Mactan, Cebu—The banks as unwitting recipients of funds stolen from GCash accounts have returned 80 percent or just under P30 million of the estimated P37 million that fraudsters carted away from irate account holders last week, Bangko Sentral ng Pilipinas governor Felipe M. Medalla said.
At the sidelines of a workshop/meeting of the Financial Stability Board – Regional Consultative Group for Asia in Cebu today, Medalla said the banks reported having returned the stolen funds back to the various GCash accounts.
“Fortunately, GCash is fast; they traced the two bank accounts where most of the stolen money were lodged. In fact the two banks told me they have restored the money to GCash,” Medalla said.
He said the bank account holders claimed their accounts were merely “lent” to persons whose identities the authorities are verifying even now, otherwise those same account holders face criminal prosecution.
Medalla expressed relief that the GCash fiasco proved a case of phising, where one is fooled into revealing sensitive account details such as passwords, rather than the more serious case of hacking which puts the entire mobile money infrastructure into doubt.
“It turns out in this particular case, it is phishing. For some reason, they (scammers) were able to convince the person to give their one-time password despite all the warnings never share the OTP,” Medalla said.
According to him, a large part of the money were still deposited in two banks when the scammers were caught by GCash trackers.
“Of course, it is better if this did not happen at all. But our source of comfort is that this was not hacking,” he reiterated.
Medalla explained the most stringent security measure in digital banking is useless against account holders who shares their OTP with scammers who exploit a person’s greed.
“The last level of protection is the OTP. In other words, the only way that (access to one’s personal account) happens is if there’s somebody on the other side (for you to share your OTP) and who’s very convincing,” he noted.
