BDO gets reports of 'potentially compromised ATMs'

MANILA, Philippines (2nd UPDATE) – BDO Unibank said on Friday, June 16, that it received reports of "potentially compromised" automated teller machines (ATMs) after some cardholders claimed to have lost money in their accounts.

"BDO has obtained reports of potentially compromised ATMs following reported losses from cardholders," the bank said in a statement on Friday.

It urged customers who discovered unauthorized transactions in their accounts to contact the bank so that they could be reimbursed after proper investigation.

"Customers with unauthorized transactions may reach out to the bank via formal channels so that their cases may be properly investigated and, where confirmed as impacted, may be reimbursed," BDO said.

"BDO would like to reassure the public that it exerts all efforts to protect its cardholders and their transactions," it added. 

It was not clear in the BDO statement whether the reported problem only affected its cardholders or all also cardholders of other banks who used their supposed compromised ATMs.

BDO received the reports a week after another major Philippine bank, the Bank of the Philippine Islands (BPI), suffered a "system glitch" that led to wrong amounts reflecting in its clients' accounts.

Last month, BDO also suffered a glitch, although on a smaller scale than BPI’s. BDO's connectivity issues prevented customers from using BDO ATM and credit cards, and its online and mobile banking systems for almost half a day.

Don't panic

BDO president and CEO Nestor Tan reassured clients that the bank exerts all efforts to protect them.

He said the issue will be addressed by the shift to the Europay Mastercard Visa (EMV) technology. 

“This is nothing out of the ordinary. ATMs are compromised every now and then, and banks take the pre cautionary measure of disabling cards if we have reason to believe they may have been compromised. Issues on this, will be addressed with EMV implementation,” he added.

The BSP has given banks one more year to fully comply with the mandatory shift to the EMV technology.

“This is a security protocol, moving cards from magnetic stripes to chips, which will make them secure. It is just a matter of time until the industry completes the implementation,” Tan said.

In a statement, BDO urged customers not to panic.

“BDO reassures the public that there is no cause for alarm.  ATMs are compromised every now and then, with skimming being the most common form,” it said.

"To protect our customers, we take the precautionary measure of proactively disabling the cards if we have reason to believe they may have been compromised.  In the meantime, customers whose cards have been disabled can transact over the counter at our branches anytime,” it added.

The problem of ATM skimming has been widely publicized in recent years and has led the Bangko Sentral ng Pilipinas (BSP) to adopt measures to fast-track local banks’ migration of its bank cards to the EMV standard.

EMV cards are distinguishable by the electronic chip embedded in them. They are considered more secure than cards that use the magnetic strip.

In a guideline issued on June 15, the BSP gave banks and other financial institutions until June 30, 2018, to fully comply with the standard, a year past the original target date of January of this year.

Banks that fail to comply with the order will face monetary sanctions from the BSP.

In the interim, the BSP said, non- or partially-compliant banks or financial institutions are mandated to book provisions for probable fraud losses starting September 30, 2017, until full compliance is achieved.  Rappler.com