In the bustling landscape of the Philippines’ rapidly evolving financial sector, the digital revolution has ushered in an era of unprecedented opportunities and convenience. As the nation embraces open banking and interconnected Application Programming Interfaces (APIs), providing a gateway to seamless financial transactions, a critical concern arises — cybersecurity. At this year’s Singapore FinTech Festival (SFF), UnionBank of the Philippines took center stage to talk about its robust response against the exponential growth of cyber threats.
Joey Rufo, SVP, Chief Information Security Officer and Data Protection Officer of UnionBank led a product showcase session at the SFF Technology Stage and presented “Securing Open Banking Against Cyber Attacks, Powered by UnionBank.”
The UnionBank CISO shed light on the rapid growth of digital banking in the Philippines and the corresponding surge in cyber threats. He identified the challenges faced by financial institutions, particularly regarding open banking and APIs, and outlined the steps taken by the Bangko Sentral ng Pilipinas (BSP) to fortify the industry against cyber criminals.
Rufo emphasized the significance of open banking and APIs in creating an interconnected ecosystem where banks, financial institutions, and fintech companies seamlessly collaborate through hyperconnected highways. This interconnectedness aims to provide a superior and secure customer experience, especially crucial in a country where a significant portion of the population lacks access to traditional financial services.
As digital banking gains momentum, opportunistic cybercriminals are exploiting the expanded attack surface presented by the API economy. The UnionBank cybersecurity executive highlighted a global surge in cyber incidents, citing examples from the Philippines, where a substantial portion of the population joined online banking platforms during the pandemic. The increased user base created a ripe opportunity for cyber attackers.
Acknowledging the escalating threats, the BSP took a proactive stance by releasing a memorandum circular mandating standardized controls across the financial services industry. This initiative aims to ensure that all banks, fintech firms, and related entities adhere to uniform protocols, thereby minimizing vulnerabilities and creating a collective defense against cyber threats.
Rufo elucidated the potential consequences of cyber attacks on the digital banking landscape. The most alarming scenario highlighted was financial fraud, which could lead to substantial consumer losses and damage the reputation of digital banking services. The impact includes slow performance, accidental disclosure of sensitive information, and regulatory penalties.
To simplify the technicalities, Rufo outlined the common tactics employed by cybercriminals against banks and their customers: business logic bypass, enumeration attacks, denial-of-service attacks, and token reuse. The ultimate goal is financial fraud, which poses a significant threat to the security and reputation of digital banking services.
To counter these threats, Rufo stressed the importance of a layered defense strategy, incorporating the age-old principle of defense in depth. The integration of AI-based technologies into API security strategies was highlighted. AI plays a crucial role in detecting anomalous transactions, offering a proactive approach to identifying and remedying potential threats promptly.
“As a bank, we are offering API services. How do we ensure our current and would-be customers that they remain protected? We build layers of defenses to ensure that your data, money, and funds are protected. We are in the business of trust. Without trust, there’s no business,” said Rufo during this talk at SFF 2023.
Rufo called for continued investment in cybersecurity, not only as a technological necessity but as a means to build trust with customers. The UnionBank CISO cited the importance of people and processes alongside technology in creating a secure digital banking environment. As the Philippines embarks on its digital banking journey, the focus on cybersecurity emerges not just as a challenge but as an opportunity to instill confidence in customers and ensure the longevity of the digital banking revolution.