As AI-powered scams and identity fraud continue to rattle Filipino mobile users, cybersecurity firm Appdome is calling on mobile brands to move beyond reactive defenses and adopt a more proactive approach to protection.
In an exclusive interview with FintechNewsPH, Chris Roeckl, Appdome’s Chief Product Officer, explained why the Philippines has become a prime target for mobile fraud — and why he believes technology can still turn the tide.
Roeckl, who has been with Appdome since 2016 and previously held senior roles at Pulse Secure, AirMagnet, Fortinet, Infoblox, and NetScreen Technologies, now oversees the company’s product strategy, with a focus on improving the experience of cybersecurity and DevOps teams using Appdome’s platform.
“I want to proactively stop fraud because that’s the biggest concern Filipinos have about mobile apps,” Roeckl said. “They want proactive management of fraud. Technology can solve the fraud problem. This is not a hard problem to solve.”
A mobile economy that attracts bad actors
Roeckl described the Philippines as a “perfect storm” for fraud — a fast-growing, mobile-first economy paired with rising digital payments and heavy dependence on mobile apps.
“It’s an amazingly vibrant mobile economy,” he said. “And that’s a good thing. But it also creates an environment where bad actors can thrive.”
He pointed to research showing that more than 43% of Filipinos fear mobile identity fraud, while nearly three out of four abandon apps due to security concerns. Around 34% say they or someone they know has already fallen victim to social engineering scams.
“That’s not abstract,” Roeckl said. “If you’re sitting in a room with five people, statistically two of you have either experienced it or know someone who has.”
Fraud losses in the Philippines have reached an estimated USD 8 billion as of 2025, he added — and he does not expect that figure to shrink anytime soon.
“I wish with all my heart it would go down,” Roeckl said. “But right now, we’re still playing catch-up.”
Why social engineering works
Unlike traditional hacking, social engineering attacks prey on human fear and urgency — often through fake bank calls or messages that pressure victims to act quickly.
“In that vulnerable moment, people lose perspective,” Roeckl said, recalling how he himself lost tens of thousands of dollars to a scam years ago. “You zero in. And once that happens, it’s very hard to think clearly.”
He stressed that preventing these attacks should not fall solely on consumers.
“This is not a war won by blaming users,” Roeckl said. “The responsibility lies with the mobile brand.”
Technology, he said, can now detect warning signs that a social engineering attempt is underway — such as when a banking app is opened while a suspicious call is in progress. Those signals can trigger real-time alerts or temporary restrictions inside the app.
“You don’t want a sledgehammer approach,” Roeckl said. “You want to interrupt the moment — wake the user up — without destroying the experience.”
Deepfakes and the biometric challenge
Account takeovers and identity fraud are now top concerns for BSP-supervised institutions, and Roeckl warned that deepfake technology is making biometric authentication increasingly vulnerable.
“Our research team used a LinkedIn photo and a USD 10 tool to bypass biometric checks in about 20 minutes,” he said. “That’s worrisome.”
In response, Appdome has been building additional layers of protection around biometric systems, combining them with device-level verification and behavioral signals.
“The real question isn’t just ‘Is this Chris?’” Roeckl said. “It’s ‘Is this Chris on Chris’s device?’”
Because device identifiers are no longer freely shared by operating systems, Appdome developed a device-binding capability that can still recognize trusted devices — even after app reinstallation or a factory reset — without relying on personally identifiable information.
“When you combine device signals, app signals, and biometric confidence, you get a much stronger picture,” he said. “That gives brands the confidence to complete or block a transaction.”
Multi-layered defense for a multi-threat environment
Chris Roeckl, Appdome’s Chief Product Officer
Roeckl said attacks in the Philippines increasingly use several techniques at once, such as malware paired with accessibility services that enable screen recording or remote control of phones.
“It’s not just one threat anymore,” he said. “It’s a multi-threat environment. You can’t just check one box and be done.”
Appdome’s approach, he added, looks for dozens of indicators rather than relying on a single signature.
“Some vendors look for one thing — like a package name,” Roeckl said. “We look at 20 to 50 checks for the same threat. That’s a different design philosophy.”
From reimbursement to prevention
For Roeckl, the shift in consumer expectations is clear: people no longer want refunds after fraud happens — they want attacks stopped before money is lost.
“Holiday shopping is when attackers strike hardest,” he said. “But the same logic applies year-round.”
He believes the tools are already there.
“This is not a regulatory problem. This is not a consumer problem,” Roeckl said. “It’s a technology application problem. And it can be solved.”
For Filipino users increasingly wary of AI-driven scams, Roeckl’s message is blunt: mobile security has to evolve as fast as the threats.
“Technology can solve it,” he said. “And Appdome can help solve this problem.”
