MANILA, Philippines – While proposals for wage and fare increases in response to rising fuel…
BSP advises supervised institutions to implement measures to prevent cyberattacks
The Bangko Sentral ng Pilipinas (BSP) has ordered BSP-supervised financial institutions (BSFIs) to deploy strong control measures against cyber fraud and assaults on retail electronic payments and financial services as financial transactions increasingly move to digital channels (EPFS).
“BSFIs should frequently conduct risk evaluations of their product features, business rules, and application controls, and impose relevant upgrades and mitigation measures,” according to BSP Memorandum No. 2022-015.
Additionally, BSFIs are encouraged to remove clickable links from emails, SMS, and text messages delivered to clients as well as to notify customers via registered email addresses or mobile numbers when seeking changes to their personal information.
The implementation of mandatory alerts for fund transfers exceeding a predetermined threshold, delays in the activation of new soft tokens or new device registrations, and a cooling-off period for important account modifications should all be done by BSFIs after a comprehensive risk analysis.
Additionally, BSFIs are required to personalize SMS and email messages for banking services, prevent bank officers or representatives from obtaining sensitive data such as customer passwords, one-time passwords (OTPs), or personal identification numbers (PINs), and establish specialized customer assistance teams for fraud cases, run awareness campaigns against online scams, and implement robust fraud surveillance systems.
The BSP also promoted cooperation between BSFIs and the use of information-sharing tools, such as the Cyber Incident Database of the Bankers Association of the Philippines, to hasten fraud investigations, recover lost funds, and proactively counter new fraud schemes.
According to the Cybercrime Prevention Act of 2012 and other laws and regulations, “BSFIs may also need to work with law enforcement authorities for the early resolution of cybercrimes, especially those involving public safety and security,” the memorandum stated.
BSP Memorandum No. M-2022-015, dated March 22, 2022, is available online at this address: https://www.bsp.gov.ph/Regulations/Issuances/2022/M-2022-015.pdf.