Cybercrime costs the Philippines millions every year so the central bank has ordered banks to make it harder for criminals to operate. It is a start, but much more needs to be done.
By John Pennington
Cybercrime and online fraud costs the global economy an estimated US$375 billion-US$575 billion every year. In the Philippines, credit card fraud costs consumers more than 500 million pesos (US$10 million) annually. It is high time the country stepped up the fight against the hackers and scammers.
To combat the losses, the Philippines’ Central Bank (BSP) has now ordered banks in the country to firm up their security measures. They will now have to use multifactor authentication. Single-factor authentication processes, such as a password or a PIN, do not provide enough layers of security to prevent fraud.
“The banks need to improve their authentication requirements,” BSP Deputy Governer Nestor Espinalla junior said. “It’s basically elevating the standard. We’re going digital, you have to make the environment also secure. Cybercrime is really an issue so we have to deal with it, we can’t ignore the problem”. He hopes that the revised requirements for banks will help keep consumer’s information safe, prevent money laundering and fight fraud.
Cybercrime in the Philippines is on the rise
In 2013, the government reported that 87% of Filipino internet users had been victims of cybercrimes. According to a Kaspersky report, “Cyberattacks against the Philippines are accelerating at full speed.”
As cybercrime cases continue to increase, complaints are dealt with slowly by the Philippines National Police (PNP). Just 4.7% of complaints recorded between January and November 2016 had reached the prosecutor’s office by the end of January this year.
Rising cases of cybercrime in the Philippines
The Bangladesh bank heist serves as a warning to all banks
The most high-profile cybercrime committed recently was the Bangladesh bank heist of February 2016. Hackers ordered the transfer of US$1 billion from the bank’s account in New York and while most of the transactions were rejected, US$81 million was transferred to the Philippines, where it ended up in the casino industry.
The Filipino government is now working alongside the US Federal Bureau of Investigation to bring the perpetrators to justice. The US suspect North Korea directed the heist and used Chinese middlemen to perpetrate it.
Following the heist, Anand Bindumadhavan, Head of Services & Support Asia Pacific, SWIFT, urged banks to never take security for granted and to be aware of what is happening inside and outside of their organisation.
The BSP has urged banks to do more to combat money laundering and financial terrorism. Banks must now start implementing systems which detect unusual and suspicious activity when dealing with money service businesses.
The Philippines ranks poorly on cybersecurity
The most recent Global Cybersecurity Index, published by the International Telecommunication Union (ITU), ranked the Philippines a long way behind Singapore and Malaysia, who are the leaders among ASEAN countries. The Philippines were ahead of only Vietnam, Cambodia, and Laos.
Global Cybersecurity Index scores, 2015
The ITU reported that the Philippines has no national governance roadmap for cybersecurity. Neither does it have any certified government or public sector agencies certified under internationally recognised standards in cybersecurity.
In general terms, experts say that companies in Europe and the US are more aware of cyberthreats and react to them quicker than those in Asia.
The BSP has a difficult balance to strike
Whereas the US set aside a budget of US$19 billion in 2017 for cybersecurity, that sort of money is simply not available for the Filipino government. Other issues have been pushed to the forefront. Cybersecurity took a backseat before it was prioritised in this year’s budget.
The BSP also has a difficult balance to strike. On the one hand, it must try to prevent the huge losses that are damaging the Filipino economy. Meanwhile, it must ensure consumer confidence as the banking industry moves to a more digital environment. By 2020, some 20% of transactions are expected to be e-payments.
It claims to be upgrading its supervisory framework for technology risk management to, “ensure that public trust and confidence are preserved amid rapidly evolving technological landscape and wider and deeper levels of bank participation in the digital space”.
Parties must work together to achieve results
The BSP cannot make much impact on its own. Teamwork is key for the Philippines to effectively combat cybercrime. Microsoft urged industry partners and the government to work together to improve cybersecurity in the Philippines.
Initiatives include the partnership between the Department of Justice and the National University to deliver a Digital Forensics degree. The partnership may go some way to boosting the numbers of cybersecurity professionals in the country, which is badly needed. There are fewer than 100 practising Certified Information Systems Security Professionals (CISSPs) in the country.
Registered practising CISSPs in Southeast Asia
The PNP Anti-Cybercrime Group is working in alliance with Information Security Officers Group and has formed an anti-fraud working group comprising 32 members.
Gerry Santos, Assistant Vice President of Philippine Bank of Communications agrees that working together is the only way for the Philippines to effectively counter cybercrime. “We may be competitors when it comes to marketing and sales but when it comes to fraud, no man is an island,” he said. “We have to share information. That is the only way we can protect the bottom line.”
The banks must educate while people must be more vigilant
As well as working together with the government and companies, banks must do more to educate their customers. When online, people need to be more careful and immediately report cases to cybercrime units or the local police. Quicker action from the PNP when complaints are made would increase consumer confidence and perhaps discourage scammers from operating.
Agencies, businesses, and individuals must move on from using outdated technology and pirated software. Newer software and systems offer better security against hackers and there is a reported link between cyberattacks and the use of unlicensed software.
Much more still needs to be done to shake off the Philippines’ image as a haven for cybercrime where sextortion was invented. Tightening regulations, bringing competing agencies together to work in alliance, and educating consumers are encouraging developments. However, the authorities in the Philippines are still too many steps behind the criminals.