Compromised BDO ATMs a 'card skimming attack'
The compromised automated teller machines (ATMs) of BDO Unibank Inc. was a result of a localized card skimming hack, the Bangko Sentral ng Pilipinas (BSP) said Monday.
"Actually, the whole incident is very unfortunate especially for affected customers. But the overall consequence is rather overblown. What happened was a very localized card skimming attack on a few BDO ATM terminals," BSP Deputy Governor Nestor A. Espenilla Jr. said in a text message.
On Friday, several BDO account holders claimed there were unauthorized withdrawals from their accounts.
"BDO customers, who used those terminals while an illegal device was installed, got their identity stolen and cloned, resulting in unauthorized withdrawals. BDO has committed to restore the amounts stolen," Espenilla said.
The Sy-led lender said affected customers should reach out to the bank, so cases may properly be investigated and losses reimbursed.
"This is not the first time this has happened because of criminal foreign syndicates. Police are already going after them," Espenilla said.
Earlier this year, the Bank of the Philippine Islands (BPI) said it apprehended at least five Europeans supposedly involved in ATM skimming.
Espenilla noted the long-term solution is for banks to fast track the adoption of the Europay, MasterCard, Visa (EMV) system, with the deadline set on June 30 this year.
“Unlike a magnetic stripe card, every time an EMV card is used for payment, the chip on the card generates a unique transaction code that cannot be used again. This feature, known as dynamic authentication, makes it difficult, if not virtually impossible, and costly for fraudsters to counterfeit EMV cards,” the BSP said in a separate primer.
The central bank said it is closely monitoring the skimming hack on BDO which came a week after an internal data processing error caused several BPI accounts to reflect incorrect balances in their accounts.
"The BDO incident is very different from the BPI incident. In the latter, many more customers were affected, but actually no customer funds were stolen," Espenilla said.
"There was just large-scale wrong account posting due to procedural error of a programmer. Nonetheless, very annoying," he added.
Espenilla told GMA News Online the central bank is now assessing the possible administrative liabilities of BDO and BPI and the appropriate sanctions. "That's a possibility. We are evaluating the full situation." — VDS, GMA News