MANILA - (UPDATE) Two lawmakers on Wednesday called on the House of Representatives to investigate the GCash "glitch" which resulted in unauthorized transfers of money from hundreds of e-wallet accounts.
House Deputy Minority Leader and Bagong Henerasyon Party List Rep. Bernadette Herrera filed House Resolution 963 on Wednesday seeking a probe into the Ayala-led fintech's operations "in aid of legislation."
Herrera noted that while GCash has apologized and assured users that their funds are safe, the company did not disclose the extent of the unauthorized deductions.
"I filed House Resolution 963 because I was not satisfied with the announcements, advisories, and statements coming from the financial institutions involved," she said.
GCash on Tuesday said all affected e-wallets had been "adjusted" as of 4 p.m.
Despite this, Herrera said officials of GCash, G-Xchange Inc., Mynt, Globe Telecom Inc., the Ayala Corp., and Ant Financial need to explain the nature, scope, and cause of the unauthorized deductions, as well as their plans to address the issue and prevent its recurrence.
She also wants to solicit the views and recommendations of the relevant government agencies, such as the Bangko Sentral ng Pilipinas, the Department of Trade and Industry, and the National Privacy Commission, on the matter and their plans to regulate digital payment platforms to prevent similar incidents in the future.
Separately, Assistant Minority Leader and Gabriela Rep. Arlene Brosas told GCash to strengthen its data protection mechanisms.
"GCash should be held accountable for this possible data breach. This caused a huge inconvenience and compromised the data of millions of users across the country," Brosas said in a separate statement.
Brosas also pointed out that despite the implementation of the controversial SIM Registration Act, cases of data hacking continue to proliferate.
Brosas said that they will file a resolution to investigate the series of online scams and how digital banking applications are addressing these issues.
GCash must explain the details of the alleged unauthorized fund transfers involving millions of pesos to regain public trust, Laban TNVS President Jun De Leon said on Wednesday.
De Leon was among the 300 members of a group chat of GCash users whose funds were allegedly lost on Tuesday.
GCash returned the "deducted" money the same day, insisting that no funds were lost. The mobile wallet said no hacking occurred. It also apologized for the inconvenience.
However, De Leon pointed out that returning the funds was not enough. GCash did not offer any explanation as to why and how this happened.
"Dapat ang GCash ipaliwanag punto per punto anong nangyari sa system," De Leon said.
(GCash must explain point by point what happened to their system)
"Kung ipapaliwanag po nila sa atin punto per punto kung talagang anong nangyari, kung nawala o meron lang konting problema, sa tingin ko po maibabalik nila ang tiwala ng tao sa kanila," he said.
(If they will explain point by point what really happened, was the money lost or it's just a minor glitch, I think they will gain the people's trust back.)
The Bangko Sentral ng Pilipinas has also instructed G-Xchange, Inc. (GXI), the operator of GCash, to submit the required regulatory report.
"The BSP is also actively engaging with the affected BSP Supervised Financial Institutions to mitigate the impact of the GXI incident," the BSP said.
The National Privacy Commission has also ordered GCash to explain the incident and set a meeting on Friday with officials of the fintech firm.
In a separate interview with ANC, GCash Public Affairs and Communication Head Gilda Maquila said the affected customers "unknowingly accessed a phishing link."
"May deluge of texts. Even the fraudster took advantage of sim registration. Not only that, may merchant site posting they are a certain bank. When you do your transaction there hindi mo alam na meron na palang phishing na nagaganap," Maquila told Headstart.
"Ang nakita namin sa investigation...is that this fraudster, hindi sya nag action during the time that he was able to phish and mine the information from the customer," she added.
Maquila said there were requests to link a device and that an OTP was sent.
"And using those information the fraudster was able to make that transaction," she said.
GCash said it had already intensified its security features by adding facial recognition. It is working with the Philippine National Police and the National Bureau of Investigations to run after identified fraudsters.
GCash said it has about 81 million customer base.
- With a report from RG Cruz, ABS-CBN News