Leak alarms banks; BSP urges tighter measures
Banks and monetary authorities are stepping up security measures after a massive leak from the database of the Commission on Elections (Comelec) earlier this month that exposed more than 55 million Filipinos to fraud and other risks.
Bangko Sentral ng Pilipinas (BSP) Deputy Governor Nestor A. Espenilla Jr. said in a text message on Friday that the Comelec data leak was “a serious concern.”
Espenilla said the BSP had ordered banks to be “more alert in establishing the true identity of customers.”
“Customer identification procedures of BSP-supervised financial institutions that rely on static information which may be obtained from the disclosed Comelec records should be supplemented by requests for additional proof or secondary information to establish the true identity of new and existing clients,” Espenilla said in a memorandum to banks.
The Bankers Association of the Philippines (BAP) advised its member-banks to implement safeguards to protect their clients from abuse of leaked information.
“The recent breach in the Commission on Elections database has caused vital information of voters’ personal data, such as address, mother’s maiden name and other information to be made available online,” BAP executive director Cesar Virtusio said in a memo to the group’s member-banks.
“Since most banks use these personal information for verification purposes, we strongly encourage . . . [you to] perform the necessary modifications and switch on your security backup systems for your online account recovery protocols and other critical processes that may be affected,” he said.
Banks are stepping up online security measures to protect their customers, according to East West Banking Corp. president and chief executive Antonio C. Moncupa Jr.
“Online security is a continuing effort. Banks constantly exert efforts to update their security software and protocols. On the other hand, cybercriminals also exert efforts to overcome bank security. So banks redouble efforts in reaction,” Moncupa said.
“Banks also are careful that they have competent and trustworthy people to man their IT (information technology) systems,” he added.
But customers should take precaution, he said.
“Ensure passwords are kept well. Be careful not to open e-mail from unknown senders, keep credit card [details] always safe, and be careful when giving information on Web purchases. And please cooperate with your bank when they update and do adjustments to improve online security and customer identification verification processes,” Moncupa said.
Banco de Oro (BDO) Unibank president Nestor Tan said BDO would change its customer identity validation system.
“We have to change the way we validate customer identity. In fact, early this morning, there was a group that met to address that,” Tan said.
But Tan declined to say what changes BDO would make, saying “some of these security processes are probably better left unknown to potential fraudsters.”
He said, however, that BDO was looking at the possibility of adding biometrics to its customer identification process.
Security Bank president Alfonso Salcedo advised the bank’s clients to change their passwords immediately.
“And don’t use info [that was already] compromised, such as your mother’s maiden name,” Salcedo said.
Tips from China Bank
The IT security office of China Banking Corp. gave the following tips:
Keep personal information off social media.
Always think before you post anything on social media, as you might provide other indirect sensitive information about you, such as location and accessibility.
Enable or subscribe to text and e-mail notifications and alerts of your financial services institution.
Always monitor the activity of your online accounts.
Do not use the same password for online banking and nonbanking accounts.
Do not surf the Web while accessing online banking accounts.
Ensure that only your online banking site is open.
Install antivirus and firewall on your computer and keep all your software up to date.
Use a strong password and change it regularly.
Do not do sensitive transactions via public networks/Wi-Fi.
The Credit Card Association of the Philippines (CCAP) also urged card users to take extra precaution.
“[The] CCAP reminds the public to be vigilant in protecting their personal and credit card information and details,” the group said in a statement.
“Be wary of providing your personal or credit card information to third parties. In case of doubt, please call your credit card company,” it said.
The CCAP said it member-banks had “strong controls in place to prevent fraud via misuse of personal information.”