As the fintech industry grows, cyberresilience is needed more than ever.
Digital channels and virtual transactions are key to the success of fintech. However, with success comes risks, and now there is an even greater need for financial institutions to practice cyberresilience to mitigate risks and put consumer protection at the core.
Cybercrimes in the Philippines have skyrocketed since the pandemic and do not show signs of slowing down. According to data by Cyfirma, the escalation of cyberattacks from 2020 to 2021 is insurmountable – state-sponsored attacks have increased by 560 percent in just a year; targeted attacks grew 497 percent; targets on government agencies grew 173 percent; and targets on commercial organizations increased by 600 percent. Aside from these, phishing scams have also increased by a whopping 1,100 percent from 2020 to 2021, as well as a 460 percent increase in ransomware, and 300 percent increase in malware.
Cybercrimes can only be mitigated by cyberresilience. Without it, we put the trusted relationships we’ve built with our customers at stake. Unfortunately, many Filipinos have been unsuspecting victims of phishing attacks, which are cybercrimes that specifically attack the credibility of even the most renowned banks and institutions.
Phishing and smishing occur when criminals and threat organizations pose as trusted banks, sending fake links and “lookalike websites” via email or SMS to users in order to obtain their bank credentials, identities, and even one-time-pins. These scams can easily create a breach of trust with clients and irreparable damage to banks and fintech firms. A total of 378 million scams were received daily in 2021, with less than 35 percent of users unaware that it was a scam. The pandemic made it even easier to get away with such crimes – there was a 700 percent smishing uptake in 2021, and a 200 percent increase since COVID-19, with 68.95 percent of phishing scams targeting the Philippine financial market.
Banks and fintech firms have been under siege from such attacks. But how can we mitigate these risks without having to freeze all lines of communication between affected financial institutions and our customers?
It is a given that we cannot get rid of the digital nature of the fintech industry, especially since other markets are already embracing digital assets and virtual currencies. Many citizens are transacting through various blockchain platforms worldwide like cryptocurrency and bitcoin.
According to American blockchain analysis from Chainanalysis, the Philippines ranks 15th out of 157 countries in crypto adoption, with the volume of crypto transactions surging 362 percent in 2021. Because of this rise, new cybercrimes like crypto laundering have emerged. According to the same source, criminals have laundered up to $8.6 billion of crypto in 2021, which is 30 percent higher than the previous year.
In terms of the rise of digital payments, recent data from the BSP showed that the volume of digital retail transactions in the country rose to 30.3 percent in 2021 from just 20.1 percent in 2020.
The FinTech Alliance PH has been advocating for a risk-based regulatory regime that ensures consumer trust and protection across all digital platforms, without hindering innovations for financial inclusion in the country.
This is why cyberresilience is at the forefront of FinTech Alliance PH to ensure consumer protection and confidence. Part of the alliance’s initiative is to convene the Philippine Cyber Resiliency Cooperation Forum among chief information security officers, chief technology officers, and chief risk officers of banks and fintech players.
We need to hone our organizations’ abilities in preparing for, responding to, and recovering quickly from cyberthreats and attacks. With these best practices in tow, we can better protect our retail investors and consumers, enable continuous business growth, and promote massive consumer education without being held back by cybercrimes.
Fintech Alliance PH is closely working together with the BSP, which recently introduced industry-wide initiatives to strengthen banks’ cyberresilience efforts under Circular 1140. The BSP’s goal is to strengthen the financial institutions’ cybersecurity through policies and cyberdefense strategies that will help prevent cybercriminal activities and minimize the losses arising from fraud and identity theft while reinforcing consumer education. Protecting customers from fraudulent schemes is crucial in ensuring consumers’ confidence in using electronic channels for transactions remains intact.
With the surge of digital transactions, this system must be able to process actions real-time while also analyzing customer behavior and detecting new fraud patterns for the future.
Monitoring and analyzing transactions across digital platforms are key in the early detection and prevention of suspicious activities. Actionable insights will also allow banks and fintech players to take remedial action immediately, to avert a full-on cyberattack and its corresponding negative financial impact.
Consumer education is also key in cyberdefense against identity theft and security breaches. Sharing easy-to-understand advisories to consumers about safety measures is a must. These educational materials are not limited to just SMS advisories and marketing and communication circulars – interactive mediums like online quizzes and personal messages and newsletters to consumers are suggested as ways to solidify the bank-client foundation of trust and confidence. With these efforts, consumers will know that the institutions are on top of it, and that our top priority remains to be their safety and protection.
Fintech Alliance, together with the regulators, relevant government agencies, and fellow industry players, is committed to address these evolving threats and risks. Ensuring our customers’ security, safety, and confidence in digital financial services must be primordial. Stakeholders must strengthen constructive dialogue for cyber and vulnerability intelligence, attack discovery, and increased digital risk protection, among others.
This initiative will not only ensure consumer trust and protection, but will also result in a safer, stronger, and more secure digital financial environment for all Filipinos.
Lito Villanueva is the Philippines’ award-winning thought leader on digital transformation and inclusive digital finance. He is the executive vice president and chief innovation and inclusion officer of RCBC. Concurrently, he is the chief digital transformation advisor for the Yuchengo Group of Companies. He is also the founding chairman of Fintech Alliance.ph, the Philippines’ largest organization of startups and unicorns that collectively generates over 90 percent of digital transactions volume in the country today. He was recently elected global chairman of the South Africa-based Alliance of Digital Finance Associations. Among his 100 accolades include being named among the Top 100 Fintech Leaders in Asia, and Top 100 Filipinos on LinkedIn, Mr. Fintech of the Philippines by BizNews Asia, and Chief Innovation Officer of the Year by The Banker.