This weekend’s brouhaha over the unauthorized transfer of funds from BDO accounts to a Unionbank account with a seemingly bogus name: Mark Nagoyo, took over majority of my social media wall. I am not a BDO depositor but I am an active user my bank’s online facility and if only for that reason, I silently followed the posts and eventually, the news articles that came out one after the other. BDO was quick to assure the public that the affected depositors will be “kept whole” which means they will compensate whatever amount the depositors lost because of the hacking incident.
The Banko Sentral ng Pilipinas said that they are still currently investigating how the criminals over-ruled the one-time password (OTP) that is normally required when transferring funds online. Whenever you try to transfer money from your account to another account (whether within your bank’s system or to another bank), you will be asked to key in the one-time password that is sent to your assigned mobile number. The OTP is only valid for a few minutes; if you fail to key this in, your request to transfer funds will be disabled and you will have to make a new transfer request. It is supposedly one way of protecting your account from unauthorized transactions because the OTP is generated by the system at the point of transfer and is sent only to the mobile number you assigned to your online bank account. This, though, was overruled by the “sophisticated fraud technique” employed by the criminals who siphoned funds from several BDO depositors’ accounts. Scary, right?
I am still waiting for the results of BSP’s investigation — or at least any type of press release to educate us on how to better protect our bank accounts from fraudsters. While I do that, let me share some tips on how we can keep our bank accounts safe (to the best of our abilities) from online bank robbers. I hope these help put our minds at ease.
First, how do these criminals manage to execute online banking scams?
Apparently, there are three ways that criminals can get a hold of your bank information and get into your account without your permission. Here are the three common online banking scams in the country, according to Moneymax.ph
- SIM Swapping
Scammers request telcos for SIM card replacement and then they use the mobile number to access their victim’s personal information, including bank accounts and credit card details.
2. ATM Skimming
This is when your personal information are “copied” through your ATM card or credit card. The information are copied through the magnetic stripe on the back of your ATM. Scammers use an illegal skimming device to do this and are often done on ATMs.
3. Email Phishing
Scammers send you an email that looks like a legit email from your bank. They will ask you to confirm your account information by clicking on a link. That link may take you to an online form where you’ll be asked to provide your personal information, including your bank or credit card details. Once you submit the form, they get a hold of your information that they can then use to get into your bank account.
How to protect your bank from online scammers:
- Secure your personal data.
Be careful where and to whom you give your personal information such as your birth date, addresses, and even the mobile numbers you use or used in the past. Do not post photos of your passport, driver’s license, visa, and other important documents on social media.
Do not reply to emails asking for your personal data. Most legitimate companies that send you emails will almost always include a fine print that says: Do Not Reply To This Email. So, if an email from your “bank” or your suking online store asks that you “reply” with your details, treat it as a red flag and do not reply.
2. Always monitor your bank statements.
When withdrawing from an ATM, always keep the thermal paper that the machine spews out after your transaction. Do not just crumple it or worse, leave it hanging by the ATM for the next person to see and probably, keep.
If you have an app of your bank, regularly check your account. Keep track of online payments you made, online subscriptions that auto-deduct payments from your account, etc. This is the only way you will easily detect unauthorized activities on your account.
3. Change your PIN often.
You know better than to use numbers that are familiar to you: birth dates, house numbers, anniversaries, etc. Change your PIN as often as necessary.
I personally assigned a different mobile number where my bank’s app can send the OTP every time I make an online fund transfer. I did not assign the mobile number of the phone where my bank’s app is installed and in use. This way, even if my phone gets stolen or lost, unauthorized transactions on my bank’s app will always point to my other mobile number that receives the OTPs.
Never let your guard down…
Your hard-earned money should be kept safe by your bank. Do all that’s necessary to protect your account but hold your bank accountable for any unauthorized activities made in your name. Always keep records of your transactions, write down dates of deposits and withdrawals, and keep close track of your online auto-debit subscriptions.
Do not easily fall for online offers, easy-money schemes, and other online offers that are too good to be true. Buy only from trusted brands and legitimate stores, switch between online and COD payments every now and then, and always double-check anything offered online before giving away your personal information.
Protect yourself because you never know who might be monitoring your online activities. Never let your guard down because once you do, it’s “Bella ciao!” to your hard-earned cash.