BSP to digital customers: Practice ‘cyber-hygiene’ on your online transactions

• BSP urged financial consumers to observe ‘cyber-hygiene’
• Cyber-hygiene is part of BSP’s digital literacy program
• Digital literacy is among the programs of BSP under its Digital Payments Transformation Roadmap.

The Bangko Sentral ng Pilipinas (BSP) advises financial consumers to observe cyber hygiene when making online financial transactions. Cyber hygiene refers to practices and steps that users of digital devices and financial services take to ensure online security.

While BSP policies and regulations direct supervised financial institutions to comply with stringent cybersecurity risk management protocols and internal controls, consumers also have the responsibility to reduce their vulnerability to usage errors and be vigilant against financial crimes perpetrated online.

BSP Governor Benjamin E. Diokno noted that, “Cybersecurity awareness and cyber risk management should be part of the daily routine of Filipinos. Every consumer must diligently observe cyber hygiene practices to protect themselves from scammers and fraudulent financial transactions.”

As consumers shifted to online financial transactions during the pandemic, internet banking, mobile banking and e-money remain among the top concerns reported through the Consumer Assistance Management System (CAMS). Most issues pertain to fund transfers, crediting funds to recipient accounts, and unauthorized transactions.

These data underscore that cybersecurity is the shared responsibility of financial institutions and consumers alike. They likewise strengthen the resolve for BSP to intensify implementation of its Digital Literacy Program. This Program aims to increase public trust and confidence in the digital finance ecosystem and encourage massive usage of digital financial services by consumers across all sectors, including individuals, corporations, businesses, and even government institutions.

The BSP sees digital literacy as a core skill necessary for financial consumers to fully benefit from the digital finance ecosystem. Digitally literate consumers are those who understand how to use digital financial services; know the risks of usage and have the ability to protect themselves from such risks; and aware of consumer rights and redress procedures.

Digital literacy becomes more crucial as the BSP implements various aspects of its Digital Payments Transformation Roadmap, which aims to shift at least 50% of retail payment transactions to digital, and to have at least 70% of adult Filipinos owning and using a bank account or e-wallet by 2023.

Through strategic communication campaigns developed under the Digital Literacy Program, consumers are informed and educated on the following:

• How to generate familiarity with digital financial services;
• Reduce their vulnerability to usage errors, scams and frauds;
• Mitigate risk of loss;
• Protect consumer welfare; and
• Ensure positive consumer experiences.

The Program intends to address knowledge gaps that hinder consumers from using digital channels. Data from the 2019 Financial Inclusion Survey shows that 88% of mobile phone owners and 91% of internet users do not use their devices and internet connectivity for financial transactions. They cited lack of awareness and lack of trust as primary reasons.

The BSP is confident that the behavioral shift to digital, observed at the start of this pandemic, will continue as consumers experience the speed, convenience, affordability and security of digital financial services. The BSP will continue to implement regulatory measures to ensure the safety and soundness of the digital finance ecosystem.

BSP advisory on online scams 

It also reminded the public to beware of schemes that prey on vulnerable consumers eager to augment incomes, facilitate financial transactions, or make quick investments. The common types of online scams observed during the pandemic include:

• Donation or charity scams – fake donation drives taking advantage of the public’s goodwill.
• Phishing scams – random emails, calls, text messages or website ads from fake companies or people pretending as personnel of banks, financial institutions, or government agencies, asking for personal information, such as account number, PIN, password, or login credentials.
• Spoofed or fake websites – websites that appear to be legitimate, designed to trick users to give personal information and account details.
• Imposter scams and fake documents – people pretending to be connected to financial institutions or government agencies, such as the BSP; and presenting fake documents, such as certificates of deposits, gold reserves, money transfers and other commercial papers, in order to trick people to invest, make deposits or pay fees.
• Investment scams – people or companies, usually unlicensed or unregistered, offering high-return, low-risk investments (“double your money, get rich quick schemes”).

To combat such scams, the BSP urges the public to practice simple yet crucial steps to ensure the safety and security of their online transactions. These include:

• Scrutinize emails, texts and websites – phishing emails and fake websites usually have spelling and grammatical errors. These also use personal email addresses and unofficial website urls.
• Background check – verify the identity and legitimacy of individuals or institutions requesting for your personal and account information, donations, investments or fees for unsolicited services.
• Use strong passwords – make your account passwords unique, use different passwords for different accounts, and change passwords regularly.
• Use multi-factor authentication – enable security questions, mobile pins (MPIN), one-time-pins (OTP), or text and email notifications for all your accounts as added layers of security when logging-in or confirming financial transactions.
• Keep personal and account information private – do not share account numbers, log-in credentials, MPIN, OOTP, and CVV codes (number at the back of credit cards). Legitimate financial institutions and their authorized personnel will not ask you for these sensitive information.
• Report suspicious communications, personnel or transactions to regulatory authorities – immediately seek assistance from your bank or financial institution. Report to regulatory authorities such as the BSP, when in receipt of suspicious emails, fake websites, imposters, or doubtful documents and transactions.