WATCH | BDO working to stop ‘skimming’

June 21, 2017 - 1:38 PM
BDO clients using the bank's ATMs. (Reuters file)

MANILA, Philippines — Seven of BDO’s 3,700 automated teller machines were affected in three recent incidents of “skimming,” the Senate was told Wednesday.

Edwin Romualdo Reyes, head of the BDO Transaction Banking Group, said they have reviewed 95 incidents of skimming so far and disabled compromised cards even as they continue to investigate the cases.

“Skimming is the unauthorized copying of the magnetic stripe information of ATM cards, the thin black stripe at the back of your cards which stores the details of your card and is necessary for ATM transactions,” Reyes explained.

This is done through devices that read or “skim” the stripe when a transaction is performed, often in conjunction with a second device — often a small camera — to record the client’s PIN or personal identification number as it is keyed into an ATM machine.

The information stolen from the skimmed card is then used to create a fake card and paired with the recorded PIN to perform unauthorized withdrawals or purchases.

Reyes said the magnetic stripe technology is 50 years old and attempts to exploit the system are as old.

He also said more fraud attempts were observed in May and June even as he stressed such incidents were isolated.

But Reyes also acknowledged that fraudsters do a lot of research and development, using new technology and methods of attack that current security measures can find hard to detect.

The bank official reminded clients who notice unauthorized withdrawals to file their complaints through the proper bank channels as social media posts are not actionable.

Affected clients would be reimbursed after a proper investigation and card replacements are free.

Those who find their cards blocked can get a free replacement from their branch.

Reyes also said BDO is upgrading its ATMs, with 1,000 machines already done and the rest of the work to be completed by the fourth quarter of the year.

He assured clients that BDO has a live, real-time fraud system that tracks transactions to determine suspicious or off-pattern withdrawals or purchases. A team also works 24/7 to monitor the system and investigate cases, often anticipating potential skimming attacks and blocking cards to deny fraudsters access to the funds.

There are physical and software security measures in place as well as security personnel who check ATMs for suspicious devices and people acting suspiciously.

Reyes also said EMV (Europay, MasterCard and Visa) migration, which has been continuing since last year, has made cards more secure and fraud-proof.

In a briefing on EMV migration last December, Melchor Plabasan, BSP Core IT Specialist Group head, gave this reminder to clients: “When you receive notification from your banks regarding replacement, definitely the bank will not ask for any information. The bank will simply provide you with a schedule: ‘Your card is now ready and you can now go to your branch of account.’ Basically that will be the information campaign of the banks. If you receive e-mail requesting from other information, let’s say, account information, username, and password, then just ignore the e-mail. Or to be sure, call your bank.”