to under VND 20 million |
35 |
12.37 | |
|
Over VND 20 million |
22 |
7.77 |
Source: Compiled by the author
The study sample consisted of 283 customers using online banking, with 52.3 % being female and 46.6 % male, indicating a relatively balanced gender distribution. The 16–25 age group accounted for the highest percentage at 78.8 %, mainly students (67.1 %) and individuals with incomes below 5 million VND or no income. This reflects the study's focus on young customers who are tech-savvy and frequently use digital banking services. Furthermore, all participants were using online banking, so the survey results are highly relevant to the research objective of personal data security in the context of digital transformation in banking.
The majority of customers had been using online banking for 3 years or more, with 74.9 % conducting daily transactions. Transactions were primarily under 5 million VND, focusing on money transfers, payments, and online shopping. Furthermore, customers are particularly concerned about the security of their personal information and transaction security, while still harboring concerns about data leaks and security incidents. This pattern aligns with research findings, as factors such as security technology, risk perception, and the level of digital transformation all significantly impact customers' perceptions of personal information security.
4.2. Cronbach’s alpha reliability test
The Cronbach’s Alpha test results show that all scales achieve good reliability with Alpha coefficients ranging from 0.825 to 0.892, exceeding the required threshold of 0.7. Simultaneously, all observed variables have total variable correlation coefficients greater than 0.3, and no variables need to be removed.
Specifically, the Information Security Policy scale has the highest Cronbach’s Alpha coefficient at 0.892, followed by Digital Transformation Application Level at 0.878 and Personal Information Security at 0.854. The remaining scales, including Security Technology, Security Professional Qualification, and Security Risk Awareness, all achieve good reliability. Therefore, all scales are retained for further EFA analysis.
4.3. Exploratory Factor Analysis (EFA)
EFA for Independent Variables
The KMO and Bartlett test results show that the data is suitable for EFA analysis, with a KMO coefficient of 0.838 and a Bartlett test significance level of 0.000. EFA analysis extracted 5 factors with a total extracted variance of 68.811 %, indicating that the factors explain the data's variability well.
After rotating the factors using the Varimax method, all observed variables had factor loading coefficients greater than 0.5 and converged correctly into the original theoretical factor groups: Digital transformation adoption level, Information security policy, Security technology, Security professional qualifications, and Information security risk perception. No significant cross-loading was observed, so all observed variables were retained for the next analysis step.
EFA for the Dependent Variable
For the dependent variable Personal Information Security, the KMO coefficient was 0.824 and the Bartlett Sig. was 0.000, indicating that the data met the conditions for EFA analysis. The results extracted a single factor with an extracted variance of 69.619 %. All observed variables had factor loading coefficients greater than 0.8, reflecting good convergence of the scale.
Pearson Correlation Analysis
The results of the Pearson analysis showed that all independent variables had a positive correlation with the dependent variable Personal Information Security and were statistically significant. Among them, Information Security Risk Perception had the strongest correlation with the dependent variable, followed by Security Technology and Security Professional Qualification.
The correlation coefficients between the independent variables were low to medium and did not exceed the multicollinearity warning threshold. Therefore, the variables are suitable for inclusion in the multiple linear regression model.
Multiple Linear Regression Analysis
The regression results show that the model has an adjusted R2 coefficient of 0.322, meaning that the independent variables explain 32.2 % of the variation in the dependent variable. The Durbin-Watson index is 1.531, indicating that the model does not have residual autocorrelation.
The ANOVA test yielded a Sig. = 0.000 result, proving that the regression model is appropriate and statistically significant. At the same time, all five independent variables have a positive impact on personal information security.
Among the research factors, Information Security Risk Perception has the strongest impact on personal information security, followed by Security Technology, Level of Digital Transformation Application, Security Professional Qualification, and Information Security Policy. All VIF coefficients are less than 2, indicating that the model does not exhibit multicollinearity.
The research results show that in addition to investing in security technology, banks need to raise customer awareness of security risks to enhance the effectiveness of protecting personal information in the digital banking environment.
Analysis of the impact of the control variable on the dependent variable
The results of the Independent Samples T-Test show that there is a statistically significant difference in the perception of personal information security between the group of customers who have experienced security incidents and the group who have not. The group that has experienced incidents has a higher level of concern and assessment of security.
Table 2
Analysis of multiple regression results
|
Coefficients a | |||||||||
|
Model |
Unstandardized Coefficients |
Standardized Coefficients |
t-value |
Sig. |
Collinearity Statistics | ||||
|
B |
Std. Error |
Beta |
Tolerance |
VIF | |||||
|
1 |
(Constant) |
-.337 |
.328 |
-1.026 |
.306 | ||||
|
CN |
.217 |
.052 |
.225 |
4.165 |
.000 |
.821 |
1.218 | ||
|
NV |
.137 |
.053 |
.135 |
2.558 |
.011 |
.859 |
1.164 | ||
|
AT |
.142 |
.055 |
.130 |
2.584 |
.010 |
.951 |
1.052 | ||
|
NT |
.278 |
.056 |
.279 |
4.949 |
.000 |
.758 |
1.319 | ||
|
CĐS |
.166 |
.059 |
.142 |
2.824 |
.005 |
.951 |
1.052 | ||
|
a: Dependent Variable: BM | |||||||||
Source: Data compilation results from the authors' team
ANOVA test results show that having experienced a security incident does not create a statistically significant difference in demographic characteristics and online banking behavior of customers. This indicates that security incidents primarily affect users' perceptions and psychology rather than changing their actual usage behavior.
Standardized regression model
BM = 0,225 * CN + 0,135 * NV + 0,130 * AT + 0,279 * NT + 0,142 * CĐS + ε
The regression results show that all five research hypotheses are accepted. Specifically, awareness of information security risks is the strongest influencing factor on personal information security, followed by security technology, the level of digital transformation, security expertise, and finally, information security policies. This implies that, in addition to investing in technology, banks need to enhance customer education on risk identification and self-protection skills to improve overall security effectiveness.
5. Discussion of Results and Some Recommendations to Enhance Personal Information Security in Online Banking Services in the Context of Digital Transformation
5.1. Discussion of Results
The regression results show that all five factors have a positive impact on personal information security in online banking services, with an adjusted R² of 0.322. This indicates that the level of information security depends not only on the bank's technical system but also significantly on the awareness and behavior of customers in the digital environment.
Customer risk perception is the factor with the strongest impact, with Beta = 0.279 and Sig. = 0.000. This result shows that the human factor plays a crucial role in protecting personal information. When customers understand risks such as website impersonation, OTP fraud, or account theft, they tend to be more cautious in online transactions, thus reducing the likelihood of security risks. This implies that, in addition to investing in technology, banks need to enhance communication and improve security skills for users.
Security technology has the second largest impact with Beta = 0.225 and Sig. = 0.000, reflecting that technologies such as biometric authentication, OTP codes, data encryption, and unusual transaction alerts play a direct role in enhancing customer trust. This result shows that in the context of increasingly popular online transactions, the ability to protect accounts and personal data strongly influences users' sense of security.
The level of digital transformation adoption has Beta = 0.142 and Sig. = 0.005, indicating that the digitalization process of banks not only enhances transaction convenience but also contributes to improving the control and monitoring of security risks. This reflects that digital transformation, if implemented synchronously, will support the improvement of information security management efficiency in banks.
The skill level of security personnel has a Beta of 0.135 and a Sig. of 0.011, showing that the competence of technical staff directly affects the operational efficiency of the system and the handling of security incidents. This implies that high-quality human resources are essential to ensure information security in the digital banking environment.
Information security policies have the lowest impact, with a Beta of 0.130 and a Sig. At a statistically significant level of 0.010, this result still shows a statistically significant difference. This demonstrates that the bank's security regulations and mechanisms still play a fundamental role in controlling risk and building customer trust; however, their actual effectiveness depends on the level of implementation and enforcement during operations.
The T-test results show a difference in information security awareness between the group that experienced a security incident and the group that did not, with a statistical significance level of 0.033. The group that experienced the incident had a higher average rating (3.0760 vs. 2.8343), indicating that real-world experience with risk has made customers more aware and proactive in protecting their personal information. This suggests that security incidents have a significant impact on user awareness and behavior.
Meanwhile, the analysis of variance (ANOVA) results showed no statistically significant differences by gender, age, occupation, or income (statistical significance level > 0.05). This reflects that security risks in online banking are a common issue for all customer groups, not just a specific group of users.
5.2. Some Recommendations to Enhance Personal Information Security in Online Banking Services in the Context of Digital Transformation
Research results show that customer risk awareness is the strongest factor affecting personal information security. Therefore, banks need to strengthen communication and education activities for customers on information security in the digital environment. Communication content should focus on identifying common forms of fraud such as website impersonation, fraudulent phone calls impersonating banks, malicious links, OTP code theft, and account hijacking. At the same time, banks need to regularly update security warnings on their applications, websites, and digital platforms to enhance customers' risk prevention capabilities.
In addition, banks need to continue investing in and upgrading security technology to meet the safety requirements of the digital transformation process. Solutions such as multi-factor authentication, biometrics, data encryption, artificial intelligence in detecting unusual transactions, and real-time alert systems need to be implemented synchronously. Simultaneously, banks need to strengthen regular system checks and reviews to detect security vulnerabilities early and limit the risk of customer data leaks. To achieve digital transformation, banks need to build a synchronized, stable, and highly risk-manageable technology infrastructure. Digitalization of services must be accompanied by data governance mechanisms and customer privacy protection to minimize risks arising in the online environment. Furthermore, the application of artificial intelligence and big data in transaction monitoring needs to be promoted to enhance fraud detection and early warning of security risks.
Banks also need to focus on developing human resources specializing in information security. Regular training for security, technical, and customer service staff will contribute to improving incident handling capabilities and customer support in risky situations. Simultaneously, banks need to develop rapid response procedures for security incidents to minimize damage and maintain customer trust.
Furthermore, banks need to refine their information security policies to ensure transparency, accessibility, and regular updates to reflect changes in digital technology. Regulations related to personal data protection, transaction authentication, and incident handling should be clearly published so that customers understand and proactively cooperate in using online banking services.
On the regulatory side, the State Bank of Vietnam and relevant agencies need to continue improving the legal framework related to personal data protection and information security in the digital banking sector. At the same time, it is necessary to strengthen inspection and supervision of security activities at commercial banks, as well as build a coordination mechanism between banks, technology companies, and cybersecurity agencies to effectively prevent and handle high-tech fraud cases.
References:
- B2B International, & Kaspersky Lab. (2016). Measuring the Financial Impact of IT Security on Businesses. https://www.kaspersky.com/blog/security_risks_report_financial_impact/
- Juan-Gabriel. (2023). Resilience in healthcare systems: Cyber security and digital transformation. https://econpapers.repec.org/article/eeetechno/v_3a121_3ay_3a2023_3ai_3ac_3as0166497222001304.htm
- Luong Van Hai, & Nguyen Thi Hong Loan. (2022). Digital Transformation in Vietnamese Commercial Banks: Current Situation and Solutions. https://jshou.edu.vn/houjs/article/view/165
- Md Waliullah et al. (2025). Assessing the influence of cybersecurity threats and risks on the adoption and growth of digital banking: a systematic literature review. https://ajates-scholarly.com/index.php/ajates/article/view/12
- Nguyen Quoc An et al. (2021). Digital Transformation: The Impact of Information Technology Applications on the Risks of Commercial Banks. https://digital.lib.ueh.edu.vn/handle/UEH/62539
- Saqib Saeed et al. (2023). Digital Transformation and Cybersecurity Challenges for Business Resilience: Issues and Recommendations. https://www.mdpi.com/1424–8220/23/15/6666
- State Bank of Vietnam. (2024). Banking sector prioritizes people in digital transformation. https://en.vietnamplus.vn/banking-sector-prioritizes-people-in-digital-transformation-post288254.vnp
- Tran Linh anh et al. (2024). Digital Transformation: The Impact of Information Technology Applications on the Risks of Commercial Banks. https://vjol.info.vn/index.php/js/article/view/96361
- Vo Thi Ngoc Ha. (2023). Digital transformation in the banking industry. https://journal.yersin.edu.vn/Data/Upload/MagazineArticle/19/1. %20Vo %20Thi %20Ngoc %20Ha %20- %20QLKT %20 %281–11 %29.pdf
