After the spate of fraudulent online transactions that affected “close to 700” clients of BDO Unibank last weekend, the Bangko Sentral ng Pilipinas has formed a task force look into the extent of the incident and provide remedial measures and recommendations to prevent a recurrence.
“We are forming a task force composed of cyber and anti-money laundering specialists and legal officers to determine the root causes and possible lapses in this incident,” BSP Governor Benjamin Diokno said.
The BDO clients were hit by what was described as a “sophisticated fraud technique” perpetuated through its 10-year-old online banking platform that is due for phase out early next year. Some affected customers reportedly did not click on any links nor were they asked to supply sensitive information.
The central bank chief said getting to the bottom of this incident would require “a complex cyber forensic investigation to determine actual number of affected customers and how much they have lost.” He has also received assurances from BDO that affected customers would be reimbursed for their losses.
The central bank will also investigate the incident to identify vulnerabilities and noncompliance with expectations in managing cyber and anti-money laundering risks.
The Aboitiz-led Union Bank of the Philippines has also frozen around P5 million from “mule accounts” used as vehicles by the cybercriminals who stole money from the BDO accounts.
As an industry based on trust, banking relies on it even more as we transition towards digitalization. Incidents like the one last weekend that hit BDO is damaging not only for the affected parties, but also for the industry in general, as the BSP has been encouraging the shift to online modes of banking and digital wallets. This is a sobering warning for the industry to shore up their defenses, cyber or otherwise, in order to prop up the trust that is necessary for sector to thrive.
Ensuring that perpetrators are tracked down and brought to justice will go a long way in restoring that trust in the system. At the same time, the country’s banks must constantly improve their systems and defenses to ensure clients assets are protected and such incidents cannot happen again.*
