On GCash glitch: No system is perfect—cybersecurity expert

BORACAY ISLAND, AKLAN—The country’s fintech giant, GCash, has found an ally amid the controversy over unauthorized transactions, as an official from cybersecurity protection and software company Palo Alto Networks emphasized that even with the best cybersecurity measures in place, no system is perfect.

“As we all know, no system is perfect. At the end of the day, organizations are all vulnerable to unfortunate incidents. What’s important is that they acknowledged the issue and recovered from it. It’s just like what happened to CrowdStrike. No one wanted that to happen,” said Palo Alto Head of Technical Solutions Jobert David in an exclusive interview during the CXO Summit.

Over the weekend, numerous GCash subscribers, including showbiz personality “Pokwang,” ranted on social media after their money went missing from their GCash accounts and was transferred to unfamiliar numbers.

Meanwhile, in July 2024, the cybersecurity firm CrowdStrike pushed a security software update to one of its products, causing a widespread IT outage that significantly affected various industries, from airlines to hospitals and beyond.

'Attackers are more advanced'

Despite this, David admitted that most cybercriminals nowadays are more sophisticated than the companies offering cybersecurity.

“Sadly, more often than not, attackers are more advanced than us; we have to admit that. They also use artificial intelligence. That’s why we keep educating and encouraging people out there to use AI in the best way so that it does not harm organizations. But cybersecurity firms are equipped with AI capabilities to combat these advanced cybercriminals, as we cannot go into a gunfight using a knife,” David said.

GCash utilizes various cloud providers, one of which is Alibaba Cloud, primarily to overcome technical challenges. This includes a mix of solutions such as IaaS, the MaxCompute data warehousing platform, the Elastic MapReduce big data platform, and a Web Application Firewall.

On Thursday, GCash announced in a statement that as of 13 November, it had completed the necessary wallet adjustments for affected users.

“Rest assured that customer accounts are safe, and customer account security will always be our top priority. GCash is here to assist its customers. Users are encouraged to reach out to the official GCash Help Center at https://help.gcash.com/hc/en-us, or via the customer service chatbot Gigi on the GCash app by typing ‘I want to report a scam.’ Users may also call the GCash hotline at 2882,” the fintech company stated.

GCash further emphasized its commitment to providing reliable and secure financial services.

“We are committed to enhancing our systems and procedures to prevent similar incidents and to continue safeguarding all transactions. We will continue to work with relevant law enforcement agencies to investigate these incidents, and we encourage our users to remain vigilant against scammers.”

On Wednesday, Gilda Maquilan, GCash Vice President for Corporate Communications and Public Affairs, explained that the glitch was a "product issue" related to its "Send Ang Pao" feature, which allows subscribers to send money to multiple users for gift-giving on occasions like Christmas. The issue, which began on 8 November, forced them to undergo a “system reconciliation process.”

On Monday, Makabayan Bloc lawmakers filed House Resolution No. 2068, seeking an investigation into the unauthorized transactions and financial losses, stating that GCash’s response, attributing the issue to “errors in an ongoing system reconciliation process,” was insufficient.