A man types on a computer keyboard in this illustration picture taken on Feb. 28, 2013. — REUTERS/KACPER PEMPEL/FILE PHOTO
By Luz Wendy T. Noble, Reporter
THE BANGKO SENTRAL ng Pilipinas (BSP) is looking into complaints posted on social media platforms by some bank customers who claimed their accounts were hacked and their funds stolen.
BSP Governor Benjamin E. Diokno said the central bank is closely working with BDO Unibank, Inc. and UnionBank of the Philippines, Inc. to take remedial measures, including reimbursement of affected bank customers.
“The BSP will do everything to ensure the safety and integrity of the financial system as well as the protection of financial consumers,” he told reporters via Viber.
Mr. Diokno said the BSP has been monitoring a “surge” in complaints posted on social media platforms since earlier this week.
BDO in a statement on Sunday said they are aware of a “sophisticated” fraud technique that affected some of clients and that additional security controls have been implemented.
“We assure our affected innocent clients that we will reimburse their losses,” the country’s largest lender said.
Some Facebook users, who claimed to be BDO clients, recently posted screenshots of allegedly unauthorized fund transfers from their accounts to UnionBank accounts.
The Aboitiz-led lender has already frozen accounts that allegedly received the funds, UnionBank President and Chief Executive Officer Edwin R. Bautista said.
“Several accounts have been frozen and investigated. We will not hesitate to take legal action against individuals (that) use their accounts to facilitate criminal activities,” Mr. Bautista said in a text message.
He said UnionBank will return the funds from the frozen accounts to BDO, “after due investigation.”
Social media posts by some BDO account holders showed the funds were allegedly transferred to a certain Mark Nagoyo’s UnionBank account.
UnionBank Chief Technology and Operations Officer Henry Rhoel R. Aguda said this could be a fake name used by potential money mules.
“I can assure you Mark Nagoyo is not an account holder of UnionBank. When you use InstaPay, you have to use a name, and sometimes its fictitious. But we’re trying to investigate right now,” he said in a phone call.
Mr. Aguda said they are also coordinating with other financial institutions for the funds that were transferred outside their bank.
In a separate statement, the Bankers Association of the Philippines (BAP) President Jose Arnulfo A. Veloso urged the public to be vigilant amid the rise of cybercrimes.
“Whenever you encounter a cybercriminal, immediately report it to your respective banks and the police. This is so we can work together to take down cybercriminals, such as the fake bank websites they are using to trick others,” Mr. Veloso said in a statement.
He also reminded the public to ensure they keep their personal information confidential.
For its part, BDO said it required all online banking users to update their passwords.
“We at BDO are continuously investing and working towards improving our security infrastructure to protect our clients’ money. While we have put back-end measures in place, we appreciate our clients’ continued vigilance to combat fraud,” the lender said.
Earlier, BAP Cybersecurity Committee Vice Chair Ramon L. Jocson said banking fraud losses could have reached more than P1 billion so far this year, with volumes already three times higher than what was seen in 2019.
BSP Deputy Governor Chuchi G. Fonacier said they are set to issue regulations on fraud management systems of financial institutions to strengthen their cybersecurity capabilities.
“With the rise in cyber-related incidents, supervised banks and financial institutions are expected to employ more robust systems to protect their data and operations for continuous delivery of financial products and services,” Ms. Fonacier said at an online event held by the Chamber of Thrift Banks on Friday.
Mr. Diokno has earlier said that a major cyberattack could affect the stability of the financial system, stressing the BSP will remain vigilant against new cyberthreats.