With increased online transactions due to the holidays, the Bangko Sentral ng Pilipinas (BSP) is reminding banks to remain vigilant against cyber attacks, specifically phishing or the fraudulent acquisition of sensitive data or information.

In a memo (BSP Memorandum No. M-2020-090), BSP Deputy Governor Chuchi G. Fonacier said all of the BSP supervised financial institutions (BSFIs) should “ensure that timely and appropriate consumer protection and redress mechanisms are in place” in order to “preserve the banking public's trust and confidence in digital financial services.”

As such, BSFIs have been “strongly advised” to do the following: consumer assistance helpdesk or hotline that are available 24 hours a day and seven
days a week; increased surveillance on online banking systems/activities during holidays or long weekends; facility to timely block/suspend accounts reported by clients/concerned parties or those tagged as fraudulent or suspicious; and procedures to resolve disputes arising from the use of the digital financial
services within the established turn-around-time.

Fonacier said BSFIs are to intensify its information campaign for security awareness as the “first line of defense against these phishing and social engineering attacks.”

“Further, BSFIs should minimize risk exposure through employing defense-in-depth security strategies such as calibration of fraud management system rules and parameters, conduct of threat hunting exercises to detect unusual activities and takedown of phishing sites, among others,” said the BSP official.

With COVID-19 pandemic and the increase use of digital services, the BSP considers phishing attacks as one of the top cyber risks lurking behind digital payments and financial services.

Fonacier said cybercriminals are using more platforms and tactics such as phishing emails, SMS phishing, SMS spoofing and voice phishing including social media channels to gain unauthorized access to financial resources.

BSFIs are “enjoined” to follow and implement previous BSP rules on risk management associated with fraudulent e-mails or websites, SMS-based attacks targeting financial customers.
The BSP is adopting stronger cybersecurity and digital financial supervision to support the digital transformation of all BSFIs.
The BSP is enhancing its digital finance and cybersecurity supervisory tools by adopting the Supervisory Assessment Framework or SAFr which will enable a risk-focused and calibrated supervision based on a BSFIs’ business model.
Other improvements to cybersecurity rules that are coming relates to digital banking, cloud computing, virtual asset service provider, and the Cybersecurity Maturity Model.