EXECUTIVES of G-Xchange Inc. said they will cooperate with regulatory bodies in their probe into the anomalous fund transfers that GCash users reported last week.
The National Privacy Commission (NPC) has ordered an investigation into the incident for any “potential data breach,” while the Bangko Sentral ng Pilipinas (BSP) is probing to “get to the bottom of this incident and determine the facts to guide appropriate action.”
“We have been in constant coordination with the authorities and regulatory bodies like the BSP and the NPC in providing the necessary information required of us,” read a statement by G-Xchange.
The wholly owned subsidiary of Globe Fintech Innovations Inc. maintainted “there was no hacking nor glitch that occurred in the GCash platform.”
The firm explained that the incident last May 8, “was a deliberate phishing attempt that happened outside of the GCash app.”
“Some users may have unknowingly shared their information to suspicious sites masked as legitimate brands or institutions. Upon detection of these unusual transactions, [we] immediately activated security protocols, and deployed preventive security measures,” the statement by G-Xchange read. “This swift action enabled us to mitigate the impact to our customers, which was why we were able to correct their e-wallet balances immediately within 24 hours.”
As early as May 7, GCash users saw deductions from their e-wallets with funds being transferred to an East West Banking Corp. (PSE:EW) account that ends with 5239.
EW’s statement last week said the lender “has been made aware of news reports regarding unauthorized cash transfers from GCash into allegedly certain EW account.”
“EW immediately acted on these reports and initiated its own internal investigation,” the lender said. “Rest assured that we are cooperating with authorities and other institutions involved in the said report. We are working towards the immediate resolution of this matter.”
“We placed the app on extended preventive maintenance in order to ensure we’ve exerted all means necessary to mitigate the impact of this incident. Majority of our customers put their hard-earned money on GCash and rely on it for their everyday transactions. No preventive measures are too much if it is meant to protect all hardworking customers that placed their trust on GCash,” the statement read.
It added that the system downtimes are “proactive efforts” that are “in compliance with global cybersecurity standards and in line with our commitment as a financial services provider regulated by the BSP.”
“We remain steadfast in ensuring the protection of our customers’ funds and data as we continue to invest in the latest cybersecurity technologies and capabilities,” the statement by G-Xchange read.
It added the company is coordinating with authorities in “intensifying efforts in going after scammers and fraudsters.”
“We enjoin the NPC in reinforcing efforts to educate everyone on the importance of being vigilant in securing their personal information. The safety and security of all our customers remain our topmost priority. We will not stop working with the authorities as we endeavor to eliminate fraudsters as our common enemy,” the firm’s statement read.
The firm also called on customers to practice good cyber hygiene, reminding them to “never share their” one-time personal identification number and mobile pin with anyone.