Various types of phishing, “card-not-present” fraud, and account takeovers were just some of the cyber incidents that a number of Philippine banks faced last year.
According to the Bangko Sentral ng Pilipinas (BSP), these cyber incidents happened because fraudsters were able to take advantage of human weaknesses.
“Most of these cyber incidents targeted retail customers. They were also not highly technical and did not require advanced tools. What they tend to do was exploit human weaknesses,” the BSP statement read.
To ensure compliance with risk management rules and prevent similar other cyber threats from emerging, the BSP has recently come up with a new cybercrime software solution called “Advanced SupTech Engine for Risk-Based Compliance” or ASTERisC*.
ASTERisC is a unified regulatory and supervisory technology (RegTech and SupTech) solution that aims to streamline and automate the BSP’s regulatory supervision. It has also been designed to provide reporting and compliance assessments of a bank’s cybersecurity risk management.
The new cyber software solution will soon be rolled out in select BSP-supervised entities as part of the central bank’s efforts to further enhance the resilience of the Philippines’ banking and financial industry against online security attacks.
The Bankers Association of the Philippines (BAP) said that around P1 billion in financial losses were seen in 2021 due to fraud incidents and unauthorized withdrawals experienced by financial consumers. These, according to the BAP, came about amid the increase in digital transactions during the pandemic.
A cohesive and industry-wide approach
As part of its plan to provide a cohesive and industry-wide approach, the Philippine central bank is now engaging industry players, relevant government agencies, and industry associations in an effort to better address emerging threats and risks.
The BSP is also working on a plan to further enhance a bank’s cyber incident response, threat intelligence, and overall situational awareness in the country. It intends to issue a Financial Services Cyber Resilience Plan that will serve as the primary framework for policies and strategies for strengthening cyber defense in the financial services industry.
The deployment of ASTERisC* and the issuance of the plan dovetail with the BSP’s drive for the upskilling of bank supervisors with emergent technologies to nurture a next-generation pool of talent needed for the eventual digitalization of the industry.
These technologies include machine learning which helps in the automation of business processes as well as blockchain, the technology behind cryptocurrency, but especially supervisory and regulatory technologies.
“The BSP believes that a holistic and coordinated approach among all the industry players is necessary to ensure that funds cannot be easily siphoned off by fraudsters and cybercriminals,” the BSP statement said.
Earlier this year, then BSP Governor Benjamin Diokno issued a statement saying that the BSP-led inter-agency Financial Sector Forum remains committed to building a talent pool for the banking industry that is knowledgeable and competent in RegTech and SupTech matters.
Along with BSP, the Financial Sector Forum is comprised of the Philippine Deposit Insurance Corp. (PDIC), the Securities and Exchange Commission (SEC), and the Insurance Commission.