By Lee C. Chipongian

Fraudsters are targetting banks that are still vulnerable to debit and ATM-related crimes but this was expected by the Bangko Sentral ng Pilipinas (BSP) as the June 30 deadline for the full EMV regime nears.

BSP Deputy Governor Chuchi G. Fonacier said they have monitored an increased number of bank fraud in the last few months but it is only significant on a quarter-on-quarter basis. She said the reason for this is that the opportunity for fraudsters to execute crimes such as ATM skimming is narrowing as the June 30 deadline approaches.

Fonacier said the entire banking industry is near-ready for EMV, a global standard for credit and debit payment cards based on chip card technology. EMV stands for Europay, MasterCard Visa, the three companies that originally created the standard.

“The shift to EMV is (almost done) and fraudsters are thinking to capitalize (on the narrowing window),” said Fonacier. When banks are fully EMV-compliant, debit cards and ATM thieving will be very difficult, she added. The EMV compliance includes software updates, upgrading ATM and POS terminals, and replacing credit cards, debit and prepaid cards. The BSP is currently assessing reports and the updates from banks for a more comprehensive data on the number of fraud incidents.

“June 30, 2018 is really the last deadline, and the only deadline,” said Fonacier.Banks were told to be EMV-compliant at the start of 2017 but because of the huge number of cards to be replaced, there was clamor for extension. The BSP implemented the EMV Card Fraud Liability Shift Framework in January last year to discourage banks from delaying the EMV migration process. The liability shift addresses the liability and resolution of disputes on fraudulent transactions. Essentially, the banks or the issuing banks that have yet to adopt the EMV technology will shoulder all liability from fraud.

“This is a wake-up call (heightened cases of fraud),” said Fonacier, referring both to banks and their clients. The increase in skimming cases has apparently convinced bank customers to be pro-active and approach their respective banks to inquire about EMV cards.

There are 76 million debit and prepaid cardholders in the Philippines and about 40 percent are still using the old magnetic stripe cards. Banks failing to meet the June 30 deadline will face grave monetary penalty. The BSP defines “full compliance” as upgrades and enhancement for EMV-related activities, the replacement of ATM and POS terminals from magstripe credit and debit/prepaid cards, and distribution of EMV-compliant cards.

A non-complying bank will be considered in “serious offense” and will be slapped with monetary sanctions. For banks that will partially comply to EMV requirements, they have to set aside provisions – which will be reviewed every quarter – to cover probable fraud losses “that may arise from counterfeit fraud or skimming attacks,” said the BSP.

To determine the amount of fraud loss, banks will use a loss probability rate which can be determined by the following: historical counterfeit card fraud losses; customer behavior; nature of products, services and customer relationships; and degree or extent of EMV compliance of card-accepting terminals.

Last week BDO Unibank, Inc., the country’s biggest bank, issued a warning against fraud attacks after seeing “an extraordinary rise” in incidents in the last quarter of 2017. It cautioned its clients to be vigilant against skimming, phishing, social engineering, and “other devious ways.”