Late last week, GCash had a brief outage of services once again, creating another cause for annoyance among users of the mobile wallet’s services.
It all started last May 9, when rumors about dubious transactions involving GCash users started spreading online, with a number of users saying fraudulent bank transfers still happened even though they did not receive any notification or OTP.
While looking into the concerns, GCash said they conducted “preventive maintenance” procedures. The delay, they explained, occurred while the National Privacy Commission (NPC) was looking into a possible breach of personal data that may have occurred during a GCash “glitch” earlier this month.
The e-wallet app has since issued a statement on its Twitter and Facebook accounts, apologizing for the inconvenience caused by the outage — which lasted at least nine hours — while assuring users that their money remains secure. It also issued a warning to the public about fake emails, purportedly from GCash, asking users to verify their accounts via email.
“GCash will never ask you to verify your account via email,” the GCash advisory stated.
According to the company, the affected users’ e-wallets have since been modified. They also promised users that their monies would remain “intact, safe, and secure.”
Clarification sought
In a press statement, the NPC reported that it had a clarifying meeting with G-Xchange, Inc. (GXI), a subsidiary of Mynt and a wholly-owned financial services subsidiary of Globe Telecom that offers the GCash app, for the company to provide details based on their own investigation and to explain steps they’ve taken to remedy the problem.
The NPC has also issued a new directive for GXI to “provide additional information and documents to enable an independent assessment and to verify the claims presented by GXI on the purported phishing (attempt) as being the cause of the glitch.”
“The NPC is committed to protecting the privacy of all individuals and will continue to offer advice on how the public can better protect themselves from violations of their data privacy rights, even as these threat actors are also becoming more sophisticated in their pursuit of their criminal design,” said John Henry Naga, privacy commissioner and chairperson of the NPC, in a press statement.
The Cybercrime Investigation and Coordinating Center (CICC), the associated agency of the Department of Information and Communications Technology (DICT), has also promised to carry out an objective probe into these suspicious financial transactions.
According to CICC Executive Director Alexander Ramos, “The CICC would like to assure GCash and the public of the objectivity of its investigation into whether there were flaws in GCash’s security system. If warranted, we will make recommendations to GCash, going forward, to ensure that public interest is safeguarded.”
GCash, for its part, reaffirmed its position on the matter, saying that only a deliberate phishing attempt that took place outside of the app had occurred. “No hacking or glitch occurred within the company’s infrastructure,” the e-wallet company stated.
“We have been in constant coordination with the authorities and regulatory bodies like the Bangko Sentral ng Pilipinas (BSP) and the NPC in providing all the necessary information required of us. We urge the NPC to continue its efforts to enlighten the people about the value of exercising caution when securing their personal information,” the statement continued.
The e-wallet firm further said that its preventative measures adhere to international cybersecurity standards and are consistent with its obligation as a provider of financial services in the Philippines, subject to the BSP’s regulations.