Cyberattacks on banks ‘exploit human weaknesses’

CYBER INCIDENTS faced by banks take advantage of human weaknesses mostly through fraud, phishing and account takeovers, according to the Bangko Sentral ng Pilipinas (BSP).

The central bank said “card not present” fraud, variations of phishing, and account takeovers were the three most frequent attacks seen by financial institutions in 2021.

“Most of these cyber incidents targeted retail customers, were not highly technical, nor did they require advanced tools. What they tend to do was exploit human weaknesses,” BSP Governor Benjamin E. Diokno said at a virtual briefing on Thursday.

Mr. Diokno said they noticed that cyberattacks hit two or more financial institutions simultaneously, including originating as well as receiving banks or nonbank service providers.

“The BSP believes that a holistic and coordinated approach among the industry players is necessary to ensure that funds cannot be easily siphoned off by fraudsters and cybercriminals,” Mr. Diokno said.

Maricris A. Salud, deputy director at the BSP’s Technology Risk and Innovation Supervision Department, said the cyber incident that affected BDO Unibank, Inc. and caused unauthorized transfers to other financial institutions, including UnionBank of the Philippines, Inc., highlighted the importance of improving bank supervision.

“It only emphasized really the need for supervisory institutions to strengthen their cybersecurity posture and adopting continuing improvements in their cyber risk management and also their AML (anti-money laundering) systems,” Ms. Salud said.

Both BDO and UnionBank were slapped with sanctions due to the incident, which affected more than 700 BDO clients in December. The National Bureau of Investigation earlier said hackers stole about P1.2 million but could have taken more than P50 million if the transactions were not immediately tagged as suspicious.

The BSP in March issued Circular 1140, which requires BSP-supervised financial institutions to implement automated and real-time fraud monitoring and detection systems to identify and block suspicious or fraudulent online transactions.

The Bankers Association of the Philippines earlier said around P1 billion in financial losses were seen in 2021 due to fraud incidents and unauthorized withdrawals experienced by financial consumers. This came amid the increase in digital transactions during the pandemic. — L.W.T. Noble