Fell Victim to an Unauthorized Transaction? Here’s What You Need to Do

The adoption of contactless payment options accelerated during the pandemic. But as digital transactions became more prevalent, online scams also grew more rampant, especially in the Philippines. Fraudsters and cybercriminals can now devise more sophisticated ways to blindside consumers and trick them out of their money.

No one wants to fall victim to an unauthorized transaction or fraudulent activity when accessing digital finance services. To prevent digital fraud and improve cyber hygiene, a joint effort between financial institutions, government agencies, and end users is necessary.

Banks put strong security controls in place to prevent scams. Likewise, the national monetary authority Bangko Sentral ng Pilipinas (BSP) promotes financial education through a digital literacy program, which aims “to increase public trust and confidence in the digital finance ecosystem”^[1] and consequently reduce the number of unbanked Filipinos.

As a consumer, you need to hold up your end of the bargain by practicing due diligence and exercising prudence in your digital financial dealings. Take an active role in protecting your money by keeping yourself informed about fraudulent banking transactions and how to prevent or address them.

Unauthorized Transaction: What is It and When Does It Happen?

An unauthorized transaction refers to any activity concerning your financial accounts that you did not sign off on. This includes fraudulent transactions, which can happen right under your nose if you’re oblivious to the different tactics that scammers use to trick you. It also covers accidental errors caused by system glitches out of your control.

You are more vulnerable to encountering illegal transactions when your personal information and account details are compromised. Fraudsters can use your accounts to make purchases, process fund transfers, and withdraw funds, among others.

Examples of Unauthorized Banking Transactions

Even if you have one of the best savings accounts in the Philippines, you’re not immune to fraudulent schemes. It might give you access to better security, but that’s as much as it can guarantee. No security posture is infallible, especially in the face of cyber attacks.

Sometimes, even the best and most secure banks still fall prey to internal system errors and cybersecurity breaches. The following are examples of such.

BPI Double-Debit System Glitch

On January 4, 2023, BPI customers were hit with an unpleasant post-holiday surprise when they suddenly lost money in their accounts. The unexpected deductions stemmed from a system glitch that caused debit transactions made between December 30 and 31 of the previous year to be posted twice.^[2]

Customers were not pleased when, at the height of the issue, the BPI mobile and internet banking services became inaccessible as the bank tried to rectify the error. But BPI customer service assured clients that there was nothing to worry about as their accounts were safe and secure and no data breach occurred.

To people’s relief, the duplicate transactions were corrected within the day. BPI assured customers that it would improve its existing systems to prevent such an incident from happening again.

Related article: 6 Best Banks in the Philippines for Opening a Savings Account

BDO "Mark Nagoyo" Cyberfraud Attack

In mid-December 2021, BDO faced a cyber fraud attack that caused roughly 700 of its clients to lose money from their accounts. Specifically, unauthorized bank transfers were made from BDO to multiple UnionBank accounts of a certain Mark Nagoyo.

According to the National Bureau of Investigation, the scam started from phishing incidents, which made several accounts vulnerable. At least six persons of interest were uncovered, but four individuals were ultimately charged with banking fraud.^[3] None of them were identified to be working for either BDO or UnionBank.

As a remedial measure, BDO reimbursed the losses to its affected customers. The bank also vowed to improve its security measures to block future threats and combat fraud.

Security Bank Fraud Attacks

Security Bank has a specific page dedicated to educating the public about sample fraud attacks that users have encountered.^[4] Samples include scams about erroneous fund transfers, fake system updates, and fictitious rewards.

If you come across any Security Bank unauthorized transaction, you can report it via Security Bank’s fraud hotline and Viber. You can also report a phishing attack,^[5] declare a lost or stolen card, or dispute a transaction directly on the website.

How to Prevent Unauthorized Banking Transactions

Regardless of your banking service provider or bank account type, you're never 100% safe from scams. Follow these tips to protect yourself from cybersecurity threats and avoid unauthorized transactions that involve your financial accounts.

✔️ Don't Share Personal Information and Account Details

You can share your basic account details like account name and number on a need-to-know basis and only with people and institutions you trust. However, don’t give away your bank login information and security details like your bank account password, personal identification number (PIN), and one-time password (OTP) to anyone. Check out these other tips:

• Don’t post your identification cards and debit or credit cards on social networking sites or public platforms. Otherwise, you’ll make yourself susceptible to identity theft and card cloning.
• Remember that financial institutions don’t reach out to customers out of the blue to ask for their personal data. They will only do so when you, as a customer, contact them first.

✔️ Beware of Unexpected Calls, Texts, or Emails

Phishing in all its forms and variations is a common malicious attack that cybercriminals use to steal your personal information and banking account details. To avoid falling prey to this, be cautious of unexpected calls, texts, and emails, especially from random senders who claim to be from a position of authority. Remember the following:

• Don’t fall for scams that say you’ve won a raffle contest or that you need to reverse a fund transfer that has been mistakenly credited to your account. Before entertaining these types of messages, ask for IDs and proof of legitimacy. Using the official contact information of your financial institution, verify the legitimacy of a call, text, or email. 
• Leave suspicious links alone, and—most importantly—don’t give away any information about yourself or your bank accounts.

✔️ Activate Multi-Factor Authentication

Set up additional layers of security to prevent cybercriminals from accessing your financial accounts. You can enable biometrics access and set up security questions as added measures to fortify your cyber defense. You can also enable one-time passwords, email notifications, and text alerts so you get informed every time a transaction is made using your account.

✔️ Always Protect Your PIN and Password

Make sure no one else knows your password and PIN. If you’d rather not see an unauthorized credit card transaction in your next billing statement, don’t be negligent when it comes to the following cybersecurity tips:

• Don’t write down your security details and don’t store any essential information in databases others can access. Also, make sure your passwords and PINs are not easy to guess (e.g., your birthdate, name of your pet, etc.).
• When using an ATM or opening your banking app, make sure to cover the keypad or password input field. The last thing you want is to inadvertently reveal your PIN or password to prying eyes.
• Don’t use the same passwords and PINs across your accounts, whether they be bank accounts, social media accounts, or emails.

✔️ Verify the Legitimacy of Stores You Transact With

Question the credibility of every person and company you deal with. Go to great lengths to make sure that every transaction you make is legitimate. Conduct your own background check or contact your financial institution for verification if you have even the slightest suspicion that something is off.

And before you sign off on a deal or approve a transaction, make sure you’ve sufficiently addressed the possible risks of doing so.

✔️ Inspect Malicious Hardware on ATM and POS Devices

Scammers can install malicious software and hardware like cameras, scanners, and keypad overlays on automated teller machines (ATM) and point-of-sale (POS) devices. These applications and components can copy information on your card and capture your PIN. They then use these crucial bits of information to create counterfeit cards.

Here's how to prevent this from happening:

• Make sure to look out for any loose parts when using an ATM or POS device.
• Assess the location where these devices are placed. Only use ATM and POS devices in secure, well-guarded areas that aren’t easily accessible to fraudsters.

✔️ Always Check Your Balance and Billing Statements

Make a habit of reviewing your account every now and then to make sure your funds are intact and every purchase credited to your account is legitimate. Also, no transaction reflected in your billing statement should be suspicious. If you’re skeptical about a certain transaction, you can report it to your bank or financial institution so they can take appropriate action.

✔️ Always Stay Vigilant and Critical 

Put your thinking cap on every time you make a financial transaction. Don’t let your emotions decide for you as scammers typically use manipulation techniques that appeal to emotions. Remember, if something is too good to be true, it’s probably a sham. By being critical of everything presented to you, you can make it harder for scammers to find their next prey and run away with stolen money.

✔️ Research Common Frauds

Read up on the different tactics that scammers use to trick people. This will give you an idea of what tricks to watch out for and what to do when you encounter them. Doing so will also broaden your knowledge of cybersecurity and improve your digital literacy.

How to Report and Dispute Unauthorized Banking Transactions

If you suspect an unauthorized transaction has been made using your account, make sure to report it right away. The same goes if you think you’ve given away key information or made a questionable gesture that might compromise your account.

📌 How to Report Fraudulent Transactions to BSP

The BSP has set up a BSP Online Buddy (BOB), where you can report frauds or scams^[6] related to products and services offered by BSP-supervised financial institutions (BSFI). You can access BOB via two platforms: web chat and Facebook Messenger.

How to Report Fraud to BSP via Web Chat

1. To access BOB via web chat, go to the BSP official website.^[7]
2. Click on the BOB icon on the lower right section of the page to open the chat box.
3. Select New Complaint if you’re reporting a grievance. Click FAQ if you want to see a list of topics that people usually ask about.
4. Type in the chat box the details about your question, request, or report.
5. Wait for BOB to give you an answer.

How to Report Fraud to BSP via Facebook Messenger

1. Go to BSP’s official Facebook page.^[8]
2. Click on the Messenger icon to start a chat.
3. Select Get Started.
4. Wait for BOB to finish sending automated messages on how to use the chat.
5. Type in the chat box the details about your question, request, or report.
6. Wait for BOB to give you an answer.

How to Report Fraud to BSP via SMS

Alternatively, you can also use your mobile device to send a complaint via SMS. Just text Complaint to 21582277 and wait for a response. This option is available for Globe subscribers only. Regular rates may apply.

📌 How to Report Fraudulent Transactions to Your Bank

If you fall victim to bank fraud or encounter cyber crimes like identity theft, skimming, cloning, phishing, vishing, or spoofing, just follow the steps below.

1. File a Report

Whether via email or call, make sure to contact your bank immediately to alert them about any transaction you didn’t approve. Some banks can block your card to avoid further charges while an investigation is underway.

2. Inform the Merchant About the Unauthorized Transaction

The merchant can provide more information about the transaction and potentially give you additional assistance.

3. Dispute the Charges to Your Account

You can dispute any charge within a specific number of days from the transaction date or from the release of your billing statement. The length of this period varies per bank. It may also change depending on whether the compromised card in question is a debit or credit card.

For example, for Metrobank, you have 20 days to raise any concern in your transactions upon receiving the billing statement. For BPI, any debit card transaction dispute must be filed within 60 calendar days from the transaction date. After that period, all transactions become irreversible.

4. Change Your PINs and Passwords

You should change your PIN and password regularly anyway to prevent the recurrence of cyber attacks.

5. Get a New Card or Open a New Account

If you’re not confident about using a compromised account, you can opt to transfer your funds elsewhere or open a new account. The same goes for your card.

Unauthorized Transaction FAQs

Below are common questions that users ask about unauthorized transactions.

1. Can banks reverse unauthorized transactions?

Yes, banks can reverse charges from disputed transactions if there’s compelling evidence that the transactions are unauthorized (e.g., fraudulent or erroneous).

2. Is it safe to give your bank account number to people you transact with?

Generally, yes. In fact, it’s standard practice, especially if you’re expecting to receive funds. Security becomes a concern only when you share your bank login information and security details like your bank account password, PIN, and one-time password (OTP).

3. How do I report an unauthorized transaction in GCash?

The first step is to submit a ticket through the GCash Help Center.^[9] Enter your basic GCash-registered account details like name, email address, and mobile number. Next, choose a Concern Category from the dropdown menu and provide details about the incident. You can also attach screenshots or other files that will support your claim.

To learn more about how to report an unauthorized transaction in GCash, check out GCash’s own handy guide.^[10]

Final Thoughts

As a user of digital financial products and services, you play a big part in defending against cybersecurity threats and minimizing data breaches. With proper training, you’ll be able to spot a scam a mile off, prevent unauthorized transactions, and avoid catastrophic outcomes. You don’t want to be the weak link that breaks the chain, so do your part as the first line of defense against financial cybercrime.

Sources:

• ^[1] Digital Literacy Program (Bangko Sentral ng Pilipinas)
• ^[2] BPI Customers Get Surprise Deductions Due to Glitch (Rappler, 2023)
• ^[3] Four Indicted Over Massive Hacking of BDO Accounts (PhilStar, 2022)
• ^[4] Security Bank Latest Scams (Security Bank)
• ^[5] Reporting a Phishing Attack (Security Bank)
• ^[6] Protect Yourself from Fraud and Scam (BSP)
• ^[7] BSP official website 
• ^[8] BSP Facebook page 
• ^[9] GCash Help Center
• ^[10] A Handy Guide on How to Avoid and Report a GCash Scam (Globe, 2022)