BSP urged to probe, impose penalties vs GCash amid unauthorized transactions

The Bangko Sentral ng Pilipinas (BSP) was urged on Sunday to investigate and impose penalties if found negligent on e-wallet giant GCash amid reports of unauthorized transactions, resulting in unexpected deductions from its users’ accounts.

House Assistant Minority Leader Arlene Brosas said this “unacceptable” data breach necessitates a rigorous probe from the BSP along with other concerned agencies for potential security protocol lapses.

“We demand GCash to immediately return the stolen funds to affected users and explain how these mass unauthorized transactions happened despite their supposed security measures,” Brosas lamented. 

Users of the leading mobile wallet took to social media their frustration about their missing funds, with some of them claiming that there was even no notification from GCash informing them of the cash transfer. 

Some also alleged that they did not open phishing links or receive one-time passwords (OTP)—typically four to six digits automatically generated for the user’s phone number for a single transaction or login session. 

One of the victims was comedian Pokwang, who lost around P85,000 through transactions sent to nearly 30 unregistered numbers.

Brosas pointed out that the incident only highlights the inefficacy of Republic Act 11934, or the SIM Card Registration Act, whose primary mandate was to quell security breaches or cybercrimes.

She emphasized that while the law was marketed to combat cyber scams and fraud, it only created additional vulnerabilities through massive data collection.

"The SIM Card Registration Act should be repealed. It has clearly failed to prevent scams and fraud. Instead, it has made millions of Filipinos vulnerable to data breaches while their hard-earned money remains at risk,” Brosas said.

“What we need is stronger regulation of fintech companies and better consumer protection mechanisms," she concluded. 

GCash attributed the issue to a glitch in its ongoing “system reconciliation process,” but assured that it was “isolated to a few users.”

They also assured GCash users that their accounts are safe and that
wallet adjustments are ongoing.

In a budget hearing in September, the Department of Information and Communications Technology said that text scams "no longer pass through the network or SIM" and came directly to the Internet, which is not regulated by the National Telecommunications Commission.

It also admitted that scam messages will continue to exist as the perpetrators become increasingly innovative as they circumvent the law, shifting to messaging apps instead of the traditional text messages.