UnionBank of the Philippines champions cybersecurity in open banking era at Singapore FinTech Festival

Joey Rufo, Chief Information Security Officer of UnionBank highlights strategies against growing cyber threats in the digital banking sector


At a glance

  • At the Singapore FinTech Festival, UnionBank of the Philippines emphasized its robust response to the increasing cyber threats in the financial sector, particularly in the context of open banking and APIs.

  • Joey Rufo, SVP, Chief Information Security Officer, and Data Protection Officer of UnionBank, led a product showcase highlighting the challenges and responses to cyber threats in digital banking.

  • The rapid growth of digital banking in the Philippines, especially during the pandemic, has led to a surge in cyber threats, with cybercriminals exploiting the expanded attack surface presented by open banking and APIs.

  • The Bangko Sentral ng Pilipinas (BSP) issued a memorandum circular mandating standardized controls across the financial services industry to combat these cyber threats and ensure uniform security protocols.

  • UnionBank’s layered defense strategy incorporates AI-based technologies for detecting anomalous transactions, focusing on creating a secure and trustworthy digital banking environment.


In the bustling landscape of the Philippines’ rapidly evolving financial sector, the digital revolution has ushered in an era of unprecedented opportunities and convenience. As the nation embraces open banking and interconnected Application Programming Interfaces (APIs), providing a gateway to seamless financial transactions, a critical concern arises — cybersecurity. At this year’s Singapore FinTech Festival (SFF), UnionBank of the Philippines took center stage to talk about its robust response against the exponential growth of cyber threats.

Joey Rufo, SVP, Chief Information Security Officer and Data Protection Officer of UnionBank, led a product showcase session at the SFF Technology Stage and presented “Securing Open Banking Against Cyber Attacks, Powered by UnionBank.”

 

joey_rufo.jpg
Joey Rufo, SVP, Chief Information Security Officer and Data Protection Officer UnionBank leads a Product Showcase Session at the SFF Technology Stage — presenting “Securing Open Banking Against Cyber Attacks, Powered by UnionBank”.

 

The UnionBank CISO shed light on the rapid growth of digital banking in the Philippines and the corresponding surge in cyber threats. He identified the challenges financial institutions face, particularly regarding open banking and APIs. He outlined the steps the Bangko Sentral ng Pilipinas (BSP) took to fortify the industry against cyber criminals.

Rufo emphasized the significance of open banking and APIs in creating an interconnected ecosystem where banks, financial institutions, and fintech companies seamlessly collaborate through hyperconnected highways. This interconnectedness aims to provide a superior and secure customer experience, which is especially crucial in a country where a significant portion of the population lacks access to traditional financial services.

As digital banking gains momentum, opportunistic cybercriminals are exploiting the expanded attack surface presented by the API economy. The UnionBank cybersecurity executive highlighted a global surge in cyber incidents, citing examples from the Philippines, where a substantial portion of the population joined online banking platforms during the pandemic. The increased user base created a ripe opportunity for cyber attackers.

Acknowledging the escalating threats, the BSP took a proactive stance by releasing a memorandum circular mandating standardized controls across the financial services industry. This initiative ensures that all banks, fintech firms, and related entities adhere to uniform protocols, thereby minimizing vulnerabilities and creating a collective defense against cyber threats.

Rufo elucidated the potential consequences of cyber attacks on the digital banking landscape. The most alarming scenario highlighted was financial fraud, which could lead to substantial consumer losses and damage the reputation of digital banking services. The impact includes slow performance, accidental disclosure of sensitive information, and regulatory penalties.

To simplify the technicalities, Rufo outlined the common tactics employed by cybercriminals against banks and their customers: business logic bypass, enumeration attacks, denial-of-service attacks, and token reuse. The ultimate goal is financial fraud, which poses a significant threat to the security and reputation of digital banking services.

Rufo stressed the importance of a layered defense strategy to counter these threats, incorporating the age-old principle of defense in depth. He also highlighted the integration of AI-based technologies into API security strategies. AI plays a crucial role in detecting anomalous transactions, offering a proactive approach to promptly identifying and remedying potential threats.

“As a bank, we are offering API services. How do we ensure our current and would-be customers that they remain protected? We build layers of defenses to ensure that your data, money, and funds are protected. We are in the business of trust. Without trust, there’s no business,” said Rufo during this talk at SFF 2023.

Rufo called for continued investment in cybersecurity as a technological necessity and a means to build customer trust. The UnionBank CISO cited the importance of people and processes alongside technology in creating a secure digital banking environment. As the Philippines embarks on its digital banking journey, the focus on cybersecurity emerges as a challenge and an opportunity to instil confidence in customers and ensure the longevity of the digital banking revolution.