The Philippines has been witnessing an exponential rise in fraud cases on digital channel since 2013, including on ATMs. According to bank officials, banks and depositors lost $5.5 million alone to ATM fraud attacks over 2013, not accounting for indirect fraud costs. Fraud management expenses contribute rather substantially to the overall fraud cost. In fact, Visa suggests that indirect fraud costs are “at least equal to direct fraud losses, and can often be much higher. Phishing and skimming on websites have escalated and increased in 2013, adding concerns about security, given weak fraud management systems and the industry-wide lack of two-factor authentication (2FA).

While Bangko Sentral ng Pilipinas (BSP) has already mandated banks move to EMV technology for ATM cards by January 2017 it has so far not issued a formal circular on the industry time line for 2FA, although given the rise in digital fraud cases, BSP may be forced to follow through with an implementation deadline no later than end 2015, according to industry resources.

2FA in Singapore and Hong Kong became mandatory for commercial banks in 2006 while banks in Singapore have been introducing and migrating credit cards to EMV chip technology between 2010 and 2012, with the changeover to smart chip technology at terminals to complete this year. Banks in Singapore have also issued new online banking tokens with enhanced security features such as “transaction signing” which came in effect as of end 2012.

In regards to digital banking in the Philippines, only BDO Unibank implemented 2FA for mobile and internet banking. BDO has done this in advance by deciding to fortify its online and mobile banking offerings to protect customers. Initially BDO were looking at tokens and other devices but saw the difficulties for logistics with hard tokens. Since its customers are not just in the Philippines but internationally dispersed, the bank wanted a facility that can be used by all Filipinos, and saw SMS as a viable solution.

The challenge was to find a provider that can deliver SMSes globally and not just to the local market. They were eventually able to work with a solution provider together to allow customers either to use roaming with a Philippine SIM card or a mobile number in the country of residence. While their main concern was cost, the bank found a balance between security, convenience and cost. In addition, BDO already adopted international standard 1024-bit asymmetric key and 128-bit SSL encryption to stop data from being intercepted or tampered with during transmission.

After extensive testing, BDO a 100% delivery rate in times of less than 10 seconds. This included delivery to the majority of countries Filipinos generally migrate to such as Hong Kong and the Middle East.

The result was accelerated online adoption in regards to enrollment and transaction volume. By end of 2013 the bank was growing 131% YoY in customer adoption and grew by 115% YoY in 1H2014. In terms of adoption it also saw higher enrolments in 2014 compared to the period before. The biggest gains however were made in the rise of active users. While BDO counted active users on a positive log in within six months below 30% to total registered users by 2010 this figure has risen to 70% by 1H2014. The bank has reached a total consumer penetration to total retail base of close to 30% and the goals is to bring this to 50% by 2017.

While mobile and interent banking sit on different platforms, customers are able to log in with the same ID and password. The bank’s onboarding process for mobile banking to which requires to first register after downloading the mobile app followed by a one time SMS password. Once the device is registered the device ID is stored in the system. While for intrabank transactions 2FA is not required, outward remittances and 3rd party fund transfer requires 2FA.

BDO regards online and mobile banking as supporting to branches in overall cost reduction but it does generate transactional fees from billing for which it has close to 200 billers, airtime reload for prepaid mobile banking, and payments such as credit card bills and remittances.

They were also the first to offer remittance services within internet banking, a facility that enables customers within the country and abroad to send money to their beneficiaries who do not have a bank account with BDO at minimal cost.

Going forward, the bank is looking how to integrate its offerings across all channels. They are keen to implement an integrated platform whether a customer uses mobile, laptop, desktop or ATM, the same transactions should be performed everywhere anytime. BDO intends to go into peer to peer payments and will be adding some investment faciliablties such as online investment in trusts and equities in the next few months.

Categories:

ATMs & Kiosks, Channels, Innovation, Internet Banking, Mobile Banking, Operational Risk & Security, Philippines, Retail Banking, Risk and Regulation, Technology & Operations

ATMsKiosks,Channels,Innovation,Internet Banking,Mobile banking,OperationalRiskSecurity,Philippines,retail,Risk and Regulation,technology,

ATMs & Kiosks,Channels,Innovation,Internet Banking,Mobile Banking,Operational Risk & Security,Philippines,Retail Banking,Risk and Regulation,Technology & Operations,

Keywords:BDO Unibank, 2FA, Bangko Sentral Ng Pilipinas, EMV, Online Banking Token

The Philippines has been witnessing an exponential rise in fraud cases on digital channel since 2013, including on ATMs. According to bank officials, banks and depositors lost $5.5 million alone to ATM fraud attacks over 2013, not accounting for indirect fraud costs. Fraud management expenses contribute rather substantially to the overall fraud cost. In fact, Visa suggests that indirect fraud costs are “at least equal to direct fraud losses, and can often be much higher. Phishing and skimming on websites have escalated and increased in 2013, adding concerns about security, given weak fraud management systems and the industry-wide lack of two-factor authentication (2FA).

While Bangko Sentral ng Pilipinas (BSP) has already mandated banks move to EMV technology for ATM cards by January 2017 it has so far not issued a formal circular on the industry time line for 2FA, although given the rise in digital fraud cases, BSP may be forced to follow through with an implementation deadline no later than end 2015, according to industry resources.

2FA in Singapore and Hong Kong became mandatory for commercial banks in 2006 while banks in Singapore have been introducing and migrating credit cards to EMV chip technology between 2010 and 2012, with the changeover to smart chip technology at terminals to complete this year. Banks in Singapore have also issued new online banking tokens with enhanced security features such as “transaction signing” which came in effect as of end 2012.

In regards to digital banking in the Philippines, only BDO Unibank implemented 2FA for mobile and internet banking. BDO has done this in advance by deciding to fortify its online and mobile banking offerings to protect customers. Initially BDO were looking at tokens and other devices but saw the difficulties for logistics with hard tokens. Since its customers are not just in the Philippines but internationally dispersed, the bank wanted a facility that can be used by all Filipinos, and saw SMS as a viable solution.

The challenge was to find a provider that can deliver SMSes globally and not just to the local market. They were eventually able to work with a solution provider together to allow customers either to use roaming with a Philippine SIM card or a mobile number in the country of residence. While their main concern was cost, the bank found a balance between security, convenience and cost. In addition, BDO already adopted international standard 1024-bit asymmetric key and 128-bit SSL encryption to stop data from being intercepted or tampered with during transmission.

After extensive testing, BDO a 100% delivery rate in times of less than 10 seconds. This included delivery to the majority of countries Filipinos generally migrate to such as Hong Kong and the Middle East.

The result was accelerated online adoption in regards to enrollment and transaction volume. By end of 2013 the bank was growing 131% YoY in customer adoption and grew by 115% YoY in 1H2014. In terms of adoption it also saw higher enrolments in 2014 compared to the period before. The biggest gains however were made in the rise of active users. While BDO counted active users on a positive log in within six months below 30% to total registered users by 2010 this figure has risen to 70% by 1H2014. The bank has reached a total consumer penetration to total retail base of close to 30% and the goals is to bring this to 50% by 2017.

While mobile and interent banking sit on different platforms, customers are able to log in with the same ID and password. The bank’s onboarding process for mobile banking to which requires to first register after downloading the mobile app followed by a one time SMS password. Once the device is registered the device ID is stored in the system. While for intrabank transactions 2FA is not required, outward remittances and 3rd party fund transfer requires 2FA.

BDO regards online and mobile banking as supporting to branches in overall cost reduction but it does generate transactional fees from billing for which it has close to 200 billers, airtime reload for prepaid mobile banking, and payments such as credit card bills and remittances.

They were also the first to offer remittance services within internet banking, a facility that enables customers within the country and abroad to send money to their beneficiaries who do not have a bank account with BDO at minimal cost.

Going forward, the bank is looking how to integrate its offerings across all channels. They are keen to implement an integrated platform whether a customer uses mobile, laptop, desktop or ATM, the same transactions should be performed everywhere anytime. BDO intends to go into peer to peer payments and will be adding some investment faciliablties such as online investment in trusts and equities in the next few months.

Categories:

ATMs & Kiosks, Channels, Innovation, Internet Banking, Mobile Banking, Operational Risk & Security, Philippines, Retail Banking, Risk and Regulation, Technology & Operations

ATMsKiosks,Channels,Innovation,Internet Banking,Mobile banking,OperationalRiskSecurity,Philippines,retail,Risk and Regulation,technology,

ATMs & Kiosks,Channels,Innovation,Internet Banking,Mobile Banking,Operational Risk & Security,Philippines,Retail Banking,Risk and Regulation,Technology & Operations,

Keywords:BDO Unibank, 2FA, Bangko Sentral Ng Pilipinas, EMV, Online Banking Token