Top Stories

Philippines tightens reporting rules following rise in cyber thefts

FORUM Staff

Faced with a growing number of sophisticated cyber heists, the central bank of the Philippines is tightening reporting requirements for banks to improve their cyber surveillance and prevent catastrophic losses for customers.

The Bangko Sentral ng Pilipinas (BSP) in October 2018 told banks to report cyber intrusions within two hours of their discovery, Reuters reported. Previously, the report had to be made within 10 days.

“Having quick access to information on these incidents will enable the BSP to alert other banks, industry associations and other relevant stakeholders that may be affected by a specific attack,” the BSP said in a statement.

The Philippine financial system has been under global scrutiny since 2016 when U.S. $81 million was stolen from the Bangladesh central bank. The cyber thieves funneled the money into Manila-based accounts before laundering it through local casinos. Officials in Bangladesh have only been able to recover about U.S. $15 million of the stolen money.

In response to the theft, the Philippine central bank in August 2016 fined Rizal Commercial Banking Corp. a record U.S. $21 million because the bank was used to channel the stolen money from Bangladesh.

The central bank has been trying to raise awareness about cyber security ever since. At the beginning of the year, it told Philippine financial institutions to allocate more resources to boost their technical capabilities. “Cyber security is a big fear for everyone, BSP included,” BSP Governor Nestor Espenilla Jr. told the Philippine Daily Inquirernewspaper in January 2018. “I’ve been talking to other regulators about it, and it’s high on the agenda. The level of concern for cyber security is very high, but it’s hard to stop because it’s a technology play.”

He is now requiring affected banks to submit a follow-up report within 24 hours of a cyber incident, so the central bank can monitor the situation and act if needed.

The tightened requirements come after a flood of cyber thefts earlier this year. Scores of Philippine banking customers, many who work overseas, said they lost great sums of money due to unauthorized transactions from their online bank accounts, The Manila Times newspaper reported.

The bank of the Philippine Islands (BPI) said cyber criminals mimicked the bank’s website in a scheme to dupe customers into parting with their money and confidential information, the Times reported. Customers received emails asking them to click on a link for BPI Express Online. They were directed to an address that sounded like an official site but was instead a trap to capture their personal details and money.

In this practice called phishing, criminals attempt to obtain information including usernames, passwords and even credit card details to steal money from victims who believe they are communicating with their own banks.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button