Banks told: To fight cybercrime, ‘personalize’ messages to clients | Inquirer Business
Close  
BSP ALSO ASKS FIRMS TO REMOVE ‘CLICKABLE LINKS’

Banks told: To fight cybercrime, ‘personalize’ messages to clients

To guard consumers against fraud and cyberattacks, the Bangko Sentral ng Pilipinas (BSP) has ordered banks and other financial firms to ramp up security measures, especially when sending text messages or emails to clients.

The central bank said that as financial transactions increasingly shift to digital channels, BSP-supervised companies must adopt robust control measures against cyber fraud and attacks on retail electronic payments and financial services.

ADVERTISEMENT

In particular, SMS or text messages as well as emails that financial firms send to customers in relation to their banking services must be personalized rather than in a generic form.

Related to this, the BSP advises financial firms to remove clickable links in communications sent to customers.

FEATURED STORIES

A basic measure is to send notifications to customers through registered mobile numbers or email addresses when requesting changes to customer information.

This is important in that banks, after thorough risk analysis, should implement mandatory notifications for fund transfers that exceed a predefined amount, delays in activating new security tokens or new device registrations, and a cooling-off period for key account changes.

Restrict critical info

Banks should also restrict officers or representatives from obtaining critical information such as customer passwords, one-time passwords or personal information numbers.

Further, financial firms must create dedicated customer assistance teams for fraud cases, conduct education campaigns against online scams and adopt strong fraud surveillance mechanisms.

These are all spelled out in BSP Memorandum No. 2022-015, issued last March, which requires banks to regularly conduct risk assessments of their product features, business rules and application controls.

According to BSP Governor Benjamin Diokno, the BSP had observed that cyberattacks and fraudulent schemes affect two or more financial institutions at the same time.

“These [affected entities] include the originating and receiving banks, as well as nonbank financial institutions such as e-money issuers, virtual asset service providers and remittance companies,” Diokno had said.

Read Next
Don't miss out on the latest news and information.

Subscribe to INQUIRER PLUS to get access to The Philippine Daily Inquirer & other 70+ titles, share up to 5 gadgets, listen to the news, download as early as 4am & share articles on social media. Call 896 6000.

TAGS: banks, cybercrime
For feedback, complaints, or inquiries, contact us.


© Copyright 1997-2022 INQUIRER.net | All Rights Reserved

We use cookies to ensure you get the best experience on our website. By continuing, you are agreeing to our use of cookies. To find out more, please click this link.