Cybersecurity rules for banks tightened | Inquirer Business

Cybersecurity rules for banks tightened

By: - Reporter / @bendeveraINQ
/ 05:28 AM October 27, 2017

The Bangko Sentral ng Pilipinas is coming out with more stringent cybersecurity rules for banks which will, among others, hold the lending institutions’ top management and board members responsible for all cybersecurity concerns.

BSP Governor Nestor A. Espenilla Jr. told reporters on Wednesday that the proposed rules were undergoing legal review and would be submitted for approval to the Monetary Board, the BSP’s policymaking body, later.

“This one actually strengthens the message that at the board level, they should be paying attention to cybersecurity, because we observe that these cybersecurity concerns are left to the attention of technologists,” Espenilla said.

Article continues after this advertisement

Despite rising cybersecurity risks, Espenilla noted that such concerns were not part of most banks’ business strategies.

FEATURED STORIES

“If the top management or those in the board don’t pay attention to cybersecurity matters, they will not invest enough resources in this concern, making a bank or any financial institution fundamentally vulnerable to cybercrime,” Espenilla stressed.

Also, the enhanced rules will include prescriptive measures based on international cybersecurity standards, Espenilla added.

Article continues after this advertisement

Cyber attacks like hacking put not only sensitive information but also huge sums of money at risk. The hacking of the Bangladeshi central bank’s account from the Federal Reserve Bank of New York in February last year led to the laundering of $81 million in stolen money in Philippine casinos after entering the country through the financial system.

Article continues after this advertisement

In April, the BSP ordered all financial institutions in the country to implement “multi-factor authentication” (MFA) especially for sensitive transactions amid bigger risks coming from cyberattacks.

Article continues after this advertisement

The Monetary Board has approved amendments to existing rules that put in place “more stringent security controls” that BSP-supervised financial institutions must adopt. Focus will be on MFA techniques due to the “increasing propensity and sophistication of cyberattacks involving fund transfers, payments and other transactions via online channels.”

The MFA is mandatory for transactions considered “sensitive communications and/or high-risk such as enrollment in transactional e-services, payments and fund transfers to third parties, online remittance, account maintenance and use of payment cards in e-commerce websites, among others,” the BSP said.

Article continues after this advertisement

The BSP earlier explained that the MFA employed a combination of at least certain authentication factors, namely: inherence or something that is inherent to the user such as fingerprint and retinal pattern; knowledge or something that the user knows such as password or PIN, and possession or something that the user has in his/her possession, including payment card or a one-time password generated through a security token or sent via SMS.

The MFA “provides for a more reliable authentication method and a stronger fraud deterrent mechanism that limits unauthorized access.”

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

Also, it “protects the integrity of customer data and transaction details,” which the BSP had said “in turn contributes to increased customer confidence leading to more prevalent usage of digital financial services which is aligned with the National Retail Payment System’s objective of a cash-light economy by 2020.”

TAGS: Bangko Sentral ng Pilipinas, banks, BSP Governor Nestor A. Espenilla Jr., cybersecurity

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.