FINTQ Managing Director Lito Villanueva underscores how cybersecurity is every Filipino’s concern, not just of the government or the banking industry, during the recently concluded Cyber Security Summit which gathered key stakeholders in the public, banking, and technology sectors to discuss how banks and financial service institutions can fortify themselves against rising global cyber attacks that threaten financial data.


[17 FEBRUARY 2017] The Philippines must create a “cybersecurity ecosystem” with involvement from the public and private sectors in order to more effectively combat rising cybercrimes that target banks and other financial institutions, executives from the country’s central bank, the banking industry, and technology providers remarked recently.

During the recent Cyber Security Summit organized by PLDT Enterprise, ePLDT, and Voyager Innovations’ financial technology arm FINTQ, stakeholders in the banking and financial services industry agreed that protecting consumers’ welfare amid growing threats is a shared responsibility among all industry players.

“Cybersecurity is a shared responsibility where each of us has a role to play in making the cyber environment safer, more secure, and more resilient,” said Chuchi Fonacier, Assistant Governor of the Bangko Sentral ng Pilipinas. “This becomes even more important as we enter a new era where technology innovations are deeply entrenched in business models, infrastructure, and delivery channels.”

The Philippines is especially vulnerable to the onslaught of heinous cybercrime, as the growth of the financial sector has coincided with the ever-growing base of internet users. Local banks altogether hold P10 trillion in deposits and P7 trillion in loans. More Filipinos are now online too, with about 47 million active internet users.

‘Perfect storm’

This creates a perfect storm where transactions are increasingly being done electronically for speed in order to cater the needs of digitally savvy customers who expect on-demand, real-time, and customizable financial services, 24/7.

“The threat is here, the threat is real, and the time to act is now. Banks and other financial institutions are naturally among the priority targets to these rising cyber attacks, since they are the gatekeepers of financial data, which most cyber criminals are after,” said First Vice President and Head of PLDT and Smart Enterprise Groups, Jovy Hernandez. “This is also not just a local or Philippine concern, given the latest incidents which uncovered the fact that organized transnational groups are behind some of the most nefarious cyber attacks in recent history.

Based on Verizon data, Hernandez noted that 88% of financial data breaches are distributed denial of services (DDoS), crimeware, and web app attacks.  The sector has one of the expensive data breach costs, he said, estimated at $221 per person worldwide, citing a 2016 Ponemon Institute study.

Aside from fortifying their IT systems, financial institutions can empower their customers to protect their accounts, especially those that can be accessed online. One of the latest fintech solutions is LockByMobile, a service developed by FINTQ that can instantly lock and unlock consumer accounts such as credit, debit, and prepaid cards using their mobile phones.

“Cyber security is not just a concern of businesses or even government. But it is a concern of every Filipino because what is at stake is the personal profile of our individual self,” explained Lito Villanueva, Managing Director at FINTQ. “With more and more device touchpoints available to consumers, companies are left vulnerable with more attack entry points than ever before. Guarding against these threats should be among their top priorities today.”

Government measures

For their part, regulators are making a proactive stance against these imminent threats. The BSP, for instance, is currently working on policy initiatives such as cyber risk management framework, stronger customer identification techniques, sound business continuity plans, and social media risk management.

The SEC requires regulated entities to establish Control Procedures, Internet Risk Manual and Control, Business Continuity and Disaster Recovery Plan, and Comprehensive IT Plan. Companies and securities are also required to conduct regular audit at least one every three years.

“There’s a need for enhanced collaboration and information sharing among public and private stakeholders when it comes to implementing proven methods,” Teresita Herbosa, chairperson of the Securities and Exchange Commission, told a jam-packed crowd.

Financial institutions thus face a great challenge of protecting their big cache of data records while allowing an infinite number of endpoints to exist in order to deliver better, faster services.

Following a cyber attack, banks usually keep it to themselves, worried about bank runs and encountering problems with state regulators. With organized crimes bringing down the global financial system, as what the Bangladesh bank heist has shown, the whole sector needs to work tighter together.

“Today, cybersecurity is the realm of the ecosystem that is designed to be secure,” said Jaime Garchitorena, President and CEO of the Credit Information Corporation. “We have to be able to reach that point where at any given time, each of us properly knows what each of us is doing in terms of security, without necessarily breaching our own concept of security.”

“We are forced by the need of technology and insane drive for convenience that it should be accessible everywhere, anywhere, at anytime,” he added. [END]