With all the controversy happening with financial app security lately, the Bangko Sentral ng Pilipinas (BSP) reminded e-wallet holders to stay vigilant. Here’s what the agency had to say.

BSP Governor Felipe Medalla spoke to the press about the recent incident with GCash. For those who need a quick jog of their memory, this saw almost PHP 37 million unjustly taken from users through deceptive methods. Users were shocked to find unauthorized transactions taking funds out of their digital wallets. Luckily, the perpetrator was caught and the missing funds were returned thanks to cooperative efforts from local banks. Further investigation revealed that the crime involved out-of-application Phishing Links instead of a security breach within the application itself.

What this means is that users consciously inputted sensitive details into sites that were engineered to look like GCash, but aren’t.

With this, the BSP concludes that this e-wallet fiasco targeted not the security of financial institutions but the technological literacy of its users. Medalla then continued to mention that there should be no reason for users to give their OTPs to third-party providers, especially since the e-wallet providers themselves heavily discourage doing so. “The last level of protection is the OTP.” And he is right. We’ve heard of services asking for the MPIN to confirm payments, but why share the OTP itself?

Despite these incidents, the government and agencies like the BSP still promote citizens to migrate over to e-wallet usage and digital payments. Since this is the way to the future, it would be wiser to learn more on it and just be more careful moving forward.

For a more comprehensive guide from GCash itself, click here.