Banks told: To fight cybercrime, ‘personalize’ messages to clients | Inquirer Business
BSP ALSO ASKS FIRMS TO REMOVE ‘CLICKABLE LINKS’

Banks told: To fight cybercrime, ‘personalize’ messages to clients

To guard consumers against fraud and cyberattacks, the Bangko Sentral ng Pilipinas (BSP) has ordered banks and other financial firms to ramp up security measures, especially when sending text messages or emails to clients.

The central bank said that as financial transactions increasingly shift to digital channels, BSP-supervised companies must adopt robust control measures against cyber fraud and attacks on retail electronic payments and financial services.

In particular, SMS or text messages as well as emails that financial firms send to customers in relation to their banking services must be personalized rather than in a generic form.

ADVERTISEMENT

Related to this, the BSP advises financial firms to remove clickable links in communications sent to customers.

FEATURED STORIES

A basic measure is to send notifications to customers through registered mobile numbers or email addresses when requesting changes to customer information.

This is important in that banks, after thorough risk analysis, should implement mandatory notifications for fund transfers that exceed a predefined amount, delays in activating new security tokens or new device registrations, and a cooling-off period for key account changes.

Restrict critical info

Banks should also restrict officers or representatives from obtaining critical information such as customer passwords, one-time passwords or personal information numbers.

Further, financial firms must create dedicated customer assistance teams for fraud cases, conduct education campaigns against online scams and adopt strong fraud surveillance mechanisms.

These are all spelled out in BSP Memorandum No. 2022-015, issued last March, which requires banks to regularly conduct risk assessments of their product features, business rules and application controls.

According to BSP Governor Benjamin Diokno, the BSP had observed that cyberattacks and fraudulent schemes affect two or more financial institutions at the same time.

ADVERTISEMENT

“These [affected entities] include the originating and receiving banks, as well as nonbank financial institutions such as e-money issuers, virtual asset service providers and remittance companies,” Diokno had said.

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

TAGS: banks, cybercrime

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Curated business news

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

We use cookies to ensure you get the best experience on our website. By continuing, you are agreeing to our use of cookies. To find out more, please click this link.