Banks and other financial institutions should empower their clients with greater user controls over their accounts in light of increasing incidents of data breaches globally, including the recent Commission on Elections (Comelec)-related data leak allegedly exposing personal sensitive information of more than 55 million voters in the Philippines, an executive from a local tech company said recently.
“Given that there are over 39 million unique bank depositors with more than 49 million deposit accounts, and about six million credit card holders in the country today, these account holders may now be potential targets of identify theft. With all sensitive data reportedly being exposed, financial institutions and consumers are more vulnerable,? said Lito Villanueva, managing director for FinTech at Voyager Innovations, the digital innovations units of PLDT and Smart Communications.
The entire banking industry, including the Bangko Sentral ng Pilipinas (BSP), has now fully expressed great concern about this recent security breach.
“Customer identification procedures of BSP-supervised financial institutions that rely on static information which may be obtained from the disclosed Comelec records should be supplemented by requests for additional proof or secondary information to establish true identity of new and existing clients,” BSP deputy governor Nestor A. Espenilla, Jr. said in a memorandum to banks issued on April 22.
While taking reactive measures such as changing passwords and reviewing other authentication methods will help mitigate the effect of the breach, enabling consumers to fully secure an account by taking control over how, when and where a bank account or a credit card can be used is a much better proactive solution to such incidents.
?Data breaches have been increasing in recent years. Recent incidents have shown that even the biggest companies and government agencies are vulnerable to these leaks,? explained Villanueva.
While the reported Comelec leak could be considered as the biggest data breach for a government asset thus far, there have been incidents of graver proportions such as what happened to eBay (145 million comprised accounts in 2014), Home Depot (56 million accounts in 2014), JP Morgan Chase (76 million accounts in 2014), and Ashley Madison (80 million accounts in 2015), among others.
The alleged Comelec data breach includes sensitive information such as home addresses, mother?s maiden names, birth dates, and passport numbers, data usually required by banks for identity verification of account holders.
In the hands of cyber criminals, such information can lead to identity theft and accounts takeover. Banks are now starting to advise their customers to take reactive steps to update their passwords and other personal information with their banks.
But Villanueva said taking a more proactive approach to security of financial accounts through greater user controls would help ensure that even in future data leaks, users are able to fully secure their accounts and avoid any unwanted use of their fund.
?It is now imperative for banks and other financial institutions to build more layers of security to further fortify their respective cyber defenses. But the technology to give users full and flexible control over their financial accounts is already present today, and financial institutions only have to enable it for their users for their own peace of mind,? Villanueva stressed.
The Voyager executive is referring to a breakthrough innovation called LockByMobile, which empowers users with a number of controls over how their credit, debit, ATM and prepaid cards can be used, such as:
? ?lock? and ?unlock? their accounts via the mobile app so they can only be used when the user toggles the controls;
? define an amount threshold for transactions;
? limit the merchant categories where their accounts can be used;
? limit the transactions to certain locations and currencies;
? set an auto-lock to secure their cards automatically; and,
? receive push notifications in real-time with transaction details, or if the transaction has been approved or declined based on your lock settings.
?Because all of these controls are available via the user?s mobile phone, they are always updated and informed about specific activities related to their accounts,? he added.
LockByMobile is the world?s first mobile-based, anti-fraud security service developed and globally patented by Voyager Innovations to help prevent rising incidents of card fraud, which has beset many users the world over.
Recognized by the GSMA in as an outstanding innovation in 2009, it is now available to participating financial institutions and card issuers worldwide.
Additionally, the LockByMobile system is currently in the process of integrating with the Visa Consumer Transaction Control (CTC) application programming interface (API) to provide Visa cardholders from participating banks in the Philippines and key markets worldwide with spend control functionality, a collaboration announced during the recently concluded Mobile World Congress in Barcelona, Spain.
By integrating with Visa’s CTC API, banks and other financial institutions can quickly and easily offer various LockByMobile functionalities to their users, helping ensure that they remain safe and protected from fraud across most financial transaction channels.