Banks, fintech firms to freeze accounts of text scammers

SCAM TARGET Mobile phone users have been advised to be paranoid in dealing with text messages from unknown senders who may be stealing sensitive information by offering nonexistent job opportunities via SMS. —NIÑO JESUS ORBETA

MANILA, Philippines — Banks and financial technology (fintech) companies such as GCash will try to freeze the accounts of scammers and their accomplices as part of measures to stop the text scams currently pestering Filipino mobile users, National Privacy Commission (NPC) Chair Raymund Liboro said in a phone interview.

In the case of e-wallet GCash, Liboro said the company has already implemented the 72-hour quick-freeze policy.

He said it was easier in the case of mobile-linked e-wallets because the phone number is the account number as well.

The direction of the NPC, he said, was for everyone to work toward cutting the financial bloodline of the scammers by freezing their bank accounts as well as those of their so-called mules, or people who allow the scammers to use their bank accounts as depositories of the stolen money in exchange for a fee.

Everyone must work toward “cutting the head” as well as “cutting the tail,” Liboro said.

Since Tuesday, Liboro noted that 40 suspicious domains have been blocked by Smart.

The host of some of the spammers has likewise been traced by the telcos—one was based in India and another in China—bolstering the NPC’s earlier statement that the spate of SMS scams had been perpetrated by a global criminal syndicate.

This is the “head” of the syndicate while the financial bloodline is the “tail,” Liboro said.

Aggregators next

After meeting with telcos, e-commerce sites such as Lazada and Shopee and financial institutions to curb SMS-based scams, Liboro said the NPC would next summon data aggregators, an industry that may have contributed to this text scam phenomenon.

Asked how scammers were able to use the telco infrastructure, Liboro said that one possibility was through these aggregators, usually research firms commissioned to gather contact data from multiple sources. In turn, the companies tapping their services use the data to boost their sales, or for marketing and research and development activities.

Liboro said the criminals could have used the services of some data aggregators in getting hold of thousands of mobile numbers.

“We realize it’s a complex chain of data transfers before it becomes SMS and data aggregators have a role,” he said.

Liboro said the data aggregators would be summoned to shed light on this SMS scam phenomenon.

Roadblocks

At the meeting called by the NPC on Wednesday, Liboro said the big telecom companies also committed to improve the sharing of intelligence and speed up their reaction time to text scams by using the network of data privacy officers (DPOs) that they were mandated to appoint.

He said the participants likewise discussed regulatory roadblocks to the speedy action in resolving the current text scam, including antiquated National Telecommunications Commission circulars that required approvals before telcos could take certain measures. He did not elaborate.

On the part of financial institutions, Bankers Association of the Philippines (BAP) executive director Benjamin Castillo said the banking industry—like other covered institutions—had long been required to designate a DPO.

He said the BAP has since then organized an Association of Bank Privacy Professionals (ABPP), made up of people who were specifically trained on privacy laws and regulations, and would soon have its own certification program. ABPP is also the dialogue partner of the NPC.

“Meanwhile, banks continue to remind clients to be vigilant,” Castillo said. “The banks guard customer data like most valuable assets.”

On the NPC’s proposal for call attestation—or the vetting of the accounts used for legitimate marketing activities—Liboro said Smart Communications said it was “technically feasible.”

The NPC had earlier dismissed speculation that the phone numbers were obtained by the scammers from contact-tracing forms used in containing the pandemic, saying the criminal activity was orchestrated by international syndicates.

PLDT and Smart chief information and security officer Angel Redoble said the telco has been blocking 400 to 500 mobile numbers connected to SMS hoaxes and scams daily from Oct. 21 to Nov. 20 this year.

In the meantime, Redoble urged people “to be very paranoid and to never share sensitive information especially with strangers no matter how enticing the offer may sound.”

Read more...