Online Financial Services and Digital Banks Should Step Up Against Cyberattacks

In the age of mass digitalization and the COVID-19 pandemic, the rise and demand for online financial services and digital banking have reached new heights, with users mostly opting to transact their purchases and finances at the convenience of their mobile devices and computers. With this rising trend comes risks as well– such as phishing, hacking, and cyberattacks threatening to destroy these innovations in financial services.

In a study conducted by Philippine cybersecurity testing platform provider Secuna, nearly 500 vulnerabilities were detected in 21 private local firms, with most of them being technology and financial services companies. Nearly 60% came from enterprise technology firms, while around 20% came from the financial services industry. According to Secuna, the top critical weaknesses found were “remote code execution (RCE) flaws, SQL (structured query language) injection flaws, and exposed .git repositories.” These allow hackers and cyberterrorists to access various databases and resulting in terrifying data breaches, exposing user credentials and finances. Hackers can also retrieve the source code of an application or online banking portals.

The Bankers Association of the Philippines (BAP) has previously reported that in 2021, more than P1 billion worth of digital transactions, withdrawals, and transfers were unauthorized. The association also noted a rise in cybercrime due to the pandemic. Last December, Banco de Oro (BDO) also fell victim to a cyberattack from hackers using a “sophisticated fraud technique” affecting its customers who experienced various amounts being withdrawn from their accounts. BDO customers aired out their panicked complaints via social media. BDO Unionbank was sanctioned by the Bangko Sentral ng Pilipinas (BSP) regarding the cyberattack just this year.

Earlier this year from January to March, GCash, one of the top e-Wallet services in the Philippines blocked over 900,000 accounts with fraudulent activity.

At present, Secuna has implemented a bug bounty program (BBP) that allows its clients to comply with firms such as the Bangko Sentral ng Pilipinas (BSP) and National Privacy Commission (NPC) to cooperate with various security researchers across the globe. Ethical hackers and researchers also receive incentives upon reporting every valid bug or cybersecurity weakness found in a system.

“Cybercriminals are already testing your app to find potential loopholes that will allow them to compromise your application or server. Having no BBP will leave you clueless about potential vulnerabilities in your application. BBP solves this problem by allowing good hackers to report those potential vulnerabilities,” says AJ Dumanhug, Secuna’s chief executive officer and co-founder.

Should the Philippines (and the rest of the world, at that) decide to fully integrate digital banking and online financial services into their daily lives, even more, cybersecurity strategies must be implemented more stringently, and a lot more initiatives such as the BBP must be imposed, as well as crisis mitigation protocol along with effective user education against scams like phishing.

Sources: BusinessWorld, ABS CBN News, ABS CBN News