To guard consumers against fraud and cyberattacks, the Bangko Sentral ng Pilipinas (BSP) has ordered banks and other financial firms to ramp up security measures, especially when sending text messages or emails to clients.
The central bank said that as financial transactions increasingly shift to digital channels, BSP-supervised companies must adopt robust control measures against cyber fraud and attacks on retail electronic payments and financial services.
In particular, SMS or text messages as well as emails that financial firms send to customers in relation to their banking services must be personalized rather than in a generic form.
Related to this, the BSP advises financial firms to remove clickable links in communications sent to customers.
A basic measure is to send notifications to customers through registered mobile numbers or email addresses when requesting changes to customer information.
This is important in that banks, after thorough risk analysis, should implement mandatory notifications for fund transfers that exceed a predefined amount, delays in activating new security tokens or new device registrations, and a cooling-off period for key account changes.
Restrict critical info
Banks should also restrict officers or representatives from obtaining critical information such as customer passwords, one-time passwords or personal information numbers.
Further, financial firms must create dedicated customer assistance teams for fraud cases, conduct education campaigns against online scams and adopt strong fraud surveillance mechanisms.