7 BDO ATMs compromised in skimming: official


Posted at Jun 21 2017 01:05 PM | Updated as of Jun 21 2017 01:32 PM

Executive says bank has disabled compromised cards

MANILA - An official of BDO Unibank on Wednesday confirmed before a senate inquiry that seven of its automated teller machines were compromised in recent skimming hacks.

"The recent events are connected to three separate fraud events that have recently come to the bank’s attention, and they affected 7 ATMs. The seven ATMs are from three locations," BDO Executive Vice President Edwin Romualdo Reyes told lawmakers in a hearing of the Senate committee on Banks, Financial Institutions and Currencies.

Reyes did not disclose locations of the compromised machines.

Reyes said the skimming incident represents only 0.02 percent of its total 3,700 ATMs across the country.

BDO, the country's largest lender, called on depositors last week to report cases of ATM "skimming," just one week after an "internal error" paralyzed electronic services of rival Bank of the Philippine Islands (BPI).

Reyes said 95 complaints from clients have reached the bank and that BDO has disabled cards which may have been compromised.

Under the skimming scheme, a device is attached to a machine that reads and records details embedded in the magnetic strips at the back of an ATM card during a transaction.

A complementing device, meanwhile, records the user's personal identification number (PIN). The details then are combined to create fake cards that may be used to withdraw or purchase items.

Reyes described the magnetic strip as "a 50-year old technology," and that "attempts to defraud it are as old." He said new technology has made these illegal devices cheap and easy to produce and obtain.

Apart from this, he said, a new skimming scheme was also on the rise.

Called "deep insert skimming," the method would be "undetected and will not be visible in conventional anti-skimming protection" systems, he said.

To remedy this, the executive said BDO was upgrading its ATMs.

The bank, he added, will "reimburse all clients affected by unauthorized withdrawals... subject to existing investigation and reimbursement processes."

Reyes said affected customers should file their complaints through proper bank channels, adding that "social media posts and activities will not be actionable from the bank's side without a formal filing."

Affected customers, he added, may have their cards replaced for free.