MANILA - The Integrated Bar of the Philippines on Saturday said it is ready to help victims of the BDO hacking incident, and that the bank’s terms and conditions absolving it of legal liability in customers losses was “invalid.”
IBP President Burt Estrada said BDO’s waiver of liability was invalid because it goes against “public policy.”
“In this instance, there is a public policy of protecting the integrity of the banking system by maintaining the confidence of our people in our banking system,” Estrada said in an interview with TeleRadyo.
Estrada was referring to BDO’s electronic banking terms and conditions.
“Loss or damage you may suffer arising out of any improper, fraudulent access or utilization of the BDO Electronic Banking Services due to theft or unauthorized disclosure of User IDs, passwords, ATM PINs/TPINs/MPINs or violation of other security measures with or without your participation,” a section of BDO’s terms and conditions says.
The Bangko Sentral ng Pilipinas has said that such an “all-encompassing disclaimer of legal liability” goes against BSP regulations.
BDO said it has reimbursed close to 700 claims after a “sophisticated fraud technique” affected some of its depositors.
The country’s largest bank said it made the refunds “to maintain good customer relationship” even if BDO was not legally liable.
Some depositors whose claims were denied by BDO meanwhile have said the bank still owes them. They said that like the other victims of the BDO hacking incident, money was stolen from their accounts even though they were careful not to click on links to scams.
Estrada said the IBP is willing to take in pro bono cases especially if it involves public interest. But he said the matter could be resolved without going to court.
NOT DEPOSITORS’ FAULT
Manila Bulletin tech editor and cybersecurity pundit Art Samaniego meanwhile questioned the Bankers’ Association of the Philippines’ statement on the BDO hacking incident.
“You will never be a victim of cybercrime if you would never give your personal information, such as one-time password, to other people,” the BAP has said.
Samaniego said that it wasn’t the depositors’ fault, but BDO’s own security vulnerability that led to the hacking incident.
“Dahil may kahinaan yung sistema ng bangko, mapapasok pa rin at mananakaw pa rin yung pera mo,” Samaniego told TeleRadyo.
(Because the bank’s system was weak, it could still be breached and your money stolen.)
Samaniego added that while BDO reimbursed those affected in the Dec. 10 and 11 “Mark Nagoyo” incident, the account had been getting money as early as Dec. 1.
He also questioned BDO’s claim that its waiver of liability was standard for the banking industry.
While other banks had waivers, their language was not as strong as BDO’s in absolving themselves of liability.
“Sa ibang bangko, hindi ganito ka-brutal ang pagkakasabi (In other banks, the wording is not as brutal),” Samaniego said.
Consumer rights advocate Vic Dimagiba said the BSP should have a stronger mandate in protecting depositors. He noted that the central bank merely refers customer complaints back to the banks themselves.
“They [BSP] will not evaluate the legitimacy and genuineness and reasonableness of your complaint,” Dimagiba said.
Samaniego and Dimagiba said a new law may need to be written to better protect banking customers from hacking incidents like BDO’s.