GoTyme’s double-barrel weapon vs online fraud

Albert Tinio, a marathoner (left) and Nate Clarke, a surfer, combine to make virtual banking safe and accessible to all through GoTyme Bank. | Photograph courtesy of GoTyme

A pair of sports buffs are bearing the standard towards making virtual commerce a safe environment amid the upswing in online business that consequently created a thriving market for scammers.

Nate Clarke, president and CEO, and Albert Raymund “Abet” Tinio, co-CEO and chief commercial officer of GoTyme, the digital bank of the Gokongwei Group, are the indefatigable tandem working to speed up the integration of more Filipinos into the financial system.

Clarke was at the forefront of Indonesia’s Tyme, which led the MTN Mobile Money revolution in South Africa that resulted in a customer base of 4 million while Tinio started his career in logistics before entering the telecommunications industry before joining the financial services sector as president and CEO of GCash.

Clarke said in 2010, while attending a conference on mobile money, he became interested in the presentation of Tanzania’s M-PESA, which was the first global electronic wallet success.

“This is what I want to do,” he mused.

Clarke then became involved in a mobile money project in South Africa, which later on became instrumental in the forming of Tyme in 2012.

“The Philippines was considered the ideal market, and we were able to set up a meeting with JG Summit officials that led to the forming of GoTyme.”

Tinio said, for his part, “I think it is in GoTyme Bank that I can fulfill my advocacy for financial inclusion. I wanted to build something on my own that can answer the needs of my fellow Filipinos who are unbanked or underbanked,” he shares.

Tinio is the founder of the Philippine E-Money Association and was SVP for Digital Payments and Agency Banking at Robinsons Bank.

The fascination of Filipinos with cyber technology and the prevalence of technology’s use has its downside in the Philippines, as online scams have become rampant.

By some estimates, people spend an average of 10 hours a day online, but there is a general lack of cybercrime awareness.

A survey commissioned by the Global Anti-Scam Alliance and Taiwan-based tech security company Gogolook questioned 20,000 people about their online shopping experiences in Vietnam, China, Thailand, Hong Kong, Taiwan, Indonesia, South Korea, Japan, Malaysia, Singapore and the Philippines.

According to the report, the shopping scam rate in the Philippines was the highest at 35.9 percent of respondents falling victim to online fraud, followed by mainland China at 27.2 percent, with South Korea having the lowest incidence, at 4.2 percent.

Vigilance, awareness

GoTyme Bank takes these matters seriously and has always urged its customers to exercise online caution and remain vigilant when it comes to safeguarding their financial resources, Clarke said. The bank shares regular reminders on its app and social media on how to prevent scams.

Ultimately, customers have the biggest responsibility to keep their accounts secure,  and exercise care in accessing their accounts in public, updating their device’s security settings, and doing online shopping securely.

Clarke assured the public that the bank will always remain on top of the situation.

“We closely monitor these developments, and we can follow the money trail. We work closely with the PNP to hold criminals liable after a customer has filed a police report,” Clarke said.

Tinio frequently reminds GoTyme customers and the public that the battle against scams is multipronged: “It is a concerted fight of the banks, the public, and government.  Every party must do its part.”

GoTyme has partnered with Scam Watch Pilipinas, the national citizen arm to educate Filipinos nationwide on cyber fraud.

Gogolook MoU

GoTyme also forged a memorandum of understanding with Gogolook, leveraging the leading anti-fraud app Whoscall, a mobile application that offers caller identification services.

Whoscall identifies incoming calls, detects scam or harassment numbers, filters spam text messages, and blocks them.

This strategic collaboration signifies a shared commitment to protect Filipinos from digital scams and fraud, paving the way for a safer and more confident digital journey for all.

Jason Brasileño, head of fraud strategy at GoTyme Bank, describes the typical timeline of an online marketplace selling scam.

The fraud victim sees an item or service they want to avail themselves of in an online marketplace (anything from cars to vouchers).

He said the seller/scammer tries to offer the best price to the fraud victim and possibly includes enticing discounts or packages — on condition that money be sent immediately or a down payment made to secure the item. Fraud victim complies and expects delivery or fulfillment of the item/service, while the seller/scammer will confirm receipt of money.

“Scammers often even either send a picture of the item being picked up, acknowledge payment, and promise to facilitate delivery or send some code shortly. After this, they become unreachable and oftentimes block the fraud victim, and can no longer be contacted,” Brasileño said.

Multiple layers

Brasileño said that if the money is deposited in a GoTyme account, the scammer immediately does any of the following: withdraws the cash, transfers it to an external bank account or some other e-wallet, moves it to another GoTyme account, upon which the money is then exfiltrated.

“It can sometimes happen in multiple layers before money is taken out,” he said.

Regardless of whether the fraud victim — now the complainant — is a GoTyme customer or not, the incident must be reported immediately to GoTyme’s Customer Service.

“The complainant must manage expectations as not all lost money can be returned. We’re not an insurance company but we try our best to help the complainant recover the money. The complainant must first file a report with their sending bank, which will notify GoTyme of the transaction. The sending bank will then send us a debit notice to return the money provided funds are still intact and a criminal case concluded,” the cyber security expert explained.

He maintained that GoTyme does not disclose personal information — even those of scammers — to complainants.

“We only disclose this to authorities, provided there is sufficient subpoena or warrant to disclose information that is duly signed by a judge of the Philippine court,” he added.

Further, he said the most that GoTyme can do is put the account either on debit hold or both debit/credit hold.

“We do this if, first, there is a corresponding police report from the complainant; second, there is direct communication from sending bank informing us of the suspicious transaction; or third, flagged by our fraud rules,” Brasileño said, adding that there are instances when a combination of any of these may happen.

After this, the bank files a Suspicious Activity Report to the bank’s compliance team, which then files a Suspicious Transaction Report to the Bangko Sentral ng Pilipinas for regulatory reporting.

Tougher laws needed

For his part, Elmore Capule, BSP senior assistant governor and general counsel, said that although the country already has cybercrime laws, the SIM registration law, and the Financial Consumer Protection Act, these do “not…guarantee consumer protection because fraud is constantly evolving.”

He said to date, cybercrime laws are designed more to protect systems of financial institutions, while the provisions in the Financial Consumer Protection Act are regulatory rather than penal.

These legal gaps give scammers plenty of elbow room to target individual account holders — instead of the e-wallet or systems or banks themselves — and often get away with it.

Besides online market scams, attempted fraud generally comes in the form of phishing attacks, which try to get users to give sensitive personal information that scammers can use to take money from someone’s bank or e-wallet account. This can be done through email, through calls (known as vishing), or through text messages (known as smishing).

On a larger scale, the existing “Know Your Customer” procedures for anti-money laundering can waver when financial institutions go digital.

The Philippine National Police Anti-Cybercrime Group found some e-wallets and even bank accounts to be “fictitious” — so that even when they track down the scammer’s transactions, it could lead to an account registered using invented identification documents. 

Law enforcement can also run into a dead end when fraudsters and money mules transfer money into bank accounts, given that the Philippines has some of the strictest bank secrecy laws in the world. 

All these have driven home the urgency of legislation against digital fraud through the Anti-Financial Account Scamming Act, a version of which was passed by the House of Representatives in May last year.

The AFASA will provide a regulatory framework that penalizes scammers and entails safeguard measures to protect Filipinos and their financial accounts.

Under AFASA, the central bank and law enforcement partners would also have real power to investigate bank deposits and other accounts of fraudsters that try to hide behind the curtain of bank secrecy.