“BANCO DE ORO”

A Risk Management Plan and Project

Presented to the Faculty of Quezon City University

Quezon City

In Partial Fulfillment of the Requirements for the Bachelor of Science and

Entrepreneurship

By

Alborte, Dan Dhamie

Alcor, Mary Angeline

Anisco, Angel Jezzamine

Anto, Glaiza

Aquino, Irene

Aranas, Mheriann

2022
 TABLE OF CONTENTS

I. Introduction

A. Company Profile

B. Identification of the issue and background

C. Statement of the position

II. Main Body

A. Actions in respects to the problems

B. Supporting evidence or facts

III. Conclusion

A. Suggested courses of action

B. Possible solutions
 I. Introduction

A. Company Profile

BDO also known as Banco De Oro is a full-service bank in the Philippines. It

offers an extensive selection of market-leading goods and services, such as lending

(corporate and consumer), deposit-taking, foreign exchange, brokerage, trust and

investments, credit cards, retail cash cards, corporate cash management, and

remittances to the Philippines. The Bank provides services in investment banking,

private banking, leasing and finance, rural banking, life insurance, insurance brokerage,

and both online and traditional offline brokerage through its local affiliates.

The secret to BDO's successful commercial partnerships with clients lies in its

institutional capabilities and value-added goods and services. In terms of establishing

high standards as a sales- and service-oriented, client-centered force, its branches

continue to be at the forefront. With more than 1,500 active branches, offices, and more

than 4,500 ATMs located throughout the country, The Bank has the largest distribution

network. BDO has 16 worldwide locations across Asia, Europe, North America, and the

Middle East, including full-service operations in Hong Kong and Singapore.

BDO is a part of the SM Group, one of the biggest and most prosperous

companies in the country with operations in retail, mall management, real estate
development (residential, commercial, resort/hotel), and financial services. Despite

being a member of a conglomerate, a group of qualified managers and bank officers

oversee daily operations at BDO. Additionally, BDO has one of the strongest boards of

directors in the sector, made up of experts with years of experience in a range of

disciplines, including business, law, accounting, banking, and finance.

CORE VALUES

Commitment to Customers

We are committed to deliver products and services that surpass customer

expectations in value and every aspect of customer services, while remaining prudent

and trustworthy stewards of their wealth.

Commitment to a Dynamic and Efficient Organization

We are committed to creating an organization that is flexible, responds to change

and encourages innovation and creativity. We are committed to the process of

continuous improvement in everything we do.

Commitment to Employees

We are committed to our employees’ growth and development and we will

nurture them in an environment where excellence, integrity, teamwork, professionalism

and performance are valued above all else.

Commitment to Shareholders
 We are committed to provide our shareholders with superior returns over the long

term.

CORPORATE MISSION

To be the preferred bank in every market we serve by consistently providing

innovative products and flawless delivery of services, proactively reinventing ourselves

to meet market demands, creating shareholders value through superior returns,

cultivating in our people a sense of pride and ownership, and striving to be always

better than what we are today… tomorrow.

B. Identification of the Issue and Background

Financial institutions and the financial industry usually experience cybersecurity

risks, and these concerns are often brought on by compromised credentials, otherwise

known as the usernames and passwords of your clients' or employees' accounts.

Simple passwords that are either easy to guess or have been used previously by an

employee are a common method of entry. As shown by these significant cyberattacks

on major banks and financial organizations, the financial industry is more prone to

attacks from hackers who steal information from banks and other financial services by

employing well-known techniques like hacking or credential stuffing.

Automated Telling Machines, or ATMs, are financial institutions that use

technology to enable customers to access and withdraw money from their accounts

without a bank teller's or staff member's assistance. Banks need to have enough cash

available in ATMs because clients frequently use them to obtain cash. In the financial
sector, refilling cash in automated teller machines (ATMs) is a well-known concern.

However, these automated bank counters, which are regularly utilized for cash

withdrawals, may malfunction like any other electronic device. These devices are prone

to malfunction, just like any other device. Although they are largely linked to electricity,

they are also electrical gadgets. It's also important to keep in mind that they usually do

not have protection from outside factors while usually outdoors. This can also result in

the ATM device itself not operating properly, and over time it may malfunction or break

down.

In recent years, the number of these logical attacks has increased. Financial

institutions must manage the risk of Hacking accounts and ATM issues while also

minimizing its effects because fraud techniques and ATM malfunction have improved

along with an increase in incidents. In this study, we used risk management to identify

both established and newly discovered banking crimes and issues, and we offered

suggestions for precautions that Financial Institutions owners may take to lessen both

established and new risks.

C. Statement of the Position

The likelihood of running into risk increases with a company's size. But the

higher the risk, the higher the return, right? Despite being one of the biggest companies

in the Philippine banking sector, BDO Unibank, Inc. still experiences some unfavorable

outcomes that cannot be avoided. In this regard, we have listed a number of issues that

the firm has encountered.

 Let’s start with the BDO Hacked Issue in 2021 in which 700 Clients were

affected. In the Philippines, the recent attack on the BDO Corporation has caused a lot

of controversies. The organization's clients and partners have also experienced the

effects, in addition to employees. Being one of the biggest banks in Southeast Asia, it's

really no great shock that they have been geared by hacker attacks again after two

other attacks in December 2016 and January 2017. This time, the cyberattacks were

able to gain access to the private details of BDO customers, transferring funds ranging

from Php 25,000 to Php 50,000. Including its 10-year-old safety system, it’s no doubt

that BDO was an obvious victim of such cyber-attacks. Nevertheless, this latest attack is

not the bank's first breach; in 2016, they were also hacked and lost millions of pesos to

con artists. This latest event is a huge blow to the financial institution as well as its

clients. Account holders start taking into social media their feelings of frustration,

beginning to wonder how this could happen once more and what should be done to

ensure it doesn’t.

In this specific issue, the Sy-owned BDO Unibank Inc. on Sunday, Dec. 12, 2021,

stated that it will shortly refund clients for losses caused by cyber security lapses and

tried to appeal to their clients to protect themself with awareness in the detection of

fraud. BDO released a statement saying, "We thank our clients for their patience and

cooperation in safeguarding their online bank accounts (and) we assure our concerned

innocent clients that we will refund their losses."

Another issue that arose was when BDO apologized for causing their clients

inconvenience by stating that their banking channels were inaccessible, particularly

during paydays. BDO Unibank's systems experienced downtime, preventing BDO

customers from charging purchases and transactions to credit or withdrawing money

from ATM machines. Immediately following the complaint, the company issued an

apology to the public via a Facebook advisory. Following issues that resulted in

downtime or intermittent service throughout the day, BDO said it was working to restore

normal operations to its automated teller machines (ATMs), cash card, online, and

mobile banking systems. According to the news report, Honey Reyes, assistant vice

president of public relations and external communications at BDO Unibank Inc., stated

that the outage was caused by connectivity issues. Later that same day, BDO posted an

announcement regarding ATMs, Cash Card, and Online and Mobile Banking facilities

having already been restored.

In the near future, it will still be impossible to resolve the conflicts and difficulties

the company faces. There is still a chance that BDO Unibank, Inc. will keep running into

the same issues. Fraud is highly likely to occur because the number of scammers and

hackers is getting high. Technology is becoming increasingly progressive and is getting

more impact on individuals in society. We cannot guarantee that ATMs are flawlessly

constructed because they are merely machines that experts have programmed.

Moreover, bankruptcy is a prevalent type of issue that so many banks come across.

BDO Unibank, Inc. is indeed not exempt from this issue's effects.
II. Main Body

A. Actions in respects to the problems

BDO is aware of a sophisticated fraud technique which has affected some of

their clients. They guarantee that they have already put in place more security

measures to prevent such threats and keep bank details safe. BDO most recently

demanded that customers who utilize online banking change their passwords. By

altering their password, they may increase account security and keep scammers from

gaining access to their hard-earned cash. The banking industry has made cybersecurity

a priority, and BDO is always investing in and striving to improve security infrastructure

to safeguard their clients' money while they have put in place back-end safeguards.

To prevent this from happening again, we all must take responsibility for our

security. This can be accomplished by reviewing your statements frequently and

reporting any fraudulent charges or strange activity right away. Also, make sure to keep

a close eye on all of your accounts if there are attempts to hack into them.

These days, most of us carry very little cash in hand. We depend on ATMs to

withdraw cash when the need arises. Convenient as this may be, using an ATM can

sometimes be tricky. The machine may run out of cash, or your transaction may be

declined due to technical reasons. Even worse is when the ATM declines your

transaction, yet you receive an SMS saying the amount has been deducted from your

account.

In order to fix this issue, Your first step should be to call the bank’s 24-hour

customer service helpline. After making a note of your issue and recording your
transaction reference number, the executive will register your complaint and will issue

you a complaint tracking number. The matter is then investigated, any amount so

deducted must be credited to the customer’s account within seven working days of the

complaint filing. And later on the machine will be checked by the BDO technician to fix

the machine malfunction in order to operate again in service.

B. Supporting evidence or facts

Since the pandemic came, a lot of us have experienced having online

transactions and most of them are on our mobile phones. With that, we can easily finish

our transactions in just a blink of an eye and with the help of the internet. With the

recent controversy of BDO last 2021 where they were affected by the hacking, BDO

made a move on tracing the mastermind of this cyber-attack and they made sure that

they will surely pay for what they did. Also, they give security tips on what to do and

what to avoid to help them in online banking and also for their security.

BDO 2021 Hacking Incident

COVID-19 did not deter scammers from doing what they do best; instead, it

fueled them to ramp up their attacks. BDO handled these cases quickly and issued

statements about the ongoing cybersecurity attack. BDO also advises clients to change

their passwords in order to improve account security and prevent fraudsters from

accessing their hard-earned money.

 BDO reminds clients to never share login information such as username,

password, and OTP. According to BDO, Clients can report suspicious incidents to

ReportPhish@bdo.com.ph or contact its representatives by searching Facebook for

BDO Customer Care with a blue verified check mark.

With the community quarantine in place, many Filipinos are switching to online

banking in order to stay at home and avoid the virus. Clients can use BDO Online

Banking to pay bills, send money, load prepaid mobile phones, and check account

balances. BDO encourages those who want to bank online to go to its official website,

click on "eBanking," then "Online Banking," and then "Enroll Now," after which an ATM

activation code will be sent via SMS. Clients can use this code to confirm their

enrollment at the nearest BDO ATM.

BDO has agreed to compensate victims of hacking incidents, while Bangko

Sentral ng Pilipinas has set up a task force of cyber and anti-money laundering experts

to investigate his hacking incidents online. BSP Governor Benjamin Diokno told

reporters, "We have assembled a task force of cyber and anti-money laundering experts

and legal representatives to identify the possible root causes and controls related to the

incident. We're identifying loopholes," he said. The BSP chief gave the task force 30

days to complete the investigation and make recommendations on possible sanctions in

the event of a violation.

What to do?

If you believe your account has been hacked, there are some important steps you

should take.

1. View and review your account activity. First, check your account activity to check

for unauthorized charges. Some legitimate transactions may appear fraudulent if

the company operates under a different name.

2. Please call your bank. After confirming that your account has been hacked, call

your bank to report the fraud.

3. Block the account. If possible, block your bank account online or in the app, or

contact customer service.

4. Change your pin and password. Change your bank account PIN to something

completely different and secure, and don't use the same password.

5. Check your credit history. If your bank account was hacked, it's possible that the

hacker tried to open a credit card in your name.

 6. Call the police. Finally, consider filing a police report. It's unlikely that you have

information about who hacked you, but reports from multiple victims make it more

likely that the thief will be caught.

III. Conclusion

A. Suggested courses of action

Hacked Issue and Actions

One of the most important resources for any organization is data, which makes it a

high-value target for malicious attackers. Strong data encryption and the protection of

the decryption keys are major elements of data security that guarantee the integrity of

this valuable and sensitive asset. Even in the event of a serious security breach or hack,

your data will be inaccessible without the corresponding decryption keys when it is

properly encrypted using a reliable, safe encryption technique like Advanced Encryption

Standard (AES) that maintain the confidentiality and integrity of the data, as well as that

of your company and your customers. The company should use encryption for all

sensitive digital assets, not just data, and should use it to secure connections between

customers and servers to avoid data loss and estate compromise.

ATM Issues and Actions

How do ATMs work? The saving of money lies in that. It's a slot machine, often

operated by a bank or financial institution that allows you to withdraw money, insert
money, pay bills, check your account balance, or make a transfer at any time of day by

just entering your debit or credit card. Receiving 'new' money at any moment of the day

is actually a lifeline. But just like any other technological gadget, these automated bank

counters, which are often used for money withdrawals and withdrawals, occasionally

have malfunctions. These typical problems, fortunately, have straightforward fixes.

We are all aware of the significance of the buttons for the ATM if it is one that

only operates with buttons. If they malfunction, it will be extremely difficult to carry out

any task, so if you notice that these buttons are not functioning, you should immediately

contact the service. They will take care of replacing them or fixing them if there is a

problem with their connection to the electricity or to the ATM system. Since they are

practically necessary for using the ATM, it is crucial to resolve this issue.

An ATM with a damaged dispenser is a rare but extremely inconvenient

condition. This signifies that a user has inserted their bank or credit card into the ATM

using their password or pin. Despite the fact that they have selected to withdraw cash

and the appropriate amount, the machine does not discharge any cash or the proper

amount. The whole amount, however, has been withdrawn from the customer's account.

Because this sort of error generates problems for the consumer, the owner of the ATM,

and the issuing bank, it must be resolved as quickly as possible. Customers will almost

certainly file a claim against the ATM's owner for the amount debited from their account

when it fails to release the appropriate cash. As a result, ATM owners must take every

possible measure to determine what transpired. In addition to calling in a service repair

professional, ATM owners will most likely need to review any surveillance footage to

determine what happened during that transaction, count the cash quantities in the
machine, and hunt for any hidden devices that may have redirected the cash elsewhere.

ATMs should be serviced on a regular basis to avoid this problem in the first place,

because faulty dispensers may be inconvenient for everyone and constitute a security

risk.

In recent years, ATM technology has advanced rapidly. ATMs now use touch

screens as well as other computer software-based technologies in large numbers, if not

the majority. ATMs can experience software problems, much as other hardware

powered by computers. Therefore, the software for ATMs has to be updated often. But

even with regular maintenance, mistakes can happen. As a result, the ATM will be able

to be scanned for viruses, have fresh and updated software installed, and have any

problems fixed by a service repair professional.

While malfunctioning ATMs might be inconvenient, failing to repair them promptly

can cost owners considerably more money in missed surcharge payments. By having

an ATM repair technician on hand, owners can address any difficulties that emerge

quickly and return to business as normal.

B. Possible solutions

Hacked Issue and Actions

Here are some possible actions that the customer himself may take to minimize and

reduce the hacking of accounts incidents that happen from BDO customers:
 ● On occasion, hackers mimicked the bank's website. Check the website's details

to see if the spellings are correct so you aren't misled. Use the bank's website

only the rest of the time.

● Do not respond if someone emails or texts you claiming to be from the bank but

using their personal email or phone number. It is very likely that the email is a

phishing attempt.

● Make your password stronger. Combine letters in lowercase and uppercase.

Specify symbols and numbers.

● Another factor to avoid getting your account hacked is to refrain from opening

your account on different devices and being on an open ground. Posting your

account on social media which will see your details because obviously hackers

can easily find a way to hack your account. It's like you're giving them access to

do it.

ATM Issues and Actions

When you have an atm card, you should avoid getting it scratched and put it in

a safe for it to be not destroyed. There are also cases that atm's are being eaten by the

machine for no apparent reason so we have to check and ask the guards if there are

instances that the machine is broken. When it happens to a customer, it will cause so

much inconvenience because the rightful owner must go to the branch office and

request for another atm. Even if you have work and your family member tries to take it

with all the documents that will ensure it, the atm owner should be the one to request it

because the bank is so strict to rules.

 In conclusion, to prevent hacking issues from your online banking, always make

sure that you optimize the security of the application and your account well. If your

account is well-secured and you do not easily believe random texts that you received

from scammers, then the chance that your account will not be hacked is huge since

every little detail of your account is needed by the hackers. Therefore, if you do not give

such information to random people or scammers, then your accounts and other online

platforms accounts are always and will always be safe. Always remember that no

agents or workers from your bank will call you and ask for your personal information and

the password of your account, especially the OTP, because OTP serves as the main

security of your account and if you give it to the person that tries to log in your account,

and then your hard work money from the bank might be swept by that hacker. Always

think of longer passwords that cannot be easily accessed by hackers and always make

sure that two-factor authentication is always on for better security. Do not trust anyone

that tries to say that they are from the bank. Be vigilant always, because scammers are

everywhere and with just 1 wrong click, your savings might be gone in an instant.
REFERENCES:

Agcaoili, L. (2021a, December 14). BDO to absorb losses from cybercrime.

Philstar.com. https://www.philstar.com/business/2021/12/15/2147993/bdo-absorb-

losses-cybercrime

BDO assures affected clients reimbursement after hack. (2021a, December 13). Manila

Bulletin. https://mb.com.ph/2021/12/13/bdo-assures-affected-clients-reimbursement-

after-hack/

BDO to online bankers: “Never share your otps!” (2020, April 16). Challenge Validation.

Retrieved December 13, 2022, from https://www.bdo.com.ph/news-and-articles/BDO-

online-mobile-banking-anti-scam-otp-covid-19

Caraballo, Mayvelin (December 14, 2021). "BDO to reimburse 700 clients affected by

hacking". The Manila Times. Retrieved December 11, 2022.

https://mb.com.ph/2021/12/12/bdo-to-reimburse-affected-clients-soon-bankers-group-

call-for-vigilance-against-cyber-crimes/

Carleton, P. (2022a, October 18). What to do if your bank account is hacked.

finder.com. https://www.finder.com/bank-account-is-hacked

Dashlane. (2021, November 23). 4 Times Financial Institutions Got Hacked & How to

Mitigate Similar Cybersecurity Threats. Tech News.

https://blog.dashlane.com/cybersecurity-threats-financial-sector/
Kalaiarasi, R. (2021). A Literature Survey On Automated Teller Machine Cash Demand

Analysis And Prediction In The Financial Sector.

https://www.ilkogretim-online.org/fulltext/218-1644994347.pdf

Mickkieann (December 16, 2021). “BDO Hacked Issue 2021: 700 Clients Affected”.

Sulit Philippines. Retrieved December 12, 2022. https://sulit.ph/bdo-hacked-issue-2021-

700-clients-affected/

Rappler.com. (2017, May 16). Glitches hit BDO card, online transactions. RAPPLER.

https://www.rappler.com/business/170050-bdo-service-issues-downtime/

Smith, N. (2021, August 17). 5 Common Problems With ATM Machines And How To

Solve Them. https://citizenjournal.net/problems-with-atm-machines/

https://www.bdo.com.ph/mobile/about-bdo

Wright, E. (2019, May 15). The 5 Most Common ATM Issues Needing Repair. GoldStar

ATM. https://www.goldstaratm.com/the-5-most-common-atm-issues-needing-repair/

Bennett, K. (n.d.). Expert Advice On Protecting Your Bank Accounts From Hackers.

Bankrate. https://www.bankrate.com/banking/protect-accounts-from-hackers/