Philippine banks can compete globally but they should be vigilant against cyber attacks that could draw away the trust and confidence of clients and stakeholders, experts said on Wednesday.
Stephen Cutler, chief compliance officer of OmniPay and a 20-year veteran of the Federal Bureau of Investigation (FBI), said banks and other financial institutions like insurance and telecommunication firms must secure their assets in the electronic arena.
“Systems must be protected,” he told the attendees of The Manila Times 4th Business Forum with the theme “Philippine Banking: Does Size Matter?” held at the Marriott Hotel in Pasay City (Metro Manila).
Abelardo Cortez, independent director of First Metro Investment Corp. (FMIC), warned that cyber attacks in Bangladesh and Vietnam should prompt all banks to come up with programs to fight cyber financial crimes.
Cortez said even the British government recently issued an advisory to all banks to stop cyber criminals.
“After the Bangladesh cyber attack, hackers are still very active in the Philippines and globally,” he added.
Palmer Mallari, head agent and chief of the Automated Case Monitoring Office of the National Bureau of Investigation (NBI), urged banks to train their employees on how to detect cyber attacks.
“Cyber crimes do happen in real life like in the case of Bangladesh. Securing the banks from hackers is a special skill. There is an urgent need for sufficient knowledge of computer systems. Only two percent of bank personnel are equipped with skills and knowledge. Even among lawyers, there are very few who are IT (information technology) experts,” Mallari said.
He added that hackers take advantage of a computer user’s vulnerabilities and online habits. Low-level hacking is common either through phishing or keylogging.
He enumerated some tips on how to detect cyber attacks such as wrong spelling in the wordings of the URL, links and names of the website.
Mallari said the Bangladesh cyber attack was traced because of a misspelled word.
“Type the complete URL. Don’t just click the links. Without you knowing it, your personal information like password and bank account number are directed to the site of the hackers,” he added.
Mallari reminded bankers of the simple techniques of hackers like phishing, skimming and keylogging.
Joey Regala, vice president and head of the Information Security of the United Coconut Planters Bank (UCPB) and president of Information Security Officers Group (ISOG), said banks should invest in skills, adding that there are effective counter-measures to fight hackers and avoid cyber attacks.
Emiliano Librea 3rd, chief information officer and partner of Punongbayan & Araullo, said eight banks are under receivership and more than 300 small banks are under investigation, many of them on the brink of collapse.
He added that size matters, contrary to the view of Cutler, who said what is important is to sustain the trust and confidence of clients and stakeholders.
The American said although return on investment or profit is the goal, small and big businesses can thrive only if clients’ trust and confidence are kept sacred.
Speakers cited several hacking incidents such as the case of Joel Mira, who sought the help of the NBI.
Mallari said a hacker was able to penetrate Mira’s email account and the former communicated with Mira’s client, telling him to deposit his payment in the hacker’s bank account.
Mira was victimized by hackers twice in a year.
Mallari said 95 percent of the total reported complaints for online cases are attributed to phishing and keylogging.
He warned against the sending of any personal information through email and not to click on an email’s suggested link.
Spoofed websites that appear with padlocks are most likely fake, Mallari said.
According to him, there are hardware keyloggers that are installed under a computer keyboard or in the cable connecting it with the CPU (central processing unit).
FBI officials warned that people should be on the lookout for highly stealthy keystroke loggers that surreptitiously sniff passwords and other input typed into wireless keyboards.
There are also non-hardware types of keylogging, where the user is enticed to install the attached software for free by clicking on a link.
Other sources include instant messaging, e-mail attachments, download managers, online gaming and porn sites.