As financial transactions increasingly shift to digital channels, the Bangko Sentral ng Pilipinas (BSP) has urged banks and other BSP-supervised financial institutions (BSPIs) to adopt control measures against cyber fraud and attacks on retail electronic payments and financial services.
Under BSP Memorandum No. 2022-015, the central bank advised BSPIs to remove clickable links in communications sent to customers via email and short message service (SMS) or text messages, and to send notifications through registered mobile numbers or email addresses when requesting changes to customer information.
After thorough risk analysis, the BSP said BSFIs should also implement mandatory notifications for fund transfers exceeding a predefined amount, delays in activating new soft tokens or new device registrations, and a cooling-off period for key account changes.
BSFIs were also urged to personalize SMS messages and emails for banking services; restrict bank officers or representatives from obtaining critical information such as customer passwords, one-time passwords (OTP), or personal information numbers (PINs); create dedicated customer assistance teams for fraud cases; conduct education campaigns against online scams; and adopt strong fraud surveillance mechanisms.
The BSP likewise encouraged collaboration among BSFIs and the use of information sharing platforms such as the Bankers Association of the Philippines’ Cyber Incident Database, to expedite fraud investigations and recovery of funds, and proactively address emerging fraud schemes.
“BSFIs may also need to coordinate with law enforcement authorities for the prompt resolution of cybercrimes, especially those involving public safety and security, pursuant to the Cybercrime Prevention Act of 2012 and other relevant laws and regulations,” the memorandum explained.
