Only 80 percent of the unauthorized fund transfers from mobile wallet GCash to several private bank accounts were recovered, Bangko Sentral ng Pilipinas Governor Felipe Medalla said Wednesday.
Medalla said that based on an initial investigation, there was no hacking involved.
“It was not hacking, it was phishing. Luckily, they acted fast enough and recovered 80 percent of what was stolen,” Medalla said in a television interview.
He confirmed that the individuals behind the unauthorized cash transfers withdrew some of the funds, but GCash, the mobile wallet of Globe Telecom Inc., shouldered the balance to return the whole missing amount.
The BSP earlier ordered G-Xchange Inc., the operator of GCash, “to swiftly resolve the deduction of balance in GCash accounts experienced by its customers.”
GXI then agreed to make the necessary adjustments in the affected accounts, according to the BSP.
This was contrary to the initial statement by GCash, which assured that no funds were lost despite complaints of missing money by some users.
“We have already adjusted the e-wallets of all affected GCash users. We wish to reiterate that our customers did not lose their funds on GCash,” the company said in a statement.
Medalla said efforts now focus on tracking down the holders of the private bank accounts where the missing GCash funds were transferred.
Several GCash users earlier reported that their money was transferred to Asia United Bank and East West Bank accounts ending in number 5239.
East West Bank said it was cooperating with authorities towards the immediate resolution of the issue.
Deputy Minority Leader Bernadette Herrera filed House Resolution 963 to launch a congressional inquiry into the unauthorized fund transfer and ensure that digital platforms like GCash operate within the bounds of the law.
The Bangko Sentral ng Pilipinas said fraudsters behind the unauthorized cash transfers targeting GCash users were able to withdraw some of the stolen money.
The central bank chief also said that the security features of local digital payment platforms are satisfactory but consumers need to be vigilant.
He said users should not share their OTP or one-time password, because this is the last level of protection.
“Kasi kahit mapasok ka, pero hindi mawi-withdraw ang pera kasi ang bangko kailangan ng OTP,” Medalla said.
GCash earlier submitted its regulatory report to BSP regarding the incident.
“Kung matetrace natin ang may-ari ng accounts na ‘yon, meron pa rin silang pananagutan,” Medalla said.