Group Members:

LIM, Via Marie

MALTE, Yra Rozl
OSIAS, Mikael
SAUSA, Stephen Miguel
VANGUARDIA, Cedrhic Julius

VERTSOL OTC01

Case Study: Banking

I. Introduction

The Philippines, as of 2021, has recorded 22.98 thousand installed automated

teller machines (ATMs) from both universal and commercial banks with a rate of roughly
a thousand new machines added yearly (• Philippines: Number of ATMs 2021, 2022).
These teller machines come from a total of roughly seven thousand banks with a
majority coming from a combination of 43 universal and commercial banks.

Having a large number of ATM machines across the country does have its fair
share of problems when it comes to a lack of security. It was reported that in 2012 and in
2013 that bank depositors lost an approximate amount of four hundred million pesos
collectively to ATM hackers. According to Diaz (2014), two-hundred and twenty million
pesos in deposits were looted in 2013 alone through the use of illegal PIN (personal
identification number)-capturing devices planted on ATMs. This amount was reported to
be twenty-six percent higher than the amount stolen in 2012 through the similar means
due to the introduction of the copying of information from the magnetic strips of ATM
cards. Citing the date from the Bangko Sentral ng Pilipinas (BSP), Pasig Representative
Roman Romulo stated that there were two-thousand eight-hundred and seventy-two
cases of ATM fraud reported in that time frame.

Aside from the use of ATM skimming techniques, many cases that have been
reported in recent years involve cyber-hacking of which resulted in the 2021 incident
involving BDO and over 700 of their bank clients as an example. According to
Samaniego (2021), the involved accounts were exploited for an amount of twenty-five
thousand to fifty thousand pesos per account where the amounts were transferred to
Union bank accounts through money muling. Since then the suspects have been
apprehended and the banks involved have guaranteed their customers compensation
and future implementation of security measures that will ensure that the incident will not
happen again. The group sees these incidents as an opportunity to come up with an
innovation that will help alleviate the different security problems that banks face when it
comes to their ATMs.
II. Body

Based on the issues presented above, here are some new technologies that can be
incorporated as security measures and additional services in the future:

2 Factor Authentication

2 Factor Authentication (2FA) is essential to web security because it

immediately neutralizes the risks associated with compromised passwords
(Boston University, n.d.). Considering that if a password is stolen, guessed, or
even hacked, it is no longer required to allow access because a password alone
is useless without authorization at the second factor. This works when online
accounts are given an additional layer of security due to these two-factor
authentication (2FA). Besides only the username and password, access to the
account requires a second login credential, and obtaining that second credential
requires access to anything that only belongs to you. It is impossible to access
the account without this additional authentication method, which makes it hard for
hackers to access your account with just a stolen password and login
information.

In order to use (2FA), a user must supply a password as the first factor
and another, separate element, frequently a one-time password (OTP) or a
biometric factor like a fingerprint or facial scan. Nowadays, BDO ATM machines
have the biometric security factor installed in their machines. However, as
mentioned above, BDO together with 700 other banks was involved in a cyber
hacking in 2021. This might have been prevented if OTP was already installed in
bank ATM machines. One Time Password, or OTP, is a temporary, secure PIN
code that is only valid for one session and is provided to you through SMS or
email. This will be needed for every transaction made to make sure that you,
personally, is the one managing the transaction. This feature will not only prevent
hackers from stealing, but will also prevent the use of stolen ATM cards.

III. Conclusion

For this ATM Skimming and Cyber hacking to stop there is a need to find what
technology is needed to avoid and prevent these from happening. OTP provides
another layer of online protection for the user. If your user ID and password have been
compromised to a fraudster, the login process will not be completed without the correct
OTP that is sent to your registered mobile number and, or your biometrics.

Stronger authentication implemented with two-factor authentication (2FA) or multiple-

factor authentication. The user provides two (or more) different authentication factors in
 these cases. This prevents others from accessing your banking accounts. Thus, adds an
extra level of protection and makes it more challenging to access unauthorized
information, networks, or online accounts. 2FA is an essential security mechanism that
prevents unauthorized access to web-based accounts. Although adding an extra layer of
security might seem inconvenient, it will be much inconvenient when an impersonator
gains access to your critical system or information

IV. References
B. (2022, June 19). How Does Two-Factor Authentication (2FA) Work? Merchant Fraud
Journal. https://www.merchantfraudjournal.com/two-factor-authentication-work/

Rosencrance, L., Loshin, P., & Cobb, M. (2021, July 7). two-factor authentication (2FA).
SearchSecurity. https://www.techtarget.com/searchsecurity/definition/two-factor-authentication

What is OTP and how does it relate to my contact information? (2021, March 12). Smart-
ID. https://www.smart-id.com/help/faq/smart-id-notifications/what-is-otp-and-how-does-it-relate-
to-my-smart-id-contact-information/

Why Use 2FA? : TechWeb : Boston University. (2020). Boston University.

https://www.bu.edu/tech/support/information-security/why-use-2fa/#:%7E:text=2FA%20is
%20essential%20to%20web,a%20password%20alone%20is%20useless.