The Bangko Sentral ng Pilipinas (BSP) was urged on Sunday to investigate GCash, the e-wallet giant, and impose penalties if found negligent following reports of unauthorized transactions that led to unexpected deductions from users’ accounts.
House Assistant Minority Leader Arlene Brosas called the data breach “unacceptable” and stressed the need for a thorough investigation by the BSP and other concerned agencies to identify any lapses in security protocols.
“We demand GCash to immediately return the stolen funds to affected users and explain how these mass unauthorized transactions happened despite their supposed security measures,” Brosas lamented.
Users of the leading mobile wallet took to social media to express their frustration over missing funds, with some claiming they received no notification from GCash regarding the unauthorized cash transfers.
Some also alleged that did not open phishing links or receive one-time passwords (OTP) — typically four to six digits automatically generated for the user’s phone number for a single transaction or login session.
One of the victims was comedian Pokwang, who lost around P85,000 through transactions sent to nearly 30 unregistered numbers.
Brosas pointed out that the incident only highlights the ineffectiveness of Republic Act 11934 or the SIM Card Registration Act, whose primary mandate was to quell security breaches or cybercrimes.
She emphasized that while the law was marketed to combat cyber scams and fraud, it only created additional vulnerabilities through massive data collection.
“The SIM Card Registration Act should be repealed. It has clearly failed to prevent scams and fraud. Instead, it has made millions of Filipinos vulnerable to data breaches while their hard-earned money remains at risk,” Brosas said.
“What we need is stronger regulation of fintech companies and better consumer protection mechanisms,” she concluded.
GCash attributed the issue to a glitch in its ongoing “system reconciliation process,” but assured that it was “isolated to a few users.”
They also assured GCash users that their accounts were safe and that wallet adjustments are ongoing.
In a budget hearing in September, the Department of Information and Communications Technology (DICT) reported that text scams no longer pass through the network or SIM cards but now directly target the internet, which is not regulated by the National Telecommunications Commission.
The DICT also acknowledged that scam messages will persist as perpetrators become more innovative, finding ways to bypass the law by shifting from traditional text messages to messaging apps.