Bank robbers |

ByRichard C. Sloan

Dec 19, 2021

Bank robbers have gone high tech. Unfortunately, neither the banks nor the regulators are prepared to deal with them. Our laws are also so behind the high tech criminals.

In the case of last week, the good news is that BDO Unibank has pledged to reimburse the losses of nearly 700 customers affected by unauthorized electronic fund transfers which resulted in losses of between P25,000 and P50,000. for each depositor concerned.

Nonetheless, the Bangko Sentral ng Pilipinas (BSP) established a task force of cyber and anti-money laundering experts to investigate the case and submit recommendations within 30 days. The BSP clarified that penalties and / or sanctions may be imposed depending on the results of the investigation.

In a way, what happened was not as bad as the experts feared. The nightmare scenario is a ransomware attack on the big banks or even the financial markets, disrupting the flow of money and the trust in the system. If that happens, the panic could be caused by social media on fire with images of broken ATMs or inaccessible brokerage accounts.

The financial sector is a big target for many different groups – from organized criminals seeking to steal money to politically motivated groups attempting to make a statement, CNN commented in a report.

In the BDO case, depositors complained that there were illegal transactions on their accounts that transferred money to the UnionBank accounts of a certain “Mark Nagoyo”. The word “nagoyo” means “to be duped” in Tagalog.

Scammers are obviously thumbing their noses at banks, regulators and depositors. They seem confident that they can get away with their crime.

According to a Manila Bulletin report, they received information from a reliable source that “UnionBank account # 1094211022533 was used to purchase P5 million worth of Bitcoin in the cryptocurrency market on the 11th. December. The hacker siphoned money from BDO victims, transferred it to the UnionBank account number using a fictitious name, and immediately bought him Bitcoin. The crooks rushed to do so over the weekend because they know that complaints are usually handled during office hours.

Bulletin reported finding around 20 names and account numbers used by crooks to receive money from BDO victims.

Apparently when you transfer money the names are irrelevant to the bank. What is important is the correct account number that will receive the transfer. It is true that the Bulletin quotes one of the victims: “When we checked, one of the victims’ accounts transferred money to an account with the name GDHDVD HDJDHDH V verifying what Ellard Chua (a victim ) said that account names are irrelevant in money transfer. “

Victims surveyed by Bulletin all said that cybercriminals did not trick them into clicking a malicious link to obtain their credentials.

When asked what steps account holders can take to protect their accounts, one victim with above-average knowledge of online banking responded, “Nothing. It is a security breach. Until BDO secures its systems, users can only do one thing and that is to turn off their online banking so that nothing can be charged.

As I wrote in a previous column, the government needs to update cybercrime laws and train an elite group of computer experts who can get a head start on cybercriminals. Of course, that will not happen.

Nestor Tan, chairman of BDO, told the Inquirer that the incident “affects a 10-year-old web service that is to be phased out” and that a replacement is expected to be available early next year. Banks must therefore also be one step ahead of the Nagoyos.

The BSP has touted the benefits of digitizing the banking system. But cases like this will seriously reduce the confidence of depositors in the system we have now. Until the BDO tells us what happened, it’s easy to suspect that someone inside the bank is working with the crooks.

As for Union Bank, how did someone by the name of Nagoyo manage to open an account? Who was the agent who authorized the opening of the account? The Know Your Client principle holds the bank accountable.

Apparently, Union Bank has a relatively liberal KYC requirement for opening an account online. In addition, during the pandemic, they integrated around 1.8 million ayuda beneficiaries.

I was told that in our poorest barangays there are unions offering 3000 to 5000 pesos to buy such accounts. So if you have lost your job or have already cashed out your ayuda, selling a bank account that you will no longer use is a no-brainer.

That is why there should be a law against “mule” accounts – the act of selling your accounts to other entities who may use them for criminal purposes. It is akin to fencing.

UnionBank is also one of the few banks that offers direct links to crypto exchanges (e.g., etc.). As soon as the funds were received on the mule accounts, they were then used to purchase cryptocurrency.

The good news, according to a CNN report, is that banks, at least in developed countries, have some of the most robust cyber defenses in the private sector.

But a cybersecurity consultant also told CNN that the risk-reward calculation is affected by the fact that some sophisticated hackers have recently started using automation to dramatically speed up their attacks, making them harder to detect.

“It’s going to be a much bigger threat to financial institutions,” the chief security strategist of a threat intelligence firm told CNN. To keep up with the bad guys, he urged banks to rely more on cyber defenses powered by artificial intelligence.

It is a “constant cat-and-mouse game” between businesses and hackers. “Just when you develop a new defense and think you’re squared,” he said, “an actor will find a way around it.”

It is a big challenge, but one that financial institutions must meet. Public confidence in the industry is at stake.

Boo Chanco’s email address is Follow him on twitter @boochanco

Source link