[av_one_full first min_height=” vertical_alignment=” space=” custom_margin=” margin=’0px’ padding=’0px’ border=” border_color=” radius=’0px’ background_color=” src=” background_position=’top left’ background_repeat=’no-repeat’ animation=”]
[av_heading heading=’Cybercrime and BSP’ tag=’h3′ style=’blockquote modern-quote’ size=” subheading_active=’subheading_below’ subheading_size=’15’ padding=’10’ color=” custom_font=” av-medium-font-size-title=” av-small-font-size-title=” av-mini-font-size-title=” av-medium-font-size=” av-small-font-size=” av-mini-font-size=” admin_preview_bg=”]
BY NEIL HONEYMAN
[/av_heading]
[av_textblock size=” font_color=” color=” av-medium-font-size=” av-small-font-size=” av-mini-font-size=” admin_preview_bg=”]
January 23, 2018
[/av_textblock]
[av_textblock size=” font_color=” color=” av-medium-font-size=” av-small-font-size=” av-mini-font-size=” admin_preview_bg=”]
THIS is largely in response to a disappointingly defeatist view expressed earlier this month by Nestor Espenilla, Governor, Bangko Sentral ng Pilipinas (BSP).
Espenilla said that a key element of improving the posture of the financial system is changing the mindset of the local population regarding the vulnerability of bank computers to hackers. In particular, he said, both bankers and their clients must discard the mindset that the financial system is impenetrable to malicious elements.
My reaction is to resent being told what my mindset should be. Contrary to Espenilla, I expect bankâs financial systems to be impenetrable to malicious elements. If it is not, I expect my bank to be receptive to my suggestions as to how its system can be made impenetrable.
For example, Standard Chartered Bank has coerced me, by the imposition of outrageous charges, to make instructions for international funds transfers to be electronic. I prefer its previous system whereby I telephoned the bank, reaching someone who knows me. We would have a short conversation which would satisfy him that it is really me who is talking. He would then accept and implement my instructions for the transfer of funds. No hacker, no artificial intelligence system, could duplicate my uniquely idiosyncratic content. Thus, the transfer is safe as far as I am concerned.
The new system, whereby I issue my instructions electronically, has transferred the risk of hacking from the bank to me. This is what happened to Bangladesh Bank whereby its account with the Federal Reserve Bank of New York was hacked. Nobody blames the Federal Reserve Bank; it is the responsibility of the client to ensure that his system is impenetrable. If it is maliciously penetrated, the clients loses, not the bank. Bangladesh Bank, the client, lost US $81 million.
***
The debacle of automated teller machine (ATM) transactions in the Philippines needs to be considered.
The possibility of ATM cards being compromised by âskimmingâ has been known for years. The solution to this problem was solved long ago by having ATM cards with an EMV chip. These cards cannot be skimmed.
In 2012, BSP âinstructedâ banks to implement the migration from the skimmable cards to the non-skimmable EMV chip cards by Jan. 1, 2013. Some banks, for example, Sterling Bank already used EMV cards. Other banks, however, did not comply with BSP, thereby putting their clients at risk. For example, Security Bank was slow to implement the migration to EMV chip cards with the result that during 2014 many of its clients suffered fraudulent transactions because Security Bank still used skimmable cards.
BDO was even slower so that by 2017, a horrendous number of its clients suffered from losses, at least one third of which according to BDO CEO Nestor Tan were not the clientâs responsibility. BDO has only very recently introduced EMV cards.
The ATM mess was avoidable. It happened because banks ignored BSP instructions.
The future?
I expect BSP to take a leadership role in ensuring the safety of banksâ systems. Banks should comply with BSP instructions.
Banks tend to fend off BSP inquiries on behalf of clients by inappropriately invoking the bank secrecy law, Republic Act 1405 passed in 1955. Misconduct by bank employees often goes unrecognized, let alone unpunished, by bank management.
I am glad the National Bureau of Investigation (NBI) is examining some examples of alleged misconduct. Hopefully, the NBI will display the necessary tenacity, not always shown by banks, to curb malpractice./PN
[/av_textblock]
[/av_one_full]