27 June 2017



KAREN DAVILA (KD): Joining us in the studio this morning, Senate chair on Banks, Financial Institutions and Currencies, Senator Chiz Escudero. Welcome back to Hotcopy, Senator thank you for coming!

SENATOR CHIZ ESCUDERO (CHIZ): Karen, good morning. Sa lahat ng televiewers natin, good morning!

KD: Alright. What was shocking that during you conducted is BPI admitted that Php46-M was accidentally withdrawn?

CHIZ: Accidentally or intentionally withdrawn, Karen, siyempre may nakita kang pera sa account mo, winithdraw but according to them they were prioritizing deductions in the account and not really the additions to the account which benefitted some of their clients. I think they are already on that stage and finished with deductions; 'yung mga naapektuhan sa pagbabayad; 'yung mga hindi nakabayad on time; 'yung may penalties na in-imposed; 'yung mga nakanselang kontrata o insurance tapos na sila ruon kaya ngayon kinompute na nila kung magkano 'yung nawala sa kanila.

KD: Now there are people were not able to watch the Senate hearing based on what you've investigated, what really happened? Was it just a glitch?

CHIZ: May isa silang computer specialist na nagkamali. Hindi sinunod 'yung protocol at SOP nila sa paglalagay ng data at because of that from April 27 to May 2 all the transactions within that period were again reposted on June 6. So kung nag withdraw ka ng Php10,000 between April 27 to May 2 lalabas on June 6 nagwithdraw ka ulit ng Php10,000. Kung nag-deposit ka ng Php5,000 lalabas ulit sa June 6 nagdeposito ka ulit ng Php5,000. Ganoon 'yung nangyaring glitch.

KD: But what happened to BDO? Why would it happen again?

CHIZ: BDO is totally different. BDO is skimming. Skimming, meaning they are using devices in order to get through deposits of certain ATM account holders. They are using actually very ingenious devices as soon as technology invented to prevent it; well they will invent it a device to hack into.

KD: OK, I won't mention the third bank because that bank was a part of reinvestigation but some customers tell me that within that short span of time, you have BPI, BDO and there was another bank that got affected. So 'yung customers fear, is this really more than what was said in the hearing?

CHIZ: No, Karen. We tried our best not to hide anything that's why we didn't even call an executive session. We made it completely open to the public but bearing in mind, according to the banks themselves they experienced about 20 to a hundred attempts to hack a day.

KD: A day.

CHIZ: It's just normal even ABS or any other corporation there are attempts and they are just in the peripheries. So it's quite normal especially given our computer technology that…

KD: So they admitted there are attempts to hack, they see it.

CHIZ: There are attacks; there are attempts to getting an account but they are just in the periphery because they have several layers of perhaps of safeguards or defenses. They are just in periphery but according to them; attempts are quite normal – it's any company I guess given the IT that they are using they are also prone to these types of attacks even government for that matter.

KD: OK, now you have a request coming from BPI asking that when it comes to ATM skimming they want stronger penalties.

CHIZ: We will look into it, Karen, because it's still a theft.

KD: What are the penalties?

CHIZ: It's still theft.


CHIZ: Theft depends on the amount in the Revised Penal Code but it's still not robbery: wala kang tinutukan, wala kang sinaktan, wala kang pinatay, wala kang ginahasa we have sort of penalties becomes stiffer this is plain and simple theft and they didn't harm or hurt anyone.

KD: But what about economic sabotage if one ATM you can steal as much as Php4-M.

CHIZ: Well, if they alleged economic sabotage then it's non-bailable, whether it's through ATM fraud; whether it's through smuggling it can fall under economic sabotage and it will carry a stiffer penalty.

KD: So are you saying you don't need a new law?

CHIZ: Perhaps not but we will look into it depende yun on exactly what they want because each ATM machine can carry a maximum of about Php4-M.


CHIZ: That's a maximum.

KD: Yeah.

CHIZ: In fact, that's one of the concerns with Marawi Siege because some banks have ATM machines there which might they filled-up still or which might not be filled-up they have several and I think that's one of the things to look into once they recover the entire area of Marawi which of the the ATM machines are still intact.

KD: So alright, so this hearing's closed. Are you satisfied?

CHIZ: So far, yes unless something new comes up; unless the banks compliance with their shift to a new and better technology that would prevent the type of skimming. They use some fraudsters; I don't think we need another one.

KD: OK, you know what it was in the hearing, is that true? I wish I have my ATM card right now that apparently, that black magnetic strip is not enough. Was it in the hearing that they said you actually need that silver square or rectangular, can you show us?

CHIZ: It's like a card.

KD: Yes apparently it's safer. Yes, OK. So this is actually a credit card but what was said in the hearing.

CHIZ: The black-strip or gray-strip or a white-strip is not enough.

KD: Yes.

CHIZ: You need to shift to EMV which is basically this one.

KD: Yes, this one. OK, which banks have this EMV?

CHIZ: Only the smaller banks are compliant Karen.

KD: That is something.

CHIZ: The Bangko Sentral issued a regulation requiring all banks to shift to EMV by January of this year. They extended it to June of next year because banks – the bigger banks cannot comply given the volume of their customers, depositors and cardholders. But that does not mean they are off the hook. What BSP did was, OK since you have not shifted we are giving you a new deadline but you have to pay certain penalties and fines and number two: you bear the loss of any fraud.

KD: Baka naman maliit ang fine?

CHIZ: Maliit nga 'yung fine pero mas importante dun Karen they will bear the loss in case of fraud committed during the time they haven't shifted yet that's when the case of BPI and the case of BDO, they are bearing the loss of any customer or depositor for as long as ofcourse it can be proven by the depositor. The problem Karen is, we still have to use both, this one and this one; the black strip and EMV, why some countries like the United States and Japan they don't use EMV.

KD: They don't.

CHIZ: So if we shift completely to EMV, your card might not be recognized.

KD: They use the black strip.

CHIZ: They use the black strip. So I think with the BSP did was they suggested that both be used. The black strip can be deactivated once you arrived in the Philippines. But you are still susceptible to fraud when you're abroad and when you are using it whether Japan or United States. So there are some complications with respect to the shift to EMV.

KD: So I'm curious, if the shift to the EMV given that the three largest banks are BDO, I think Metrobank and BPI was there a new deadline? Oo, in that order was there a new deadline given?

CHIZ: June of next year.

KD: OK, so June of next year they all have to shift to EMV.

CHIZ: Finished or not finished, pass your paper.

KD: OK, by June 2018, kapag hindi pa naka-EMV 'yung BDO ATM card ko, what does that mean?

CHIZ: I think they will impose even stiffer penalties. Right now they are penalties but given the reality on the ground, given the volume I asked them point questions lang before the hearing. They explained to me given the sheer volume, I mean you are talking about rural banks, some thrift banks, they have shifted. But the bigger the commercial banks, they're having a difficult time shifting because it entails a big shift too in their computer and IT systems.

KD: OK. Now on another note but slightly related, has the BSP assured you that the country and our banks are protected from something like cyber terrorism?

CHIZ: They have a very big office, it's still an office but they have a very big office dedicated to IT and in fact they have already issued regulations requiring banks to invest in IT. I think BPI was the one who explained they have spent about over Php5-B just for IT to protect their IT systems in order to be ahead.





Copyright 2016. ALL RIGHTS RESERVED Office of Senator Chiz Escudero