Try ‘shock-and-awe’ public alerts

The Bangko Sentral ng Pilipinas (BSP), not the Department of Information and Communication Technology (DICT), is empowered to regulate and has the authority to audit firms engaged in business using financial technology. Called “fintech” for short, these companies deliver financial services and products to consumers. This could be in the areas of banking, insurance, investing, lending or anything that relates to finance.

Fintech is among the evolving industries in the conduct of money business online, or through the internet. Combined with the widespread use of devices and gadgets like computers, laptops, smartphones and tablets, it brings speedier and more convenient way of public transactions.

But like any other technology-based business, it is highly susceptible and vulnerable to business interruptions. It can range from downtime due to offline and other unexpected system glitches to the more sinister and criminal activities like hacking and online scamming.

Thanks to the government’s push for digitalization, the number of startups and fintech ventures in this industry have been steadily expanding across the Philippines. The fintech industry counts on the sustained interest of people on the ease and speed of availing of and accessing digital financial services.

A very popular fintech platform for electronic wallet (e-wallet) GCash, with about 94 million registered subscribers in our country, found itself being deluged with public complaints. The Cybercrime Investigation Coordinating Center (CICC), that includes the BSP in this inter-agency body, acted on the complaints reaching them.

Since the CICC is just an investigating body, all complaints are referred to government agencies specific to the transactions involved in the case. Thus, the BSP took over and is currently pursuing the reported GCash cases of alleged unauthorized deductions from their registered customers.

The DICT though suspects there was no external hacking in these reported incidents. But DICT Secretary Ivan John Uy underscored the need to establish a cybersecurity regulator in our country. Moreover, Uy noted with concern, there is no law yet in the Philippines to compel “mandatory disclosure process” for any computer system errors or glitches.

But when a victim does not know where to seek assistance or which responsible agencies of the government to turn to, or feels not being properly attended to, or worse, ignored. This is exactly what happened on the panic triggered by unauthorized transactions that allegedly happened during the All Saints’ Day long holiday weekend.

One of which came out in a Facebook page of a local celebrity that went viral on social media. TV celebrity/comedienne Pokwang complained in her Facebook last Nov. 9 that she was allegedly deducted P2,000 for 30 times. She discovered they were sent to various GCash numbers that were not in her phone list. Details were sketchy on how it happened but she decried losing her hard-earned money.

Acting motu proprio, DICT Undersecretary Alexander Ramos, concurrently the CICC executive director, investigated Pokwang’s complaint. Initially, Ramos found out there was an apparent “organized attack” on GCash transactions during that period. In fact, Ramos noted there were at least 21 other GCash customers who reported to the CICC the same complaints. But only four of them pursued their complaint by providing screenshots of such unauthorized transactions.

According to Ramos, it appears all these cases point to “hijacking” of GCash accounts done by still unknown cybercriminals. The CICC is still receiving similar complaints.

In the case of Pokwang, unfortunately, she did not pursue her complaint after GCash restored the very next day the unauthorized deductions back to her account. But that’s Pokwang.

How about Juan and Juana dela Cruz who have no financial literacy and no presence in Facebook or any other social media account? And how about the other ordinary people who have Facebook presence but are unknown and even ignored because they do not have celebrity status?

In an official statement, the BSP announced last week they started the conduct of their own independent investigation on what happened with the e-wallet platform. “We have a team there on-site, in GCash, and we’re doing an independent investigation, meaning this is independent from what we expect GCash to do,” BSP Deputy Governor Mamerto Tangonan pointed out. Tangonan promised to release to the public once the results of their probe has been completed.

Ahead of the BSP announcement, GCash issued a press statement to explain it was a “product issue” that forced them to go through a “system reconciliation process,” acting on reported complaints of their customers. Visiting us at the Tuesday Club yesterday, GCash vice president for corporate communications Gilda Maquilan told me they are continuing with their internal investigations and closely coordinating with the BSP. Bound by the BSP rules and regulations, Maquilan declined to give further details.

As the chief regulator of fintechs, the BSP must realize the gravity and need for the public to gain literacy in both financial and digital knowledge. These are two distinct animals. There should be intensified doses of information to the public on the latest developments in fintech services. Better yet, conduct a regular education program to teach, train and update the public, especially its customers and clientele, on the latest technology, digital and financial developments.

Lack of trust and awareness is one reason why some Filipinos are still not using digital payments.

The projected fintech growth should be matched by improvements in the financial literacy of Filipinos, especially those in the countryside. And much more important is to intensify and strengthen cybersecurity to protect us consumers amid the growing popularity of these fintech services.

Perhaps, we can all draw from the shock and awe warnings issued lately by the Philippine Atmospheric, Geophysical and Astronomical Services Administration (PAGASA) in the last Super Typhoon Pepito that just crossed the country. Days ahead of the PAGASA public alerts on the projected arrival of Pepito, classes in all levels were suspended, flights cancelled, hotel and resort bookings either shortened or cut, all out of fear of being stranded or caught in the typhoon.

Warned about the “life-threatening” typhoon, it pays to be over-acting. But it is OK to be OA in times of crisis.