BSP Requires Stronger Identity Authentication Measures for Philippine Banks
Cyber crimes have drastically evolved into more disruptive activities in the past couple of years with criminals taking advantage of the speed of the internet and its backdoor exits for anonymity. The Philippines is not safe from digital criminals who illegally access private information and use this to their advantage. Identity theft and fraud cases continue to be two of the most disruptive crimes committed in cyberspace. As criminals use more sophisticated methods, the Philippine government and complementing organizations are pressed to ensure that citizens and industries are protected in cyberspace with effective policies that put behind bars those responsible and strengthen the safeguards made available by enabling institutions — such as private organizations and its stakeholders.
The Bangko Sentral ng Pilipinas (BSP) has been working hand-in-hand with the banks operating in the Philippines to ensure that Identity Authentication infrastructure and processes would be more effective to protect the users and safeguard critical data for business continuity. Compliance is a minimum and the BSP’s Monetary Board, as of April 2017, has committed to releasing a circular which will “…require banks to improve their authentication requirements through ‘multifactor’ authentication.“ The elevated standards for authenticating identities in online transactions would mean it would be harder to authorize a transaction not until user’s identification has been fully verified. This would surely impact customer experience and could potentially cause more errors both on the side of the user or the technology. But, securing information and identity took the front seat when it came to setting priorities for the banks and BSP. The Bangko Sentral’s Deputy Governor Nestor Espenilla Jr. said that the requirements “…would help safeguard customer information, prevent money laundering and terrorist financing, reduce fraud and theft of sensitive customer information, among others.”
There are several solutions available for businesses in the Philippines to comply to the upgraded policies of BSP. Fraud Detection and Identity Authentication products have become increasingly sophisticated, now offering voice biometrix through which people can confirm their identity without even
saying the actual password. The BSP’s guidelines have yet to outline the minimum compliance requirements for banks, but BSP has been emphasizing the implementation of a multi-factor authentication versus a single-factor authentication.
This commitment from BSP has become very timely due to the campaign of the current administration to eliminate terrorist groups which are largely funded by terrorist-led activities online and offline. Given the recent terror attacks in several parts of the country which have held local and foreign terrorist groups responsible, it is crucial to cover all ends including the cyberspace, to prevent the growth and future attacks of these groups. The BSP has issued Memorandum 2017-009 mandating banks to put in place a system to detect unusually suspicious accounts which could be linked to illegally funding these terror groups.
Cyber crimes have high economic costs for ASEAN countries. If done in a massive scale, it could rob out organizations and shut down entire markets. The growth of the ASEAN community has also made it highly vulnerable to cyber attacks due to the fragmented policies encompassing the cyberspace in the region. The member countries have yet to act cohesively to address this issue. As the member countries move toward regional integration, there could be more opportunities to work collectively to counter these cyber crimes thru more powerful infrastructure and effective policy implementation.