GCash tech glitch reveals flaws in system’s security measures
Technology has grown by leaps and bounds over the last two decades. Today, there is rapid evolution in the digital landscape and our world has surpassed digitization. Most transactions have become online and companies are using digital technologies to improve their services to clients. E-wallets or electronic or digital wallets that allow users to pay and manage their funds online have emerged. A senior official of the Bangko Sentral ng Pilipinas said: “E-wallets undoubtedly had advantages, as they would make transactions easier and faster. But when it comes to a large sum of money, that would be when you would be taking risks.”
on Nov 9, 2024, several customers of popular e-wallet GCash ranted on social media over thousands of pesos lost to what appeared to be unauthorized transactions. Among the GCash users who complained was a female celebrity of a TV network. In an Instagram post, she said almost 30 unregistered cellphone numbers claimed her money. Digital advocacy group Digital Pinoys on the same day called on GCash to immediately return the lost funds to its customers.
In a statement, GCash said it has completed the necessary wallet adjustments to users who experienced unauthorized transactions following certain process errors. It encouraged users to remain vigilant against scammers, adding that it will continue working with law enforcement agencies to investigate the incident. “GCash remains steadfast in its mission to deliver reliable and secure financial services. We are committed to enhancing our systems and procedures to prevent similar incidents and to continue safeguarding all transactions,” it added.
A senator has filed a resolution seeking an investigation into the spate of unauthorized transactions in digital wallets, following the latest incident involving GCash. In her Resolution 1234, she said there is a need to investigate in aid of legislation the “recent incidents of unauthorized or fraudulent deductions and transfers involving financial technology (fintech) services, as well as existing rules and regulations governing the fintech sector.”
The National Privacy Commission (NPC) will also step into the system error of GCash to determine whether or not personal data were compromised in the glitch. “Although GCash has stated that there was no compromise of customer credentials or data in the incident, the NPC will still conduct an independent investigation in line with its mandate to administer and implement the Data Privacy Act of 2012 (DPA),” it said. The Bangko Sentral ng Pilipinas (BSP) has joined the probe and said it will look deeper into the system error that hit several users of GCash, operated by G-Xchange Inc. (GXI), who reported unauthorized deductions on their account balances. “BSP has likewise required GXI to submit regular updates on its actions on the matter,” it said, adding that it is closely coordinating with the company to ensure a “prompt resolution” of the issue.
On Nov 20, Sen. Sherwin Gatchalian declared that the unauthorized deduction on balances of some GCash users in early November was triggered by an internal glitch and not by hackers. He was speaking on behalf of the Department of Information and Communications Technology (DICT) as budget sponsor of the agency. The matter was tackled during the Senate’s marathon plenary debates early Wednesday on the proposed 2025 funds of the DICT and its attached agencies.