Banks told: To fight cybercrime, ‘personalize’ messages to clients | Inquirer Business
BSP ALSO ASKS FIRMS TO REMOVE ‘CLICKABLE LINKS’

Banks told: To fight cybercrime, ‘personalize’ messages to clients

To guard consumers against fraud and cyberattacks, the Bangko Sentral ng Pilipinas (BSP) has ordered banks and other financial firms to ramp up security measures, especially when sending text messages or emails to clients.

The central bank said that as financial transactions increasingly shift to digital channels, BSP-supervised companies must adopt robust control measures against cyber fraud and attacks on retail electronic payments and financial services.

In particular, SMS or text messages as well as emails that financial firms send to customers in relation to their banking services must be personalized rather than in a generic form.

Article continues after this advertisement

Related to this, the BSP advises financial firms to remove clickable links in communications sent to customers.

FEATURED STORIES

A basic measure is to send notifications to customers through registered mobile numbers or email addresses when requesting changes to customer information.

This is important in that banks, after thorough risk analysis, should implement mandatory notifications for fund transfers that exceed a predefined amount, delays in activating new security tokens or new device registrations, and a cooling-off period for key account changes.

Article continues after this advertisement

Restrict critical info

Banks should also restrict officers or representatives from obtaining critical information such as customer passwords, one-time passwords or personal information numbers.

Article continues after this advertisement

Further, financial firms must create dedicated customer assistance teams for fraud cases, conduct education campaigns against online scams and adopt strong fraud surveillance mechanisms.

Article continues after this advertisement

These are all spelled out in BSP Memorandum No. 2022-015, issued last March, which requires banks to regularly conduct risk assessments of their product features, business rules and application controls.

According to BSP Governor Benjamin Diokno, the BSP had observed that cyberattacks and fraudulent schemes affect two or more financial institutions at the same time.

Article continues after this advertisement

“These [affected entities] include the originating and receiving banks, as well as nonbank financial institutions such as e-money issuers, virtual asset service providers and remittance companies,” Diokno had said.

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

TAGS: banks, cybercrime

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.