BSP investigating reported unauthorized GCash transactions

The Bangko Sentral ng Pilipinas (BSP) is now looking at the recent reports of unauthorized fund transfers affecting GCash accounts, with funds said to have been forwarded to other local lenders.

According to BSP Deputy Governor for the Payments and Currency Management Sector Mamerto Tangonan, the recent set of incidents have already been reported by G-Xchange Inc. (GXI), which operates GCash.

“BSP has started looking into this to get to the bottom of this incident and determine the facts to guide appropriate action and GXI will be submitting the required regulatory report to BSP,” he said in an email.

GCash — which currently has over 79 million users — is registered as a non-bank financial institution electronic money issuer (EMI-NBMF). It is a wholly-owned subsidiary of Mynt (Globe Fintech Innovations Inc.), which is in turn a partnership between Globe Telecom Inc., the Ayala Corp., and Ant Financial.

The firm on Tuesday reported a temporary downtime of its system, as it said it extended its scheduled maintenance to investigate the reported unauthorized fund transfers. It said there was no hacking that happened.

It said adjustments to all affected accounts were completed as of 3 p.m. on Tuesday, as it reiterated that their customers did not lose their funds on their respective accounts.

Sought for comment, GCash said it is working with the BSP on the matter but no further details were available.

Funds from GCash accounts were said to have been transferred to accounts under Asia United Bank (AUB) and East West Banking Corp., with both banks now conducting their own investigation into the matter.

“BSP is also actively engaging with the affected BSP supervised financial institutions to mitigate the impact,” Tangonan said.

Meanwhile, House Deputy Minority Leader Bernadette Herrera filed a resolution seeking congressional inquiry on the matter.

“It is the duty of Congress to protect the interests and welfare of the Filipino people and ensure that digital platforms like GCash operate within the bounds of the law. The extent of the unauthorized deductions in terms of the amount and the number of accounts involved has not been disclosed,” she said in House Resolution 963.

Aside from conducting an inquiry, Herrera said the House should solicit the views and recommendations of the relevant government agencies, such as the BSP, the Department of Trade and Industry, and the National Privacy Commission on the matter.

“We must ensure that the rights and interests of the affected GCash users are adequately protected and that they receive appropriate compensation for any financial losses or damages incurred as a result of the unauthorized deductions,” she said.

House Assistant Minority Leader Arlene Brosas, on the other hand, said GCash should be held accountable "for this possible data breach."

"This caused a huge inconvenience and compromised the data of millions of users across the country. If scammers and hackers can easily get away with this, the hard earned money of the people will be stolen in a snap,” she added.

She said the incident showed that the implementation of the SIM Card Registration Act is not enough to stop data hacking.

"This is proof that the SIM Card Registration Act has provided no safeguards,” Brosas added.

GCash in March announced the planned rollout of the GCash card in June, which will give users access to the VISA network with over 100 million shops across 200 countries.

Globe president and CEO Ernest Cu earlier said the company will go public “in time” as he cited public clamor, but noted that there is no timeline set for this so far.

The firm late last year said, however, that it has no plan of an initial public offering (IPO) anytime soon citing the lack of a market amid the “tech winter.”—AOL, GMA Integrated News