The Market Monitor Minding the Nation's Business
By Riza Lozada and Jerry Maglunog
The series of cases of breach in the security of bank accounts has alarmed banks and their depositors, prompting top lender Metropolitan Bank and Trust Co. (Metrobank) to issue an assurance and advisory to its clients and shareholders that the bank has “sufficient maker-checker controls in place.”
Metrobank said the controls will prevent the incidence of hacking, particularly on the SWIFT code-messaging system that triggered the $81-million bank heist committed against Bangladesh Bank.
Metrobank, like other local banks in the Philippines, has been facing numerous challenges in defending the integrity of its SWIFT code system as investigations of cases of hidden wealth and money-laundering activities pointed to alleged conspiracies being committed by banks.
Last Friday, Bank of the Philippine Islands (BPI) issued a statement also claiming there was no breach of client’s confidentiality of bank account as it investigated immediately the discovery of the reported P211-million deposits with a Makati City branch of BPI of presidential candidate Davao City Mayor Rodrigo Duterte.
Sen. Antonio Trillanes IV said Duterte’s bank deposits were not declared in his Statement of Assets, Liabilities and Net Worth (SALN) ,which public officials are required to issue yearly. In a disclosure to the Philippine Stock Exchange (PSE) last Friday, Metrobank said its president, Fabian Dee, told shareholders during their recent concluded annual stockholders’ meeting that the bank has various levels of control in the review of branch transactions.
He also cited the daily senior management meetings where matters such as significant flow of funds, among other significant transactions, are discussed.Citing the recent controversy on the reported hacking of the SWIFT messaging system, Dee said there has been no confirmation of the alleged hacking of the SWIFT messaging account of Bangladesh Bank.
“There have been reports that it was not a hacking incident at all but rather, a case of duly authorized personnel actually accessing the SWIFT account and sending the messages,” he added.
“Metrobank has sufficient maker-checker controls in place to prevent this from happening,” he said.
Also since the “Comeleak” controversy in which a huge database of the poll body that included sensitive information on voters was reported, banks, on advise of the Bangko Sentral ng Pilipinas (BSP), has tightened security measures on business transactions.One of the sectors viewed to be the most affected are the databases of banks wherein millions of depositors account details were made public as all of them were part of the leak involving 54.3 million registered voters.
The BSP, in a memorandum to banks, said identity theft may occur and banks should strengthen their know-your-client (KYC) checks.
BSP Deputy Governor Nestor Espenilla Jr., however, said banks are ready for any attempt to hack their systems similar to what was done at the website of the Commission on Elections (Comelec).
“(It’s) not really connected with bank databases. The concern is more with possible misuse for identity theft. But our banks are ready for that,” Espenilla said.
“Just for additional safeguard, we issued memorandum-reminder to banks last April 22 to be extra vigilant,” the official said.
On April 20, almost 55 million voters’ records were posted in a website called “GoDaddy.” Information-technology experts said the leak was intentional as it is said that the data were stolen as early as last March 27, and were only posted nearly a month after.
GoDaddy is the domain host where the leaked data were posted while Cloudflare is the security provider of the website. Both companies are based in the United States, according to the National Bureau of Investigation.
For Aruba, a software installer, the threat for anyone’s identity to be used in fraud is very likely, especially if it’s via the automated teller machines (ATMs).
“If most people know that the support of Microsoft to XP has already ended, then they have reason to be worry,” Vinay Anand, vice president and general manager of Aruba, said.
Identity theft, according to Anand, is simple—someone will assume that he or she is the person being identified. If the theft cannot be made via ATMs, the possibility of committing it online, especially via email, is not impossible.