.png)
In response to the growing threat of cyber fraud, the Bangko Sentral ng Pilipinas (BSP) has issued a new directive urging financial institutions to bolster their cybersecurity measures. As digital transactions become increasingly prevalent, the risks associated with electronic payments and financial services (EPFS) have risen, making it imperative for BSP-supervised financial institutions (BSFIs) to adopt more robust control measures.
BSP Memorandum No. 2022-015 highlights the importance of regular risk assessments for product features, business rules, and application controls. The directive calls for BSFIs to enforce appropriate enhancements and mitigation measures to counter the evolving threats in the digital landscape. Among the recommended practices is the removal of clickable links in communications sent to customers via email and SMS, a move aimed at reducing the risk of phishing attacks.
BSFIs are also encouraged to implement mandatory notifications for fund transfers exceeding a certain amount, delays in activating new soft tokens, and a cooling-off period for key account changes. These steps are designed to provide an additional layer of security, ensuring that any unauthorized activity is quickly detected and addressed.
To further protect customers, the BSP advises personalizing SMS messages and emails for banking services and restricting bank officers from requesting sensitive information such as passwords, OTPs, or PINs. The establishment of dedicated customer assistance teams for fraud cases and the implementation of strong fraud surveillance mechanisms are also key components of the BSP’s recommendations.
Collaboration among BSFIs is strongly encouraged, particularly through information-sharing platforms like the Bankers Association of the Philippines’ Cyber Incident Database. Such cooperation can expedite fraud investigations, facilitate the recovery of funds, and enable a proactive approach to addressing emerging fraud schemes.
The directive also underscores the need for coordination with law enforcement authorities to ensure the swift resolution of cybercrimes, especially those that threaten public safety and security.
As cyber threats continue to evolve, it is crucial for financial institutions to stay ahead of the curve. Implementing the BSP’s recommendations not only enhances the security of digital transactions but also helps build trust with customers in an increasingly digital world.
At Directpath Global Technologies (DGT), we understand the critical importance of cybersecurity in today’s financial landscape. As a Managed Security Service Provider (MSSP), we offer a range of services, including Mobile Threat Defense (MTD), Extended Detection and Response (XDR), Vulnerability Assessment and Penetration Testing (VAPT), System and Organization Controls Type 2 (SOC2) compliance, and more. Our advanced Artificial Intelligence Division is dedicated to tailoring these services to meet the unique needs of each organization, ensuring comprehensive protection across all aspects of operations.
By staying informed and proactive, financial institutions can effectively navigate the complexities of today’s digital environment, safeguarding their operations and their customers against the ever-present threat of cyberattacks. Source: Philippine News Agency
Comments