By Shiela Bertillo
After the BDO Unibank hacking issue, columnist Boo Chanco questions UnionBank’s Know-your-customer (KYC) credibility, says it should also hold them accountable.
“As for Union Bank, how could someone named Nagoyo been able to open an account? Who was the officer that authorized the account opening? The Know Your Client principle holds the bank accountable,” Chanco wrote.
UnionBank was recently involved with the “Nagoyo” scam where BDO accounts were hacked by a scammer named “Mark D. Nagoyo”, who has multiple UnionBank accounts, the cybercriminal stole up to P25,000 thousand to P50,000 pesos per account.
According to him, UnionBank has a relatively liberal KYC requirement for opening an account online. He also noted that during the pandemic, they onboarded around 1.8 million ayuda beneficiaries.
“I am told that in our poorer barangays, there are syndicates offering P3,000 to P5,000 to buy such accounts. So if you have lost your job or you have already cashed out your ayuda, selling a bank account you will no longer use is a no-brainer,” he said.
Regarding this, Chanco stressed that there should be a law against “mule” accounts or the act of selling your accounts to other entities that may use it for criminal purposes.
Further, he pointed out that UnionBank is also one of the few banks that offers direct linkages to crypto exchanges, which he emphasized makes it possible that “as soon as the funds were received in the mule accounts, they were then used to buy cryptocurrency.”
Chanco also shared the good news that according to a CNN report, banks, at least in the developed countries, have some of the most robust cyber defenses in the private sector. However, the cyber consultant also said that risk-reward calculus is affected by the fact that some sophisticated hackers have recently begun using automation to dramatically speed up their attacks, making them harder to detect.
The columnist stated that the continuous growth of cybersecurity as well as the capabilities of the cyber criminals are a “constant cat-and-mouse game” between companies and hackers.
“It is a big challenge, but one that financial institutions must meet. Public confidence in the industry is at stake,” he added.
On the other hand, the Filipino crypto community also expressed their opinions regarding the hacking incident. According to Luis Buenaventura II, founder of cryptocurrency exchanger BloomX, country manager of gaming firm Yield Guild Games and a regular BitPinas Contributor, neither crypto nor UnionBank should be blamed for this issue. (Read more: Crypto Community Reacted to BDO Hacking Incident)
Meanwhile, BDO denies allegations of changing its terms and conditions for online banking stating that these have long been in place. The updated terms implies that the bank doesn’t have to compensate online hacking victims even if it’s their fault and not of the customer. (Read more: BDO Denies Changing Online Banking Terms Due to ‘Nagoyo’ Scam)
Nonetheless, the Bangko Sentral ng Pilipinas (BSP) guarantees that BDO has given the assurance that victims of the hack will be duly reimbursed.
This article is published on BitPinas: Veteran Columnist: Does UnionBank have weak KYC?