Philippines central bank bolsters finance sector against hacking, cybercrime
The Philippines’ central bank has stepped up efforts to protect the banking industry from hacking and theft by approving a series of new authentication regulations, which come as part of a broader push to strengthen the sector against cybercrime.
In late April, the monetary board of the Bangko Sentral ng Pilipinas (BSP) ratified changes to existing regulations, mandating that banks and other financial institutions adopt multi-factor authentication (MFA) techniques for certain transactions.
The measures are aimed at countering cyberattacks that target fund transfers, payments and other transactions through online channels.
In addition, they are part of an ongoing programme undertaken by the BSP and the financial sector to increase bank and client security as the industry adopts EMV technology, the chip-based system developed by Europay, MasterCard and Visa.
The technology uses a chip – contained as a component of bank cards – to store information about the cardholder, a development considered to be more secure than existing magnetic strip technology.
Under the new MFA regulations, scheduled to come into effect by September 30, users will be required to deploy two or more authentication factors before a transaction can be conducted.
These security factors include a password or PIN, or something unique to the user such as a fingerprint or retinal pattern.
The enhanced MFA barriers will also protect users against cybercrime involving cardnot-present transactions, such as those conducted online, by using stronger authentication controls.
BSP has highlighted that the new regulations will reinforce the bank’s existing stringent security controls.
“In particular, MFA is mandatory for those transactions considered as sensitive communications and/or high-risk, such as enrolment in transactional e-services, payments and fund transfers to third parties, online remittance, account maintenance and use of payment cards in e- commerce websites, among others,” it said as part of a media release in April.
While the new requirements will add to banks’ expenses, the investment required to improve security barriers as demanded by the BSP should be more than compensated by the reduction in losses stemming from cybercrime.
Good practice and digital ambitions
Many banks have already upgraded their MFA systems to firewall against cyberattacks, according to Nestor Espenilla Jr, deputy governor of the BSP, who told local media last month that key industry stakeholders had undertaken the measure as a prudent business decision.
“This is a pre-emptive response to the potential increase in card-not-present fraud as cyber criminals try to look for other opportunities, since card fraud has become harder due to EMV chip migration,” he told media.
The push to ensure banks bolster their MFA defences comes amid an increased likelihood of further regulatory updates in the future, particularly following the May 9 announcement that Espenilla will be the BSP’s next governor.
Though not taking up the position until July, Espenilla has immediately set out his priorities, which include further digitalisation of the financial system, boosting market liberalisation and strengthening safeguards such as the MFA upgrades.
In his current role, Espenilla has overseen the still-to-be completed policy initiative mandating banks shift their cards from a magnetic to a chip-based system, part of the BSP’s drive to raise the security bar.
While the shift was initially earmarked for January, some banks are still working to achieve full compliance.
The broader digitalisation drive has been welcomed by many in the industry, as the process reinforces efficiency of services, according to John Cary Ong, senior vice president and head of transaction banking at Union Bank of the Philippines.
“Digital platforms can streamline highly manual processes and make delivery of services efficient and error free,” he told OBG.
“In addition, information from these platforms provides the bank and the customer with relevant insights that enable them to make the right decisions.”
Strengthening regulations maintains rating
Ongoing efforts to strengthen the banking sector’s regulatory framework were cited by ratings agency S&P on April 28 as one of the factors behind maintaining the Philippines’ investment grade rating of “BBB” with a stable outlook.
The country’s banking sector represented a plus in the ratings assessment, the S&P statement said, with the BSP having strengthened oversight of the financial sector.
This, along with modest growth in private sector liabilities and of real estate prices, has contributed to improved system stability in recent years.
The ratings agency said it remained positive about the BSP’s capacity to help sustain strong domestic expansion, while at the same time ensuring economic and financial shocks are prevented.
“This reflects the central bank’s sound record in keeping inflation low and its history of independence,” S&P said.
“The BSP’s new monetary policy measures will improve the effectiveness of monetary policy transmission.”