The Bangko Sentral ng Pilipinas and the National Privacy Commission said Wednesday they are investigating earlier reports of unauthorized cash transactions from Globe-backed fintech giant GCash.
The Department of Justice is also looking at the reports, but Justice Secretary Jesus Crispin Remulla said the mobile wallet service may not be legally liable if it was able to immediately rectify the “glitch” in its system, which saw some users losing a reported P37 million in funds.
Remulla assured the public that the DOJ Office of Cybercrime will take action if hacking into GCash user accounts was involved.
“I think they’re correcting it already… I don’t think they can be liable because glitches are expected but rectification is more expected also. Of course, we are ready to tackle cases of cybercrime. That’s one of our mandates,” he said.
As for GCash users who have yet to regain their funds, the Justice chief said that these could be the subject of prospective complaints.
The Privacy Commission, meanwhile, also ordered GCash to explain the incident and set a meeting on Friday with officials of the fintech firm.
In a separate interview with ANC, GCash Public Affairs and Communication Head Gilda Maquila said the affected customers “unknowingly accessed a phishing link.”
In a statement Wednesday, BSP said it has ordered G-Xchange, Inc., the operator of GCash, “to swiftly resolve the deduction of balance in GCash accounts experienced by its customers.”
BSP also said it has directed GCash to submit the required regulatory report on the unauthorized transactions which, according to affected clients, involved the transfer of amounts from their GCash accounts to banks.
“In response, GXI has expressed its commitment to make the necessary adjustments in the affected accounts,” the BSP statement said.
The central bank said it is also actively engaging with its affected supervised financial institutions “to mitigate the impact of the GXI incident.”
GCash had already assured its users Tuesday morning their funds were safe after some customers experienced unauthorized deductions to their accounts.
GCash said services were restored after users may have had experienced difficulty accessing their accounts.
“We extended our scheduled maintenance to investigate and determined that no hacking occurred,” it said, adding any deduction from a GCash account will be adjusted before 3 p.m. on Tuesday.
“We apologize for the inconvenience. The app is now back up and rest assured that your funds are safe,” the statement said.
GCash also recommended that clients restart their phones to avoid any issues. Its service has over 81 million registered users.
Sen. Ramon Revilla Jr. also asked the BSP to enforce measures demanding greater transparency and reliability from e-wallet service providers following the GCash reports.
He said the losses incurred compromised many Filipinos’ need to access their funds.
Meanwhile, House Deputy Minority Leader Bernadette Herrera filed a resolution seeking a congressional inquiry into the matter.
“It is the duty of Congress to protect the interests and welfare of the Filipino people and ensure that digital platforms like GCash operate within the bounds of the law. The extent of the unauthorized deductions in terms of the amount and the number of accounts involved has not been disclosed,” she said in House Resolution 963.
House Assistant Minority Leader Arlene Brosas, on the other hand, said GCash should be held accountable “for this possible data breach.”
“This caused a huge inconvenience and compromised the data of millions of users across the country. If scammers and hackers can easily get away with this, the hard earned money of the people will be stolen in a snap,” she added.
The progressive Akbayan Party challenged the popular e-wallet service provider to come clean on the details of over 300 reports of lost transactions depleting GCash users’ funds.
“If there has been no problem, why is it there is a need to restore (something in the system)? It good to hear that GCash was able to fix the problem, but that is just not enough. Was there really hacking that took place? Was there a breach of security? Was the money of the ordinary Filipino really safe? GCash has a lot of explaining to do,” party president Rafaela David said.
Gotianun-led East West Banking Corp., one of the most consumer-centric lenders in the country, also said Tuesday that it was looking at reports that a certain account in the bank was a recipient of unauthorized cash transfers from GCash.
“EWB immediately acted on these reports and initiated its own internal investigation. Rest assured that we are cooperating with authorities and other institutions involved in the said report,” the bank said, adding it is working toward the “immediate resolution” of the matter.
According to BSP Deputy Governor for the Payments and Currency Management Sector Mamerto Tangonan, the recent set of incidents have already been reported by G-Xchange Inc. (GXI), which operates GCash.
“BSP has started looking into this to get to the bottom of this incident and determine the facts to guide appropriate action and GXI will be submitting the required regulatory report to BSP,” he said in an email to reporters.
GCash is registered as a non-bank financial institution electronic money issuer (EMI-NBMF). It is a wholly-owned subsidiary of Mynt (Globe Fintech Innovations Inc.), which is in turn a partnership between Globe Telecom Inc., the Ayala Corp., and Ant Financial.
Funds from GCash accounts were said to have been transferred to accounts under Asia United Bank (AUB) and East West Banking Corp., with both banks now conducting their own investigation into the matter.
“BSP is also actively engaging with the affected BSP supervised financial institutions to mitigate the impact,” Tangonan said.