THE Bangko Sentral ng Pilipinas (BSP) has mandated local banks to adopt more robust fraud management systems, based on the Central Bank’s ongoing cyberthreat surveillance activities.
In a press briefing on Thursday, BSP Governor Benjamin Diokno said they have amended the information technology (IT) risk management rules for supervised entities to further strengthen the financial system’s cybersecurity posture and minimize losses from fraud and cybercriminal activities.
“Based on its ongoing cyberthreat surveillance activities, the BSP observed that the impact of cyber-attacks and fraudulent schemes affect two or more financial institutions simultaneously,” Diokno said.
“To address this, the circular calls for complementary controls, as robust and effective fraud management systems for both originating and receiving institutions will serve as early warning mechanisms that can significantly reduce fraud losses,” he added.
Issued via Circular 1140, the new rules require BSP-Supervised Financial Institutions (BSFIs) to implement automated and real-time fraud monitoring and detection systems to identify and block suspicious or fraudulent online transactions.
“A holistic and coordinated approach among the industry players is necessary to ensure that funds cannot be easily siphoned off by fraudsters and cybercriminals,” Diokno said.
The governor also said that the expected sophistication and capabilities of banks’ fraud monitoring systems “should be commensurate” to the risks associated with their digital financial and payment platforms.
“The BSP shall continue to engage BSFIs and the wider financial community to ensure that policy frameworks and supervisory actions are effective and responsive to the changing cyberthreat landscape,” Diokno said.
Positive correlation
LAST month, AO Kaspersky Lab said its research showed a positive correlation between the adoption of digital payment methods and the awareness of the risks and threats that are associated with them in Southeast Asia (SEA).
Titled “Mapping a secure path for the future of digital payments in APAC,” the study discovered that nearly all respondents in SEA (97 percent) were aware of at least one type of threat against e-payment platforms, while almost three in four (72 percent) have personally encountered at least one type of threat associated with this technology.
“In many ways, this awareness could be attributed to the volume of media coverage about cybersecurity incidents, especially last year, and the combined efforts of governments and private sectors in boosting security awareness amidst the rise of mobile banking and e-wallet adoption in the region,” Kaspersky Lab said.
The Russian cybersecurity solutions provider said its research also showed that more than a quarter of the respondents encountered social engineering scams via texts or calls (37 percent), fake websites (27 percent), fake offers and deals (27 percent); a quarter reported receiving phishing scams (25 percent).
Remarkably, social engineering scams are the top encountered threat for most SEA countries, including Indonesia (40 percent), Malaysia (45 percent), The Philippines (42 percent), Singapore (32 percent) and Vietnam (38 percent). The only exception is Thailand where its top encountered risk is fake websites (31 percent), according to Kaspersky Lab.