BPI explains human error in systems glitch; BDO discloses 'skimming fraud'

enablePagination: false
maxItemsPerPage: 10
maxPaginationLinks: 10

Metro Manila (CNN Philippines, June 21) — Two major financial institutions assure the public they have corrected recent security concerns in their accounts, as senators move to clear the air on the banking sector.

In a Senate inquiry on Wednesday, Ramon Locsin Jocson, Bank of the Philippine Island (BPI) head of Enterprise Service Group, said the system error in the bank was caused by human error, not hacking.

"On June 6, we needed to reconcile a report from May 26 to May 29...ang in-enter (what was entered was) April 27 to May 2," Jocson told the Senate committee on banks, financial institutions, and currencies chaired by Sen. Francis Escudero.

He added the lapse happened in the information switching technology system, which drives transactions involving automated teller machines (ATMs), point of sale, and cash acceptance.

READ: BPI issues second advisory on error being fixed

Jocson said the concerned programmer, whose identity was withheld, deviated from the procedure to "rush the report."

The programmer was reassigned to another area and denied access to the bank's internal data.

While the glitch affected BPI's electronic channels including ATMs, internet banking, and mobile banking for 27 hours, BPI President and Chief Executive Officer Cezar Consing assured their clients there was "no breach of data privacy."

"The data processing error caused mispostings in the accounts of about 1.5 million of our 8 million clients," Consing said.

The glitch caused unauthorized entries in accounts; some gained billions of pesos and others incurred negative balances.

READ: BPI client finds billions of pesos in account

"These mispostings were much, much smaller than some of the figures that have been circulating in social media," Consing said.

He added BPI took preventive measures to avoid a repeat of the incident, and is working with the Bangko Sentral as part of its remedial measures.

Meanwhile, officials of Banco de Oro also explained questionable ATM transactions on June 16.

Edwin Romualdo Reyes, BDO Transaction Banking Group executive vice president, pointed to ATM skimming.

"Skimming is the unauthorized copying of the magnetic stripe information of the ATM cards," Reyes said.

READ: BDO announces 'potentially compromised ATMs,' calls on customers to report unauthorized transactions

He explained the culprits used illegal devices to access the magnetic stripe which contains the depositor's information, along with the personal identification number to complete a transaction.

Reyes said they traced three separate incidents, affecting seven out of the bank's 3,700 ATMs in three different locations.

"Skimming has been going on for quite a number of years already...However, new technology makes skimming devices...very cheap, and easy to produce," Reyes said.

The Bangko Sentral had issued a directive requiring banks to convert all ATM systems to adopt the Europay, MasterCard Visa (EMV) system for added security. EMV cards have an embedded chip that protects the cardholder's information from identity thefts.

After the hearing, Escudero said their inquiry was to inform the public on what caused the glitches and to avoid confusion and speculation.

"We used it as a venue to placate fears dahil ang daming balitang lumabas (because there was a lot of news)," he said.

READ: Pimentel proposes Senate inquiry on BPI glitch

Escudero added the system errors were not something deliberate on the part of the banks.

"Walang dahilan para i-exaggerate natin yung mga kaganapan sa dalawang bangko na tawaging hacking o terrorist attack." Escudero said.

[Translation: There's no reason to exaggerate what happened with the two banks, for it to be called hacking or terrorist attack.]

Meanwhile, Security Bank issued an advisory on Wednesday afternoon, saying it encountered a "delay in posting banking transactions" in its system.

"The delay in posting banking transactions does not and will not impact the financial integrity of our customers' accounts. While some services were affected, the delay did not prevent our customers from accessing their funds," the advisory stated.