ADVERTISEMENT
Manila Bulletin devider Technews devider BSP publishes memorandum for cyber fraud and attacks on retail electronic payments and financial services

BSP publishes memorandum for cyber fraud and attacks on retail electronic payments and financial services

Published Apr 20, 2022 03:40 pm

As the country has seen a growth in online transactions, so did cyber attacks.

Hackers are extremely adept and continuously evolving to ensure they can get access to sensitive data. With new protocols to ensure data security, hackers are using social engineering to manipulate potential victims into giving up information to their financial accounts, among others.

One of the most common ways of getting information from you is phishing and its variations “smishing” (where hackers will send you seemingly legitimate text messages) and “vising” (where hackers will send you a voice message).

To counter these attacks, the Bangko Sentral ng Pilipinas (BSP) has published their Memorandum No. M-2022-015, with the subject: Recommended Control Measures Against Cyber Fraud and Attacks on Retail Electronic Payments and Financial Services. 

The memorandum, signed by Chuchi G. Fonacier, Deputy Governor of the Financial Supervision Sector of the BSP, last 22nd of March, has recommendations to eliminate possible exploits hackers can use, increase notifications to alert people into immediate response, and strengthen protocols. 

The recommendations include:

  • Removal of clickable links in emails or SMS sent to retail customers followed by an information campaign that the BSFI will no longer be sending clickable links.
  • Customer notification through existing mobile or email registered with the BSFI whenever there is a request to change a customer’s mobile number, email address, or account credentials. 
  • After the conduct of a thorough risk analysis and assessment, the implementation of the following controls: a) Mandatory fund transfer transaction notification to customers through SMS and/or email for transactions exceeding a predefined amount; b) Holding period or delay before activation of a new soft token on a mobile device; and c) Cooling-off period before the implementation of requests for key account changes such as those for the mobile number and email address.
  • Personalized SMS/Email OTP messages for device registration, fund transfer, and profile update, among others.
  • Restriction to any BSFI officer or representation from manually obtaining or inquiring about critical authentication information such as customer password and/or one-time password/pin (PIN).
  • Creation of dedicated and well-resourced customer assistance teams that deal with feedback on potential fraud cases on a priority basis.
  • Conduct of regular customer education campaigns against online scam and phishing schemes with mechanisms to monitor their effectiveness and relevance; and…
  • Adoption of strong fraud surveillance mechanisms to ensure prompt responses in dealing with the growing threat of online scams. 

These recommendations are meant to bolster current security controls, such as multi-factor authentication and taking down phishing sites, among others.

The memorandum also encourages the BSP’s Supervised Financial Institutions (BSFIs) to collaborate with information sharing platforms – the Bankers Association of Philippines Cyber Incident Database, was mentioned – to conduct fraud investigations and recover stolen funds. The memorandum goes on, saying the BSFI may need to seek assistance and cooperate with law enforcement for cybercrime cases.

ADVERTISEMENT
.most-popular .layout-ratio{ padding-bottom: 79.13%; } @media (min-width: 768px) and (max-width: 1024px) { .widget-title { font-size: 15px !important; } }

{{ articles_filter_1561_widget.title }}

{{ item.title }}
.most-popular .layout-ratio{ padding-bottom: 79.13%; } @media (min-width: 768px) and (max-width: 1024px) { .widget-title { font-size: 15px !important; } }

{{ articles_filter_1562_widget.title }}

{{ item.title }}
.most-popular .layout-ratio{ padding-bottom: 79.13%; } @media (min-width: 768px) and (max-width: 1024px) { .widget-title { font-size: 15px !important; } }

{{ articles_filter_1563_widget.title }}

{{ item.title }}

{{ articles_filter_1564_widget.title }}

{{ item.title }}
.mb-article-details { position: relative; } .mb-article-details .article-body-preview, .mb-article-details .article-body-summary{ font-size: 17px; line-height: 30px; font-family: "Libre Caslon Text", serif; color: #000; } .mb-article-details .article-body-preview iframe , .mb-article-details .article-body-summary iframe{ width: 100%; margin: auto; } .read-more-background { background: linear-gradient(180deg, color(display-p3 1.000 1.000 1.000 / 0) 13.75%, color(display-p3 1.000 1.000 1.000 / 0.8) 30.79%, color(display-p3 1.000 1.000 1.000) 72.5%); position: absolute; height: 200px; width: 100%; bottom: 0; display: flex; justify-content: center; align-items: center; padding: 0; } .read-more-background a{ color: #000; } .read-more-btn { padding: 17px 45px; font-family: Inter; font-weight: 700; font-size: 18px; line-height: 16px; text-align: center; vertical-align: middle; border: 1px solid black; background-color: white; } .hidden { display: none; }
function initializeAllSwipers() { // Get all hidden inputs with cms_article_id document.querySelectorAll('[id^="cms_article_id_"]').forEach(function (input) { const cmsArticleId = input.value; const articleSelector = '#article-' + cmsArticleId + ' .body_images'; const swiperElement = document.querySelector(articleSelector); if (swiperElement && !swiperElement.classList.contains('swiper-initialized')) { new Swiper(articleSelector, { loop: true, pagination: false, navigation: { nextEl: '#article-' + cmsArticleId + ' .swiper-button-next', prevEl: '#article-' + cmsArticleId + ' .swiper-button-prev', }, }); } }); } setTimeout(initializeAllSwipers, 3000); const intersectionObserver = new IntersectionObserver( (entries) => { entries.forEach((entry) => { if (entry.isIntersecting) { const newUrl = entry.target.getAttribute("data-url"); if (newUrl) { history.pushState(null, null, newUrl); let article = entry.target; // Extract metadata const author = article.querySelector('.author-section').textContent.replace('By', '').trim(); const section = article.querySelector('.section-info ').textContent.replace(' ', ' '); const title = article.querySelector('.article-title h1').textContent; // Parse URL for Chartbeat path format const parsedUrl = new URL(newUrl, window.location.origin); const cleanUrl = parsedUrl.host + parsedUrl.pathname; // Update Chartbeat configuration if (typeof window._sf_async_config !== 'undefined') { window._sf_async_config.path = cleanUrl; window._sf_async_config.sections = section; window._sf_async_config.authors = author; } // Track virtual page view with Chartbeat if (typeof pSUPERFLY !== 'undefined' && typeof pSUPERFLY.virtualPage === 'function') { try { pSUPERFLY.virtualPage({ path: cleanUrl, title: title, sections: section, authors: author }); } catch (error) { console.error('ping error', error); } } // Optional: Update document title if (title && title !== document.title) { document.title = title; } } } }); }, { threshold: 0.1 } ); function showArticleBody(button) { const article = button.closest("article"); const summary = article.querySelector(".article-body-summary"); const body = article.querySelector(".article-body-preview"); const readMoreSection = article.querySelector(".read-more-background"); // Hide summary and read-more section summary.style.display = "none"; readMoreSection.style.display = "none"; // Show the full article body body.classList.remove("hidden"); } document.addEventListener("DOMContentLoaded", () => { let loadCount = 0; // Track how many times articles are loaded const offset = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10]; // Offset values const currentUrl = window.location.pathname.substring(1); let isLoading = false; // Prevent multiple calls if (!currentUrl) { console.log("Current URL is invalid."); return; } const sentinel = document.getElementById("load-more-sentinel"); if (!sentinel) { console.log("Sentinel element not found."); return; } function isSentinelVisible() { const rect = sentinel.getBoundingClientRect(); return ( rect.top < window.innerHeight && rect.bottom >= 0 ); } function onScroll() { if (isLoading) return; if (isSentinelVisible()) { if (loadCount >= offset.length) { console.log("Maximum load attempts reached."); window.removeEventListener("scroll", onScroll); return; } isLoading = true; const currentOffset = offset[loadCount]; window.loadMoreItems().then(() => { let article = document.querySelector('#widget_1690 > div:nth-last-of-type(2) article'); intersectionObserver.observe(article) loadCount++; }).catch(error => { console.error("Error loading more items:", error); }).finally(() => { isLoading = false; }); } } window.addEventListener("scroll", onScroll); });
Join Our Newsletters

Sign up by email to receive news.

© 2025 Manila Bulletin The Nation's Leading Newspaper. All Rights Reserved.