GCash, the mobile wallet of Globe Telecom Inc. on Friday said it is ramping up partnership with the Cybercrime Investigation and Coordinating Center (CICC) of the Department of Information and Communications Technology (DICT) against fraudsters and other cybercriminals.
Meanwhile, the Department of Information and Communication Technology (DICT) said it has launched a probe on the GCash glitch which resulted in unauthorized transfers of money from hundreds of accounts.
In a related development, Sen. Jinggoy Ejercito Estrada eyes the imposition of imprisonment and as much as P5 million fine against cyber criminals targeting virtual or electronic wallets and similar platforms.
GCash legal and security officials paid a courtesy call on CICC chief Undersecretary Alexander Ramos, days after a system glitch resulting in unauthorized money transfers.
Gilda Maquilan, GCash vice president for public affairs and corporate communications, reported earlier that after receiving reports of irregular funds’ movement from the subscriber’s accounts, the mobile wallet management immediately conducted a probe and detected phishing as the cause of the problem.
She said scammers could have taken advantage of the ongoing SIM card registration and managed to access vital personal information of the victims which were used in the anomalous fund transfers.
Maquilan said the stolen funds were later traced to various accounts registered with Asia United Bank and East West Bank, after which, the full amount were reverted to their GCash virtual wallets.
GCash has signed a memorandum of agreement with the CICC in 2022 in a bid to strengthen collaboration in going after perpetrators involved in phishing, smishing, online fraud and scams, vishing, and other cybercrimes that target GCash users.
Meanwhile, GCash reportedly blocked 3.1 million fraudulent accounts.
The e-wallet management has also taken down 722 phishing sites and 38,000 malicious social media posts and accounts since January 2022.
GCash App, 81M registered users can easily purchase prepaid airtime, pay bills at over 1,600 partner billers nationwide, send and receive money anywhere in the Philippines even to other bank accounts, and purchase from over 5.2 million partner-merchants and social sellers.
DICT Secretary Ivan John Uy said the CICC would lead the probe to check problems with the digital payment platform after receiving several complaints in different instances.
“We are looking into it — a bridge, a leak, a hack, or phishing,” Uy said in a televised briefing.
“Well that is their statement (no hacking), so it has to be investigated by proper authorities to ascertain the veracity of GCash’s claim,” Uy said.
“Medyo self-serving if ever they are the ones who will do the explanation. I think an independent group has to look into it and see that it really happened,” he added.
The DICT chief said they were initiating the probe to also find out whether or not there were lapses in GCash’s security system and make recommendations to correct it.
Affected users may file claims regarding their lost funds from GCash so the platform could determine if these were true.
He advised the public to avoid giving their personal details through SMS and to not log in their credentials through web pages or links sent to them.
Transactions must be done, Uy said, with the bank or e-wallet’s platform or app.
“Kung ang loss ay dahil sa pabaya ng GCash, dapat bayaran yan ng GCash. Kung pabaya ay nasa user, wala nang kinalaman ang GCash diyan,”
he explained.
“Use the app. Kung may matanggap na text na may link, huwag iki-click ang link,” he added.
GCash earlier said its systems were not hacked. The digital payment platform also insisted that no funds were missing as it has returned the money to the accounts of affected customers.
The National Privacy Commission has also ordered GCash to explain the incident.
Uy gave assurance that the GCash incident would not require disclosure of breaches.
But the DICT, he said, would most likely come out with a policy on mandatory disclosures.
“Ibig sabihin kung may nangyaring ganitong mga insidente that affects the public and has connotations on criminal activity, we will require
the entities concerned to disclose (the details) to the government agencies so we can act on it,” Uy said.
He also expressed concerns about the online games on the popular finance app, saying it has “ethical issues.”
“I’m not sure about the legal issues, that’s within the jurisdiction of Pagcor (Philippine Amusement and Gaming Corporation) to ascertain
whether there is a violation of franchises that Pagcor issues with respect to gaming,” he said.
The in-app games could also be used for phishing, Uy said, adding that the links’ security was not guaranteed.
Estrada recently filed Senate Bill No. 2171, or the Bank Accounts, Electronic Wallets, and Other Financial Accounts Regulation Act, to fully equip and empower government agencies and financial regulators to address cybercrimes and provide financial consumers with efficient means to resolve their complaints.
“If authorities were capable to trace those behind hacking or unauthorized transactions, scamming and other modus using the internet
or mobile banking, there should be appropriate punishment of jail term and a heavy fine,” Estrada said.
“And if we don’t want the public to lose confidence on digital transactions, there should be a guarantee that their hard-earned money will be returned to them.
Due to the damaging effect on the economy, Estrada’s measure also classifies commission of large-scale offenses or the use of a mass mailer as a form of economic sabotage and a heinous crime, punishable with life imprisonment and a fine ranging from P1 million to P5 million.
An act shall be deemed committed by a syndicate if it was carried out by a group of three or more persons conspiring with one another, while
those considered as large scale are acts against three or more persons individually or as a group, the bill read.
In his proposed law, Estrada likewise seeks to prohibit money mules, social engineering schemes, and acts abetting in the commission
of the covered offenses.
Money mule involves transfer of illegally acquired money on behalf of a person through an e-wallet or other financial account, while
social engineering schemes include, among others, phishing, tricking users into making security mistakes or giving away sensitive
information.
Those found guilty of acting as a money mule or social engineering scheme will be meted with prison term or a fine of up to P500,000.
If the target or victim of the social engineering scheme is a senior citizen at the time the offense was committed or attempted, the
maximum penalty shall be imposed, Estrada said.
“There is a need to protect the public from cyber criminals and criminal syndicates who target financial accounts, e-wallets, and
other financial accounts or lure account holders into perpetrating fraudulent activities,” he added.
“We need to provide financial consumers with efficient means to resolve their complaints, make it less cumbersome, transparent and
allow quicker resolutions that will be more to their advantage,” he stressed.