The reimbursement process for BDO clients who lost money to hackers will depend on whether they "voluntarily" gave away personal details that enabled fraudsters to access their accounts, the central bank said Tuesday.
While "innocent" customers lost their money without clicking on suspicious links or giving away their one-time password or OTP, there could be some who got tricked into giving the sensitive data away via phishing scams, said Mhel Plabasan, director of BSP Technology Risk and Supervision Department.
Plabasan said fraudsters likely took advantage of BDO's 10-year-old web service, which was due for replacement by 2022. This web service is used for mobile applications, which could be why only those with BDO mobile or internet banking accounts were affected.
"There are also phishing victims who voluntarily provided credentials, who gave away their OTP to fake customer service... That's why BDO and BSP are conducting several investigations to identify who are the innocent victims in this particular incident," he said.
"The bank usually does not restitute clients who are called negligent," he said.
NEWS YOU CAN USE:
Getting Too Many Spam Texts? We Asked Globe, Smart for Help
How to Turn On Two-Factor Authentication, Avoid Getting Hacked
While banks have the responsibility to protect their clients, depositors should anlso do their part in protecting their accounts, Plabasan said.
"The downside really of us going digital, hackers or fraudsters have also become very creative that's why vigilance is required for the consumers and the banks should always be poroactive when it comes to adapting robust security measures."
Bangko Sentral Governor Benjamin Diokno gave the task force formed to investigate the hacking 30 days to finish its work, Plabasan said.
"We have to make sure all vulnerabilities on the part of BDO, receiving bank, or Instapay will be resolved or will be remediated," he said.
Based on preliminary investigation, Plabasan said there are real people behind "Mark Nagoyo", the beneficiary of the "donations" where victims supposedly sent their money to.
"We will ensure the person behind Mark Nagoyo and the accomplices will be dealt with to the fullest extent of the law," he said.
ALSO READ:
How Spam Texts are Used to Steal Your Data
EXPLAINER: How Spam Texts are Used to Steal Your Data
Reportr is now on Quento. Download the app or visit the Quento website for more articles and videos from Reportr and your favorite websites.