Sen. Sherwin Gatchalian was shocked early last month when he found out that his credit card had been hacked and he was hit with a hefty bill of about P1.1 million for liquor items ordered through a food delivery app. Gatchalian said the hacker was able to change the mobile number linked to his credit card account, such that he did not receive the one-time passwords needed to authorize the four separate transactions, all executed in less than an hour in the afternoon of Jan. 5.
“Ano yan, lauriat para sa buong barangay???” tweeted an angry Gatchalian.
That would have been funny were the scam not so harmful. Gatchalian is unfortunately just one of the growing legion of Filipinos victimized by credit card fraud, which has become increasingly prevalent as more financial transactions shift online amid the lockdowns imposed to arrest the COVID-19 pandemic.
The Bangko Sentral ng Pilipinas (BSP) has further tightened regulations governing credit card operations in response to the surge in fraud complaints. “We are aware of the need to address risks related to the increased accessibility of innovative digital financial products and services,” BSP Governor Benjamin Diokno said in a briefing last week. “This includes efforts to stamp out fraud related to the use of credit cards.”
Diokno noted that of the 23,000 complaints lodged with the BSP since it activated an online chatbot on its website last year where bank clients can raise issues about financial services, about one in every four, or 25 percent, related to various credit card complaints.
According to the BSP, fraudulent credit card transactions commonly involve information and identity theft, where fraudsters pretend to be bank personnel to get personal information; phishing or the stealing of bank account information when email, a fake website, or text message is opened; skimming or the illegal copying of information from the magnetic strip of the credit card; and the card replacement scam, which involves the physical surrender of credit cards supposedly for an account upgrade or promotion.
The BSP recognizes that a credit card is a convenient way to make financial transactions, such as paying bills or buying groceries. The Duterte administration itself aims to promote the wider adoption of safe digital payments, in line with the goal to transform the Philippines into a “cash-lite” economy where half of all retail payments will be done digitally by 2023.
To retain and increase public confidence in digital financial products and services, including credit cards, the BSP has mandated financial institutions to put in place stringent information technology security controls and sound risk management practices, and adopt industry-standard technology like the multi-factor authentication system—including the use of one-time passwords—for online transactions. They are expected to equip their systems with evolving consumer protection standards and the latest knowledge and tools to combat online fraud and attacks. Such attacks typically increase around key shopping occasions such as over the Christmas holidays and the coming Chinese New Year and Valentine’s Day celebrations.
The BSP has also tightened the reporting requirements for banks and the other financial services institutions under its supervision on cyber-related incidents and operational disruptions, to ensure the protection of consumers should an actual attack take place, given the increasing propensity as well as sophistication of cyberattacks.
Gatchalian, the vice chair of the Senate committee on banks, financial institutions and currencis, has likewise pushed for a probe in the Senate on the fraudulent use of credit cards, debit cards, and online bank accounts to close possible gaps in the current laws such as the Electronic Commerce Act, Cybercrime Prevention Act, and the Data Privacy Act. “Despite all the legal mechanisms in place, obviously there’s something amiss which could probably explain the reason why these crooks thrive in this kind of scheme,” said Gatchalian.Guarding against cybercrime and credit card fraud, however, is not just the responsibility of the BSP and the financial institutions. Consumers using plastic also have a critical role to play in protecting themselves against cybercriminals that are constantly on the prowl for unsuspecting victims.
Consumers, for example, are advised to protect their accounts by creating strong passwords, watching out for phishing emails and spoofed websites, and keeping one’s account and personal information confidential.
“Let me underscore [the need for] collective vigilance against frauds amid the increased accessibility of innovative digital financial products and services during the pandemic,” said Diokno. He is right: E-safety is a collective responsibility.