Banks tighten safety protocols after ‘Comeleak’

BIG BANKS have assured clients that enough safeguards were in place to curb security risks arising from the recent Commission on Elections (Comelec) data leak affecting 55 million registered Filipino voters.

In an interview on Monday, Bank of the Philippine Islands (BPI) president Cezar Consing said clients may be inconvenienced as banks tighten security protocols but said these are necessary to safeguard banking transactions.

Separately, the Ayala-led bank assured in a statement that in the light of the Comelec data leak, “banking in BPI remains safe and secure.”

David Stoughton, credit payment products head for Citi Philippines, said in a separate statement that Citi had “robust controls in place to prevent unauthorized access and misuse of customer’s information.”

“As far as Citi knows, there were no credit card, bank account numbers or online banking accesses details compromised, hence the likelihood of fraud is low,” Stoughton said.

The Bangko Sentral ng Pilipinas and the Bankers Association of the Philippines (BAP) advised banks on Friday to implement safeguards to protect their clients from the prospective abuse of leaked information.

The recent breach in the Comelec database has caused vital information of voters’ personal data such as address, mother’s maiden name and other information to be made available online.

For its part, the BPI said it had the “strictest and most stringent measures in protecting the data of clients.”

“Our protocols require us to go beyond the usual static information, such as complete name and birthday. We ask for other information that only the clients are expected to know,” the bank said.

BPI noted that it was not using biometric data to effect transactions.

The bank also encouraged clients to take the usual proactive actions to secure their information such as not sharing passwords, not using passwords that are related to personal information, changing passwords frequently and refraining from using public computers and unsecured Internet connection.

The bank also requires verbal confirmation and signed forms from clients when carrying out service requests and offline transactions, BPI said.

For Citi, Stoughton said: “Citi is tightening authentication controls to mitigate potential fraud arising from this breach.”

“The best measure against fraud is for consumers to stay vigilant. It’s critical for clients to ensure their contact information is updated, allowing us to reach them via landline, mobile phone and e-mail to verify transactions. We use these contact details to provide relevant real-time information to our clients,” Stoughton said.

The Citi executive also advised clients using numerous communication channels to never give their credit, debit or ATM card, PIN, one-time PIN/password, mobile SIM card or even personal or account information to anyone.

Read more...