In an era where digital banking is evolving rapidly, GoTyme Bank emerges as a beacon of innovation and security in the Philippines. As a joint venture between the Gokongwei Group and Singapore-based Tyme, GoTyme Bank has significantly offered Filipinos a unique banking experience that blends state-of-the-art technology with a personal touch.

GoTyme Bank's approach to banking is revolutionary, prioritizing financial inclusion and convenience for Filipinos. By shunning the traditional reliance on chatbots, the bank ensures that every interaction retains a personal, human element. This commitment extends to free money transfers between GoTyme accounts and complimentary ATM debit cards, available nationwide through a simple, quick sign-up process.

The bank doesn't just stop at convenience; it also offers compelling rewards and savings programs in partnership with Go Rewards, ensuring that customers not only manage their money efficiently but also gain tangible benefits from their banking activities.

In an exclusive interview, Jason Brasileño, GoTyme Bank's Head of Fraud Strategy, outlined the bank's comprehensive cybersecurity strategies. Emphasizing a holistic approach, Brasileño highlighted GoTyme's adherence to international standards like ISO 27001, NIST, and PCI-DSS. Advanced encryption, automated security code checking, and the strategic use of Amazon Web Services (AWS) to improve security and compliance all support this strong cybersecurity posture.

GoTyme Bank also conducts regular vulnerability assessment and penetration testing (VAPT) to identify and mitigate potential weaknesses. Its Fraud Management Program, developed in partnership with NICE Actimize, employs AI and machine learning to combat fraud and financial crime proactively.

To further protect its customers, GoTyme emphasizes the importance of education on secure digital banking practices. This includes encouraging the use of multifactor authentication and biometric validation for sensitive transactions. In the unfortunate event of a data breach, the bank has a structured incident management process to minimize impact and safeguard customer interests.

GoTyme Bank is proactive in educating its customers about cybersecurity and fraud prevention. It partners with organizations like Scam Watch Pilipinas and employs social media, app notifications, and direct communication to spread awareness. Customers have multiple channels to report suspicious activities, ensuring quick and effective responses to potential security threats.

Offering a seamless banking experience that doesn't compromise on safety, the bank's commitment to operational excellence matches its dedication to customer security. Through these initiatives, GoTyme Bank is transforming digital banking in the Philippines and setting new standards for how banks should protect and serve their customers in the digital age.

Here's the transcript of the interview with Jason Brasileño, GoTyme Bank's Head of Fraud Strategy:

1.    What measures does GoTyme take to ensure the cybersecurity of its platform?

GoTyme has adapted a holistic approach in ensuring cybersecurity of its platform. We have implemented an aligned policy and processes with international standards such as ISO 27001, NIST, and PCI-DSS.

GoTyme Bank CEO Nate Clarke said that the bank has adopted and continually improve its cutting-edge technology to further strengthen its security posture. These includes high-level encryption, automated security code checking utilizing a tool for analyzing for bugs and vulnerabilities. We also take advantage of the security capability of Amazon Web Services (AWS) being a cloud-based bank. This includes further compliance to PCI-DSS and NIST.

We also implement Vulnerability Assessment and Penetration Testing (VAPT) to ensure that we are able to see what potential weaknesses and potential exploits bad actors can do towards our system in order for us to continue hardening our defenses. In addition, we have real-time monitoring of the platform health enabling faster reaction to potential incidents.

Along with Cybersecurity, we have also implemented a robust Fraud Management Program from a policy level, processes as well as people and technology. As we grow, we also understand the potential growth of fraud and financial crime with digital banks. We have aligned our Fraud Management policies with best practices and have enhanced our process implementation.

We work with NICE Actimize, the leading global provider of financial crime, risk, and compliance solutions, guarding us against fraud and money laundering. This allows us to create a whole array of machine learning and AI driven models for us to effectively detect fraud and prevent it. We have also set up our fraud rules in such a way that they are more proactive than reactive.

From a user point of view, we continually educate our customers on the secure use of digital banking platforms and online transactions. We do this via app push notifications, materials being shared in our social media page and groups as well as via our website. We also partner with other organizations like Scam Watch Pilipinas to help drive the anti-scam and fraud education.

Further, our platform encourages them to set up features such as multifactor authentication, SMS or email alerts, and fraud monitoring to prevent suspicious online banking activity. We use in-app biometrics to authenticate and additional GoTyme-implemented biometrics for validation for high-value activities like change in phone number. We design and execute the most user-friendly experience, encouraging customers to intuitively turn on valuable security features.

Lastly, whenever we do receive fraud reports either from customers, non-customers, law enforcement agencies and, other banks, we immediately act on it. We also work with law enforcement agencies such as DICT-CICC, NBI and the various anti-cybercrime units of the PNP.

2.    How does GoTyme protect the personal and financial data of its customers?

GoTyme complies with the Data Privacy Act of 2012 or otherwise known as RA 10173 and the Bank Secrecy Act RA No 1405.

From the DPA, we fully comply with the five pillars of privacy and further complements this with a robust information security management program along with the direction set out by RA 1405 and the BSP Manual of Regulations for Banks (MORB).

3.    Does GoTyme use encryption for data transmission and storage? If so, what type of encryption is used?

Yes, GoTyme utilizes high level encryption for data storage and transmission including Advanced Encryption Standard (AES).

We also do automated security checking of our code with SonarQube. This allows GoTyme to monitor all our systems for any vulnerabilities and problems that may arise. SonarQube allows us to address these issues right away.

4.    How does GoTyme ensure that its employees do not have unauthorized access to customer data?

Yes, GoTyme has implemented a robust information security management program that includes access control which includes ensuring that only those with privilege access have the authority to view customer data.

5.    In the event of a data breach, what steps does GoTyme take to mitigate the impact and protect its customers?

GoTyme has in-placed an incident management process especially on breach management to address and mitigate including protection of its customers in the event there is a data breach. This is further supported by our Business Continuity and Crisis Management Program.

6.    Does GoTyme have a dedicated cybersecurity team? If so, what are their responsibilities?

Yes. Given our approach on cybersecurity is holistic, this would cover the governance aspect until the implementation, operations, and assurance.
In addition, GoTyme also has a dedicated Fraud Management team that looks into the governance level, strategy, operations, investigations and analytics, assurance, internal fraud and external affairs.

7.    How does GoTyme handle customer calls regarding account security and potential fraud?

We have a process that is embedded in our Personal Bankers SOP (Customer Service) wherein we treat each call seriously. There are steps outlined from triaging up to requesting for details including documentations such as Police reports and escalating to the respective teams for their further investigation and handling until closure.

8.    What is the process for reporting suspicious activity or transactions in a GoTyme account?

We have this on our website.
Call us at #GO8888 (#468888)
Email us at [email protected]
Chat with us in the GoTyme Bank app
Call your bank as soon as possible to report the case.

For GoTyme Bank, you may get in-touch with our Personal Bankers via these channels:
Call us at #GO8888 (#468888)
Email [email protected]
Chat with us in the GoTyme Bank app

File a police report or blotter to have an official record of the incident. You may attach this in your report to your bank. This helps the bank and the authorities with the investigation.

Update your login credentials, especially your banking apps, and immediately change your password.

Get in touch with DICT-CICC. You may refer to Scam Watch Pilipinas’ website for further information (https://scamwatchpilipinas.com/). You may also call their hotline at 1326.

9.    How quickly does GoTyme respond to customer reports of potential fraud or account compromise?

We handle each report as soon as it gets escalated to us. The faster you are able to report following the scam, the more likelihood that we can track and flag the account and hold the amount. However, there is no guarantee that for each report, the money that was scammed will be recovered. With the fast pace nature of digital banking, we have a smaller window to be able to apply the necessary actions and ensure money is intact.

10.    Does GoTyme provide any education or resources to its customers about protecting their personal and financial information?

Yes, we do through: (1) social media and GoTyme Bank personal bankers; (2) engagement with Scam Watch Pilipinas; (3) media; (4) partnership with Gogolook.