Human error blamed for bank glitch

MANILA, Philippines -  The glitch recently experienced by the Bank of Philippine Islands (BPI) was the result of human error and not in any way brought about by any breach in its systems or data.

This was the conclusion made by both BPI and the Bangko Sentral ng Pilipinas (BSP) in their respective investigations into the case.

BDO Unibank Inc. officials, meanwhile, explained that what happened in their case was an ATM account skimming and that it was an “isolated” incident involving only seven ATMs in three locations.

Security Bank Corp., meanwhile, has also been affected by a glitch this month after BPI and BDO. In an advisory, Security Bank said it is undertaking maintenance activities resulting in a delay in posting bank transactions.

BPI and BDO executives assured the public yesterday their cybersecurity systems remain intact despite the computer glitches that hit their banks.

Security Bank also said the delay did not prevent its customers from accessing their funds and that it would not affect the financial integrity of their customers’ accounts.

During a hearing by the Senate committee on banks and financial institutions, which is conducting an investigation into the two incidents, bank officials gave separate accounts on the steps they immediately took to address the problems and sought to allay fears of possible hacking and fraud in their systems.

The committee, chaired by Sen. Francis Escudero, launched the inquiry after Senate President Aquilino Pimentel III filed a resolution seeking to look into safeguards for banking clients “attributable to the negligence of banks.”

BPI president and chief executive officer Cezar Consing and executive vice president Ramon Jocson, head of the bank’s Enterprise Services Group, walked the senators through the glitch caused by a young female programmer that affected 1.5 million out of its eight million clients from June 7 to June 8.

“Your honor, it was 100 percent definitely not a hack,” Jocson told the hearing, stressing the BPI’s system in question was not connected to the web.

“No money was lost,” he said, adding the glitch was addressed in 37 hours.

Jocson explained the computer “specialist,” who has been with BPI for three years, was doing a task that required her to access certain backup files in the bank’s ATM system in connection with a reconciliation request for debit card transactions from April 26 to April 29.

The specialist, who graduated at the top of her class, generated a file containing debit card transactions covering the April 27 to May 2 period to help her expedite the process.

After completing her task, the programmer failed to delete the file that was inadvertently stamped with the date, June 6.

As a result, when the balances were updated for June 6, what was reflected instead were all the transactions made from April 27 to May 2.

Out of the 1.5 million clients affected, Jocson noted the average debit was around P7,700 and average credit was P7,200.

Jocson said the programmer has owned up to the mistake and has since been reassigned to another unit with all her access privileges to the system revoked.

As far as the bank was concerned, Jocson said that it was treating the case as a simple lapse in judgment by someone wanting to do things faster.

He said there was no malicious intent in what she did and that she had absolutely nothing to gain from the incident. – With Lawrence Agcaoili, Jess Diaz