Advice from banks: How to prevent identity theft

MANILA, Philippines – About 55 million voters in the Philippines are likely to fall victim to identity theft after a new website was put up allowing anyone to search for sensitive voter information. (READ: Website leaks Philippine voter data)

On Thursday, April 21, unknown hackers put up a publicly accessible website called “Philippines, we have your data” that allows anyone to input a first name and last name to index a list of possible matches from the Commission on Elections (Comelec) database, which can include their own data. 

These data may be used by scammers to open up credit card accounts using the voter’s name, apply for a job, file tax returns, or even get a medical procedure the voter may end up paying for, International Data Corporation (IDC) IT Services Lead Anthony Rejano said in an interview.

But by taking a few precautions, Filiipino voters can protect themselves from identity theft.

Rappler earlier ran a story on how to mitigate the impact of the leak, and recommendations for government moving forward. (READ: After Comelec data leak, what to do to protect yourself?)

Here’s advice from banks and IT experts on protecting our financial transactions:

Keep personal information off social media

With Comelec data breached, China Banking Corporation’s (Chinabank) head of IT Security Office ISO asked voters to avoid providing indirect sensitive information, like location, and continuously monitor the activity of their online accounts.

“Enable and/or subscribe to text and email notifications and alerts of your FSI. Do not use the same password for online banking and non-banking accounts. Do not surf the web while accessing online banking accounts,” the Chinabank officer told Rappler in a mobile phone reply. “Also, ensure that only your online banking site is open.”

Ask banks to contact you before transactions

“When possible, and through the use of the telephone, make arrangements for your banks and similar institutions to contact you prior to any transaction being allowed to go through, or to have a means of allowing you to authenticate your transaction,” said Pierre Tito Galla, co-founder of Democracy.Net.PH.

As soon as practicable, secure your authenticated National Statistics Office (NSO) birth certificate and other identity certificates, and renew your National Bureau of Investigation (NBI) clearance to have basic identity information in case of a challenge due to identity theft attacks.

Renew identity cards

Galla and Rejano also asked voters to renew identity cards, passports, and licenses, if possible, as these are usually compromised by identity theft attacks. 

Update antivirus and firewall on computers

The Chinabank officer asked voters to use a strong password, change them regularly, and avoid performing sensitive transactions via public networks/WiFi.

“Wherever possible, enable 2-factor authentication (2FA) for your accounts,” Galla added.

Change security questions

Immediately change all security questions and all answers to security questions to information that cannot be guessed from the compromised database. Banks should do the same.

“For example, change all ‘what is your mother’s maiden name’ or ‘what is the name of the street you used to live in’ to other security questions,” Galla said.

Use synonyms and alphanumeric combinations for security answers, like “Baguio” is better typed as “B@gu!0.”

Share cybersecurity practices with peers

“The weakest link in a social network is the one person who did not protect himself or herself,” Galla said. 

In the event of a personal data privacy attack, social engineering attack, or cyberattack, Galla said victims should contact the NBI Office of Cybercrime, Philippine National Police Anti-Cybercrime Group, and Privacy Commission for fast and immediate action. –Rappler.com