This website requires JavaScript.

‘Law needed to protect bank depositors’

‘Law needed to protect bank depositors’

An official of the House of Representatives yesterday underscored the need to craft laws that will protect not just the entire banking industry, but also ensure that the hard-earned money of depositors is safe from hackers. 


“With bank scams being a hot topic before 2021 ended, the extent and limits of a bank’s liability during scamming incidents must clearly be defined,” Deputy Speaker Bernadette Herrera said. 


Herrera, who represents party-list Bagong Henerasyon, said a legislative inquiry (in aid of legislation) is also necessary, for purposes of helping “create better legislation to protect the public from bank scams, electronic or otherwise.” 


“There are technicalities involved when it comes to liability, of course, and it is these technicalities that we want to further understand in order to amend or create the necessary laws to better protect Filipino banking customers,” she said. 


“Needless to say, this is by no means a witch-hunt, or a fault-finding endeavor. Every stakeholder will surely bring valuable, if not actionable, insights to the dialogue,” she assured bank officials who may be invited to what she calls is “a series of probes.” 


The lawmaker likewise mentioned that the alleged scam recently perpetrated by one Lisa Arzaga, a now-dismissed RCBC branch manager, would be a “good test case to determine the exact parameters of institutional accountability.” 


To this end, she invited top bank officials to provide their guidance on the matter. 

The so-called RCBC Fund Scam involves Arzaga, who was the manager of RCBC’s Garnet Road branch. 


She has allegedly defrauded millions of pesos from multiple RCBC clients, one of which is the Inang Nag-Aaruga sa Anak Foundation, a non-profit organization that helps women, especially mothers, in need. 


Arzaga executed her scam by upselling RCBC clients into investing in various RCBC and Malayan Insurance products, but issued fake deposit receipts to the victims, effectively pocketing the money instead of depositing it into the bank or the investment fund, according to the complaint against Arzaga and RCBC’s executives. 


The Bangko Sentral ng Pilipinas (BSP) has already issued two resolutions clearing RCBC’s executives of any liability, but the case has been escalated to the Court of Appeals. 


“What makes this case a good starting point for a legislative inquiry is that the BSP’s decision, despite clearing the accused, actually acknowledged that a scam was perpetrated in RCBC’s offices, by a then-active branch manager,” Herrera said. 

 

‘Don’t share passwords, OTPs’ 


The public should not share their passwords or their one-time password (OTP) to prevent being victimized by scammers in the aftermath of the BDO Unibank online hack, an official of the National Bureau of Investigation (NBI) said yesterday. 


In an interview with dzMM, NBI cybercrime chief Vic Lorenzo urged the public to keep their passwords and personal identification numbers (PINs) confidential. 


Hackers can only access their accounts and illegally transfer funds with these sensitive data if bank customers have been victimized in “phishing,” “smishing” and “vhishing” scams, Lorenzo said, referring to scammers’ modus of duping customers into giving their sensitive information through text message, phone call or scam web pages. 


The NBI official warned the public not to input their passwords or PINs on shady web pages or to share these information to callers falsely representing themselves as bank representatives. 


“If you receive a message asking you to click a link and it leads you to a page that asks for your account information, even your PIN, that’s the first indicator that you are in a ‘phishing’ site. The bank will never ask for this information,” Lorenzo said in Filipino in a separate interview with dzBB. 


“When someone calls you with a sense of urgency that your account will be blocked, this is a first indicator of ‘vhishing’ (or voice-based phishing). Ignore these calls and contact your bank directly because you are already being targeted,” he added. 


The NBI official gave the tell-tale signs of scammers following the arrest of five suspects – including two Nigerians – for the online hack that illegally transferred funds from 700 BDO accounts to the fictitious accounts of “Mark Nagoyo” under Union Bank of the Philippines. 


The hackers already had access to the compromised accounts of bank depositors and were able to find a vulnerability in the bank’s system and generate their own OTPs to facilitate the money transfers, according to Lorenzo. 

Although they were not the masterminds, the two Nigerians arrested were responsible for “synchronizing” the hackers’ movements and falsifying documents such as identification cards and income tax returns. 

“They are also the consolidators, meaning, they direct the cash out by giving the accounts where the funds are consolidated, and they also give the payoffs to the members of the syndicate, including those who make the ‘scam page’ or the ‘phishing’ site,” Lorenzo said. 

The scammers were subjected to inquest for violating the Access Devices Regulation Act and the Cybercrime Prevention Act. 


Lorenzo said the NBI is looking at suing the scammers with economic sabotage, a nonbailable offense under the law. He was referring to the provision on the amended Access Devices Regulation Act, which defines “(t)he commission of a crime using access devices (as) a form of economic sabotage and a heinous crime and shall be punishable to the maximum level allowed by law.” – With Marc Jayson Cayabyab