Organized breach at e-wallet being probed

- Advertisement -

The Department of Information and Communication Technology (DICT) is pressing for the passage of the Cybersecurity Act to give the agency jurisdiction and regulatory powers over financial technology companies in the wake of the technical glitch experienced by mobile wallet Gcash over the weekend.

This developed as the DICT’s Cybercrime Investigation and Coordinating Center (CICC) said it is investigating probability of an organized breach of certain GCash accounts that caused the unauthorized fund transfers over the weekend.

Renato Paraiso, spokesperson of DICT, in an interview over dwpm on Monday, said the Gcash incident is a warning to private financial institutions they can be held civilly and criminally liable for actions that affect the rights of consumers.

- Advertisement -spot_img

“They are not exempt from legal consequences. (This incident) could be subject to civil action for damages,” said Paraiso when asked about Gcash’s possible liability.

The incident that started last Saturday involved the unauthorized transfer of funds of GCash accounts in multiple tranches. 

While Gcash on Sunday assured it has completed the necessary wallet adjustments to its affected users and that customer accounts are safe, the incident spawned scams that victimized its clients.

According to Paraiso, some scammers have taken advantage of the incident and were sending messages to Gcash account holders to obtain personal and financial information.

In a statement, Alexander Ramos, CICC executive director said the agency started focusing on organized breach instead of a system glitch when the agency started to look into the case of popular actress Pokwang or Marietta Tan Subong in real life.

In her Instagram account, the 52-year old comedian claimed she lost P85,000 in her GCash account and alleged that unauthorized fund transfers were sent to some accounts.  

Ramos urged Subong and other victims cooperate with CICC and 

The Inter-Agency Response Center (IARC) hotline has so far received 21 complaints on the unauthorized fund transfers over the weekend. The hotline 1326 is toll-free and operates round-the-clock from Mondays to Sundays including holidays.

 Meanwhile, Paraiso said the current regulatory environment is insufficient as it prevents the DICT from gaining access to Gcash system and validate the reconciliation system error that caused the incident.

“When private institutions encounter these problems, we cannot mandate them to give us access to their systems, we can only offer our services. Unless they invite us. (On their part), it is purely voluntary, “he added.

As a financial institution, Gcash is regulated by the Bangko Sentral ng Pilipinas.

Paraiso said as early as Saturday, DICT has reached out to Gcash. The feedback obtained was that there had been an error on the reconciliation of their financial and online records.

“We have no powers over private institutions, unlike with government agencies or bureaus, it is in our mandate (to check their systems). So these are the gaps in the law, This is why we are pushing for Cybersecurity law. These can be addressed by legislation,” Paraiso said.

In GCash’s case, Paraiso said DICT has no way of finding if the incident was caused by hacking, systems error or an inside job.

“There are a lot of possible (reasons),” he added.

The Cybersecurity Act includes provisions for identifying and safeguarding critical information infrastructures (CIIs), as well as potential penalties for underperforming entities in observing the standards and practices to protect digital assets.

Given the recent cyber threats in various agencies, the passage of the Cybersecurity Act could further strengthen the administration’s goal of securing and protecting public digital assets.

- Advertisement -spot_img

“We will continue to work with relevant law enforcement agencies to investigate these incidents, and we encourage our users to remain vigilant against scammers,” Gcash said in a statement on Sunday.

Authors

Share post: