Philippines Fintech Requires Robust Cybersecurity to Fight Off Bad Actors
by Rebecca Oi November 23, 2022Concerns and awareness about cybersecurity have been at the forefront as the Philippines increase digital payment services and move towards a cashless society. The parallel relationship between usage and scam has been evident in the age of fintech, and the Southeast Asia country is no stranger to this.
According to Business World Online, the Bangko Sentral ng Pilipinas (BSP) reported fraud and scam complaints involving a total of ₱2 billion worth of financial transactions from 2019 to 2021, with 2021 accounting for ₱540 million in transactions in the complaints received by the BSP’s consumer assistance mechanism.
Internet security Kaspersky said that its anti-phishing system blocked a total of 12,127,692 malicious links in Southeast Asia in the first half of 2022 with more than half of these were targeting users in Malaysia, the Philippines, and Vietnam.
The Credit Card Association of the Philippines (CCAP) also observed that credit card fraud in the Philippines had risen 21 percent since the coronavirus pandemic.
Alex Ilagan
In a statement, CCAP executive director, said,
“The industry has been experiencing high volumes of fraud cases causing financial detriment. These perpetrators have committed fraud using the various digital payment platforms.”
Steps towards cybersecurity (preventive solutions and countermeasures)
The Filipino government first highlighted the importance of cybersecurity through its launch of the National Cybersecurity Plan 2022 (NCSP) in 2017.
This plan was a statement from the government in its efforts to bolster cybersecurity in the Philippines, with the aim of assuring the continuous operation of the nation’s critical infrastructures, public and military networks, and protecting small and medium enterprises to large businesses, corporations and its supply chains, as well as every Filipino using the internet.
The BSP has made efforts to ensure every financial institution it supervises offering electronic payments and financial services must undergo its approval process, which is rigorous and equipped with mechanisms that protect consumers.
BSP also announced that it would soon deploy its recently completed Advanced SupTech Engine for Risk-Based Compliance (ASTERisC*) among selected BSP-supervised financial institutions (BSFIs) to strengthen the industry’s cybersecurity through technology-based supervision.
The solution aims to streamline and automates regulatory supervision, reporting, and compliance assessment of BSFIs’ cybersecurity risk management, as stated in “BSP to deploy SupTech, RegTech for cyber resilience”.
State-owned Development Bank of the Philippines (DBP) has signed a Memorandum of Agreement (MoA) with the Cybercrime Investigation and Coordinating Center (CICC) to strengthen the bank against potential cybersecurity threats further and boost its capacity to defend critical system infrastructure.
Closing the gap: Knowledge, Policy, and Skills
In its report “Cybersecurity in the Philippines: Global Context and Local Challenges,” Secure Connections highlighted its recommendations to close the gap in three specific areas: knowledge gap, policy gap, and skills gap.
Closing the knowledge gap requires creating greater awareness about the cybersecurity context on a larger scale, generating data about incidents to understand security gaps and identify solutions, and sharing information among cyber communities to let one’s incident be a lesson to others.
In order to address the policy gap, security standards must be enforced to protect public institutions’ critical information infrastructure and systems and ensure that orders in place are implemented efficiently and effectively. Mandates across government agencies can also be put in place to ensure security mechanisms are in order.
Skills and technical know-how have always been integral in cybersecurity. Developing a culture of awareness, supportive training, and capacity building for talents can manifest cybersecurity as a way of life through educational institutions. Ultimately, cybersecurity should be seen as everyone’s responsibility and cultivated as a habit of every household.
Fintech firms’ relation to cybersecurity
The fintech industry has many incidences related to cybersecurity, with the products and services they offer becoming the subject of scams and fraud.
Recognising this, FinTech Alliance Philippines announced a partnership with CYFIRMA, an external threat landscape management platform company, to help elevate cybersecurity maturity while promoting digital innovation to create growth opportunities and accelerate financial inclusion.
The collaboration allows a security-by-design approach in software development and is part of efforts to build a robust digital finance ecosystem resilient to cyber threats.
Kaspersky urged the Philippines to collaborate with its neighbours in the region and partner with more private companies to bolster its cybersecurity landscape.
Genie Sugene Gan
Genie Gan, head of Kaspersky’s public affairs and government relations for Asia Pacific and the Middle East, Turkey, and Africa, said to improve the country’s cybersecurity, there must be “public-private partnerships (as well as) regional and international cooperation,” adding that Philippines’ cybersecurity readiness as “intermediate.
Yeo Siang Tion
Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky, elaborated,
“Cyber threats are here to stay as it is parallel with the digitalisation drive in the Philippines. The latest study even projected a P5-trillion digital economy in 2030, a huge opportunity that will be realised best if digitalization efforts are built upon trusted and transparent cybersecurity foundations.”
About the potential and proactive approach needed, Yeo added, “Organizations, industries, and governments will always be lucrative targets for cybercriminals, but through collaborative multi-stakeholder efforts, we can explore strategies and expand our cybersecurity implementation as we enhance our confidence and trust in technology. When a country achieves cyber-resiliency, the digital future no longer becomes a scary unknown realm but a place with endless growth opportunities.”
