ADVERTISEMENT
Manila Bulletin devider Technews devider Fight back against online payment cyber

Fight back against online payment cyber

Published Sep 9, 2022 12:49 pm

By AJ Dumanhug, CEO, Secuna

Online payments surged parallel to the growth in the public’s purchasing of digital content such as online games, Netflix, and Spotify, demand for cash transfers, and the need for financial assistance. At the same time, payment scams have become more acute along with other cybersecurity incidents as we adjusted to the pandemic.

Complaints mount on social media about thousands of unsolicited text messages carrying links that redirect to dubious websites. Some texts tout obvious bait like nonexistent jobs, while some are more subtle, masquerading as COVID test results, shipping notifications, and alerts for online payments that didn't go through. Inadvertently click on it, and you might be handling valuable information that cyber thieves can use to steal your identity and clean out your bank account.

Smishing, as defined by the Oxford Languages Dictionary, is “the fraudulent practice of sending text messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords or credit card numbers.” The word is a contraction of SMS (short message service) and phishing.

According to a 2021 report from Kaspersky, three in four people in Southeast Asia encountered at least one type of threat associated with digital payment technology.

In this study titled “Mapping a secure path for the future of digital payments in APAC,” 72% of their respondents in SEA experienced cyber threats. Of those with experience, 37% said they encountered them in the form of social engineering scams via texts or calls, making this the top threat in the region.

Constantly reminding users to be extremely vigilant against spam messages is not going to be enough, more so against the professionally organized and highly innovative mass cyber crimes. No matter how vigilant they are, there is a high likelihood that every institution will be targeted by threat actors at some point. Therefore, being prepared for such an attack is vital.

A pro tip that has garnered attention more recently is understanding the cyber risk embedded in the supply chain. Cyber threats must be addressed throughout the supply chain to ensure the entire payments network remains secure. In addition, organizations should engage cybersecurity experts that would help them identify threats, develop a response plan, and test it regularly through tabletop exercises.

Hidden within the payment ecosystem are third-party payment processors. These are middlemen who are known to the banks and who sometimes, for a fee, handle transactions for online merchants.

Take Dragonpay, the pioneer in alternative online payments in the Philippines, for instance. Acting as a mediator between buyers and sellers since 2010, Dragonpay gives access to customers to purchase goods or services online and pay for them using cash at physical, brick-and-mortar payment counters, ATMs, mobile wallets, or through online bank debit.

The rapid growth in online payment activities has driven its search for a high-impact cybersecurity solution capable of securing the expanding number of transactions it is processing — currently 130 million and counting.

To maintain safe and secure payments, Dragonpay has employed the helping hand of a DICT-certified cybersecurity assessment firm Secuna to thoroughly assess the security of its website application.

Seventeen unique security vulnerabilities were reported, validated, and resolved after the Web Application Penetration Testing. Three of them were found to have a severity score of 7.0 and higher using CVSS, an industry-standard scoring system.

The added cybersecurity protection and threat intelligence helped Dragonpay identify hidden vulnerabilities that scammers and fraudsters may use to device phishing attacks and take proactive measures to mitigate risks.

There is no end game when it comes to cybersecurity because the threat landscape is constantly evolving. Information will be the key in this fight against scammers and fraudsters. Cybersecurity should be understood, accepted, and managed to stop these cybercriminals.

It is crucial that all stakeholders, including the government, digital payment providers, consumers, and even cybersecurity companies, work together to ensure the cyber resilience of the wider payments ecosystem.

# # #

About the Author

AJ Dumanhug is the co-founder and CEO of Secuna, the first and only crowdsourced cybersecurity testing platform in the Philippines that has a community of hundreds of the world's most advanced and highly-vetted cybersecurity professionals and ethical hackers. The company has been at the forefront of cybersecurity in the Philippines, helping companies and government agencies set up their ISO-compliant Security Vulnerability Disclosure Program and Bug Bounty Program to receive and act on vulnerabilities discovered by cybersecurity professionals, and strengthen their cybersecurity posture with a comprehensive ISO-compliant Vulnerability Assessment and Penetration Testing (VAPT).

ADVERTISEMENT
.most-popular .layout-ratio{ padding-bottom: 79.13%; } @media (min-width: 768px) and (max-width: 1024px) { .widget-title { font-size: 15px !important; } }

{{ articles_filter_1561_widget.title }}

{{ item.title }}
.most-popular .layout-ratio{ padding-bottom: 79.13%; } @media (min-width: 768px) and (max-width: 1024px) { .widget-title { font-size: 15px !important; } }

{{ articles_filter_1562_widget.title }}

{{ item.title }}
.most-popular .layout-ratio{ padding-bottom: 79.13%; } @media (min-width: 768px) and (max-width: 1024px) { .widget-title { font-size: 15px !important; } }

{{ articles_filter_1563_widget.title }}

{{ item.title }}

{{ articles_filter_1564_widget.title }}

{{ item.title }}
.mb-article-details { position: relative; } .mb-article-details .article-body-preview, .mb-article-details .article-body-summary{ font-size: 17px; line-height: 30px; font-family: "Libre Caslon Text", serif; color: #000; } .mb-article-details .article-body-preview iframe , .mb-article-details .article-body-summary iframe{ width: 100%; margin: auto; } .read-more-background { background: linear-gradient(180deg, color(display-p3 1.000 1.000 1.000 / 0) 13.75%, color(display-p3 1.000 1.000 1.000 / 0.8) 30.79%, color(display-p3 1.000 1.000 1.000) 72.5%); position: absolute; height: 200px; width: 100%; bottom: 0; display: flex; justify-content: center; align-items: center; padding: 0; } .read-more-background a{ color: #000; } .read-more-btn { padding: 17px 45px; font-family: Inter; font-weight: 700; font-size: 18px; line-height: 16px; text-align: center; vertical-align: middle; border: 1px solid black; background-color: white; } .hidden { display: none; }
function initializeAllSwipers() { // Get all hidden inputs with cms_article_id document.querySelectorAll('[id^="cms_article_id_"]').forEach(function (input) { const cmsArticleId = input.value; const articleSelector = '#article-' + cmsArticleId + ' .body_images'; const swiperElement = document.querySelector(articleSelector); if (swiperElement && !swiperElement.classList.contains('swiper-initialized')) { new Swiper(articleSelector, { loop: true, pagination: false, navigation: { nextEl: '#article-' + cmsArticleId + ' .swiper-button-next', prevEl: '#article-' + cmsArticleId + ' .swiper-button-prev', }, }); } }); } setTimeout(initializeAllSwipers, 3000); const intersectionObserver = new IntersectionObserver( (entries) => { entries.forEach((entry) => { if (entry.isIntersecting) { const newUrl = entry.target.getAttribute("data-url"); if (newUrl) { history.pushState(null, null, newUrl); let article = entry.target; // Extract metadata const author = article.querySelector('.author-section').textContent.replace('By', '').trim(); const section = article.querySelector('.section-info ').textContent.replace(' ', ' '); const title = article.querySelector('.article-title h1').textContent; // Parse URL for Chartbeat path format const parsedUrl = new URL(newUrl, window.location.origin); const cleanUrl = parsedUrl.host + parsedUrl.pathname; // Update Chartbeat configuration if (typeof window._sf_async_config !== 'undefined') { window._sf_async_config.path = cleanUrl; window._sf_async_config.sections = section; window._sf_async_config.authors = author; } // Track virtual page view with Chartbeat if (typeof pSUPERFLY !== 'undefined' && typeof pSUPERFLY.virtualPage === 'function') { try { pSUPERFLY.virtualPage({ path: cleanUrl, title: title, sections: section, authors: author }); } catch (error) { console.error('ping error', error); } } // Optional: Update document title if (title && title !== document.title) { document.title = title; } } } }); }, { threshold: 0.1 } ); function showArticleBody(button) { const article = button.closest("article"); const summary = article.querySelector(".article-body-summary"); const body = article.querySelector(".article-body-preview"); const readMoreSection = article.querySelector(".read-more-background"); // Hide summary and read-more section summary.style.display = "none"; readMoreSection.style.display = "none"; // Show the full article body body.classList.remove("hidden"); } document.addEventListener("DOMContentLoaded", () => { let loadCount = 0; // Track how many times articles are loaded const offset = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10]; // Offset values const currentUrl = window.location.pathname.substring(1); let isLoading = false; // Prevent multiple calls if (!currentUrl) { console.log("Current URL is invalid."); return; } const sentinel = document.getElementById("load-more-sentinel"); if (!sentinel) { console.log("Sentinel element not found."); return; } function isSentinelVisible() { const rect = sentinel.getBoundingClientRect(); return ( rect.top < window.innerHeight && rect.bottom >= 0 ); } function onScroll() { if (isLoading) return; if (isSentinelVisible()) { if (loadCount >= offset.length) { console.log("Maximum load attempts reached."); window.removeEventListener("scroll", onScroll); return; } isLoading = true; const currentOffset = offset[loadCount]; window.loadMoreItems().then(() => { let article = document.querySelector('#widget_1690 > div:nth-last-of-type(2) article'); intersectionObserver.observe(article) loadCount++; }).catch(error => { console.error("Error loading more items:", error); }).finally(() => { isLoading = false; }); } } window.addEventListener("scroll", onScroll); });
Join Our Newsletters

Sign up by email to receive news.

© 2025 Manila Bulletin The Nation's Leading Newspaper. All Rights Reserved.