Consumer Protection Advisories Cyber Security Tip #1: Keep your Online Banking Transactions Secure Need to access your funds during this Pandemic? For your safety, we encourage you to do your transactions online. BankCom Online Banking gives you the convenience of doing fund transfer, bills payment and other transactions using your computer, tablet, or mobile device. Manage your bank account, send emergency funds to your loved ones, and pay for your utility bills from the comfort of your home. Don’t give online fraudsters an opportunity to steal your money or your identity. To protect the account, keep in mind these tips: • Do online transactions using a secured network, not a public computer or public free WiFi connection • Check if the BankCom Online site is correct by checking the URL. It should begin with an “https” and must have a padlock icon beside the status bar that verifies the link’s authenticity • Change your password regularly and make sure it contains numbers, special characters, and upper and lower cases • Never share your password or One-Time Password (OTP) or the answer to the challenge question with anyone • Check your account balances and transaction history regularly • Never post or share your online banking login details Stay safe. Bank online securely. For inquiries, please call our Customer Care Hotline at (02) 8632-2265 or any of our Domestic Toll-Free Numbers: 1800-10-982-6000 (PLDT) and 1800-8-982-6000 (Globe Lines), or send us an email at email@example.com Cyber Security Tip #2: Beware of Online Scammers We understand the need to grab your daily essentials during this season when it is best and safest to stay at home. The good news is that you can have these delivered to you by purchasing online! But as we are slowly adapting and realizing the convenience that digitalization brings to us during this pandemic, BankCom still aims to ensure that your finances are well-protected from any illegitimate use. Here are the tips on how you can avoid the threat of unauthorized transactions by fraudsters: • Make sure that you access the correct online store link by checking if it has the padlock icon beside the status bar that indicates its legitimacy • Check the profile of the seller by browsing the customer feedback, if you wish to go to e-commerce sites with different sellers • Do not keep your card details, e.g. card name, card number, expiry date, and CVV, in a place where it is easily accessible by others • Never share your One-Time Password (OTP) to anyone • Check your account balances or Statement of Account regularly For inquiries, please call our Customer Care Hotline at (02) 8632-2265 or any of our Domestic Toll-Free Numbers: 1800-10-982-6000 (PLDT) and 1800-8-982-6000 (Globe Lines), or send us an email at firstname.lastname@example.org. Cyber Security Tip #3: Know How to Determine Phishing Attempts Be vigilant and stay away from Phishing techniques! Phishing is an act wherein fraudsters pretend to be from a legitimate institution. Phishing aims to get your account and login details which can result in identity theft and financial loss. It uses emails, SMS (“smishing”), and voice/phone calls (“vishing”) to reach out to consumers. What are the identifiers to know if there is a Phishing attempt? For emails: • Sender name and sender address do not match. The email address consists of the user identification and the organization domain which starts with the symbol “@”. If, for example, the sender’s name is Bank of Commerce, and the email address indicated is bocaccount@www. doraemon.ne.jp, then it doesn’t match with the sender name • It requires you to do an urgent action to update or login your account by clicking the link provided • It uses your bank’s logo to appear that it came from a legitimate institution For SMS or phone calls: • Caller pretends to be an employee of your bank to get your account information • Security alerts are sent to you for you to take urgent action to click on the embedded link What should you do? • Do not panic on threats of deactivating your accounts • Do not verify your account/login details and OTP through email, text or calls. Banks will not do business with you in this way. • Do not click the untrusted link for it will lead you to a fake login page that allows fraudsters to steal your account information. • Take note of the details of the sender/caller for reporting purposes • Immediately report to the bank any suspicious emails or calls you receive For inquiries, please call our Customer Care Hotline at (02) 8632-2265 or any of our Domestic Toll-Free Numbers: 1800-10-982-6000 (PLDT) and 1800-8-982-6000 (Globe Lines), or send us an email at email@example.com. The Role of Banks in Remittance Remittance refers to money that is sent or transferred to another party, often by a foreign worker to an individual in their home country. Common remittance services offered by banks are: • Credit-to-Account • Credit-to-Other Bank Account • Cash Pick-up • Door-to-Door delivery • Payments of E-Government Services Banks recognize the importance of Overseas Filipino Workers’ (OFWs) remittances and provide a secure and robust delivery channel. Banks ensure compliance to Anti-Money Laundering Act (AMLA) regulations, request for proper customer identification and closely monitor remittance transactions. Remittance plays a vital role in the lives of OFWs, providing countless assistance to finance the basic needs and wants of their families. Banks provide a safe and secure channel to deliver hard-earned money to their loved ones to support their goals and help them build a better future. By providing their beneficiaries with easy access to their remittances, financial institutions greatly contribute to the dream of every Overseas Filipino Worker to uplift his/her family’s standard of living. National Banking Week 2020 Theme: “Fintech: Bringing banking services closer to people” Basics of Credit Card: Part 1 - What you need to know about Credit Card A Credit card is any card or other credit device with the purpose of obtaining money, goods or services on credit. To utilize the credit card’s purpose, cardholders must understand basic credit card terms found in the Issuer’s Terms and Conditions, or the rules that govern the issuance and use of the credit card. Signing at the back of the credit card signifies that the cardholder has read, understood, and accepted the Issuer’s Terms and Conditions. Credit Limit The maximum amount assigned to a cardholder’s credit card for purchases, cash advances, balance transfers, and finance charges. Grace Period It is not an extension of the payment due date; rather, the time frame set for a cardholder to pay the credit card bill without incurring interest. Total amount due The total amount the cardholder owes as of the statement date from his purchases, cash advances, finance charges, penalties, fees, or others. Minimum amount due Lowest amount the cardholder has to pay on or before the Payment Due Date to avoid being considered in default. Finance charges Includes interest, fees, service charges, and other charges incident to the extension of credit. Simple Annual Rate Uniform percentage or ratio between the finance charge and the amount to be financed under the assumption that the loan is payable in one year with a single payment upon maturity and no up-front deductions to the principal. Effective Interest Rate The rate that exactly discounts estimated future cash flows through the life of the loan to the net amount of loan proceeds. It is the relevant true cost of the loan compared to the concept of a simple annual rate. Source: Bangko Sentral ng Pilipinas (BSP) Coming Up: Credit Card Basics: Part 2 – Know more about Cash Advance Safe Investing: Know the Popular Investment Scams Investment scams have been a rising issue not only in the Philippines but all over the world. Despite the numerous warning and public advisories, victims of these scams continue to grow in number as questionable investment institutions make new ways to reach out to unsuspecting customers. To protect investors from placing their financial status at risk, government agencies keep an eye on these institutions. In addition to the government’s active role in preventing scams, private entities such as banks must also educate their clients on how to keep hard-earned money in a secured institution, where it is possible to grow. In line with Bank of Commerce’s objective to protect its clients, we would like you to know the popular investment scams to avoid possible financial downfall. 1. Affinity Fraud This targets and takes advantage of the leaders of a group to convince members that these investments are legitimate and worthwhile. This type of scam leads to a damaged relationship within the group because all of them may not know that they have entered into an illegitimate investment. The money invested by the new joiners is being used to pay the earlier investors. 2. Advance Fee Fraud Fraudsters ask the investor to pay an advance fee right away in order for the deal to go through and promise to repay it back at a specified time. To reassure the investors, they use official-sounding websites and e-mail addresses and ask lawyers or agents to give ease to investors that the investments are safe, secure and legitimate. Fraudsters of this type of scam target investors who have already lost their money in other types of investments. 3. High-yield investment programs” or “HYIPs” This kind of scam is usually run by unlicensed individuals and promises returns of 30 percent or more, with little or no risk at all, and to be released on a daily, weekly, monthly or annual basis to make it more attractive to the investor. 4. Internet and Social Media Fraud Due to the internet’s and social media’s power to connect with people all over the world without putting in so much effort and money, fraudsters use this to make their investment promotion looks credible making it hard for them to determine what’s real and what’s not. This type of fraud also runs by 1) paying to online newsletters to recommend their stocks, 2) hiding the fraudster’s identity behind multiple aliases through online bulletin boards and chat rooms to introduce the questionable investment company, and 3) bulk e-mail with personalized messages to be sent to a huge number of people through spam or “junk-email”. 5. Ponzi Scheme Ponzi Scheme is named after Charles Ponzi, who deceived thousands of investors in New England. Just like other types of investment scams, it promises an enticingly high return with little or no risk at all. Fraudsters collect money from new investors and use this to give returns to the existing investors or some of it will be placed in their own pocket. To be able to maintain their questionable operations, they have to continue recruiting new investors to keep the money revolving. 6. Pyramid Schemes Its goal is just to recruit new investors through social media, internet advertising, company websites, YouTube videos, and other sources. Pyramid Schemes promise a high return in a short period of time without a need to sell a product or service but usually have a complex commission structure. They also use legitimate multi-level marketing programs to make their organization look like a legitimate business which gives a good impression to potential investors. For a list of companies duly registered to offer investments to the public, visit the Securities and Exchange Commission (SEC) website at www.sec.gov.ph. Be informed and aware of safe investing. Bank of Commerce is supervised by the Bangko Sentral ng Pilipinas with tel. no. (02) 8708 – 7087 and email address firstname.lastname@example.org Tips to Stay Safe and Prevent Credit Card Fraud Sign your credit cards as soon as you receive them. Make sure all transactions involving the use of your credit card are done in your presence. Never lend your credit card or disclose your credit card information to anyone. Never sign a blank credit card receipt. Transact only with secured websites. Look for “https” in the URL bar or the padlock sign usually found in the right corner of your screen. Do not enter personal information if you’re using an unsecured network (ex. public computer or public free Wi-Fi connection). Do not share your one time passwords (OTP) to anyone. OTP serves as authentication for online and mobile app transactions. The Bank will never ask for your OTP. Be wary when replying to unsolicited and suspicious e-mails. Fraudsters may find creative ways to lure you to divulge your account and login information in fake websites through techniques called PHISHING and SPOOFING. Banks and other financial institutions generally do not e-mail you for important personal information. Review your credit card bills immediately upon receipt. Make sure to validate all transactions and look out for anything that you don’t recognize. Do not leave sensitive documents containing personal information including receipts, monthly utility bills, and credit card statements in an unsecured place. Consider shredding these documents rather than simply throwing them away. Never surrender your card for renewal or replacement. Cut up or shred old credit cards. Immediately call the hotline of your bank or credit card company and report if you think you have given out information to a fraudster, or if you have unfamiliar transactions in your billing statement; Inform the bank immediately if your card is lost or stolen. Take all the right precautions and exercise due diligence so that you can limit the chances that fraudsters can take control of your credit card information. For more details, visit the Bank of Commerce website at www.bankcom.com.ph. Bank of Commerce is supervised by the Bangko Sentral ng Pilipinas with tel. no. (02) 8708 – 7087 and email address: email@example.com Safe Investing: Tips on How to Detect Investment Scams In today’s generation where preparation for the future is a must, investing has been one of the growing solutions that people take. Government agencies and private entities promote investments by making it easier, affordable and more accessible to Filipinos through instruments like mutual funds, trust funds, insurance, or stocks. People invest to obtain higher financial returns. Surprisingly, growing your money from this kind of instrument places your financial status at risk due to different types of scams. Investing takes time. It also requires knowledge for it exposes you to various risks. As you find opportunities to grow your money, we would like you to be aware of how to detect possible investment scams. Enticingly higher and guaranteed returns Investments promising higher returns entail higher risk. This is the reason why many consumers would still prefer to put their money on risk-free products such as savings or time deposit accounts. However, opportunities that offer exceptionally high security against risks possibly come with a relatively much lower expected return. When offered an investment that promises enticingly high returns, be more discerning about it. Huge returns in a short period of time Certain investments such as stocks may take time to yield high returns that can beat the dramatic change in inflation and market downturns. There may be instances that the returns from these investments diminish due to economic challenges or market forces. Therefore, if you are offered an investment that promises huge returns in a short period of time, be wary and verify the claims. Recruitment of other possible investors To make the solicited money grow, scammers ask the investors to recruit other investors in exchange for more income. Deal only with investment product solicitors, agents and brokers licensed by the Securities and Exchange Commission (SEC), or with employees authorized by the Bank. A Certificate of Incorporation from the Securities and Exchange Commission (SEC) doesn’t automatically mean that it is authorized by the SEC to engage in soliciting funds for investments. The actual investment product/instrument should be registered with SEC, if sold in the Philippines, or has the prior approval of the Insurance Commission in the case of insurance products. The list of companies that are authorized to offer investment products is posted on the SEC website. Request to provide social media accounts Keep your social media account private. Scammers get personal information and may keep themselves updated on your personal errands using these accounts. Avoid making conversations with people you are not familiar with. “Buy now or you’ll lose the opportunity” Do a lot of research before you invest. Know the salesperson, contact number (particularly the landline), and the company where he is associated. Do not deal with a salesperson who is hesitant to give such information. Scammers also insist on keeping details of your investment confidential. Knowing Real Against Fake Banking at the touch of your fingertips or e-Banking has come a long way to make paying your bills, sending money, or checking deposits convenient, stress-free, and safe. Yet while e-Banking security strengthens, fraudsters also keep busy finding creative ways to lure unsuspecting clients to divulge account and login information in fake websites through techniques called PHISHING and SPOOFING. What is Phishing? Fraudsters get your personal information through legitimate-looking e-mails and use these to illegally access your account. What is Spoofing? Fraudsters fool you to click a link to a website that looks legitimate to get your account details. PROTECT YOURSELF against phishing and spoofing! Beware of bogus or “look-alike” websites designed to deceive consumers. Follow these tips: Verify if the website is right and secure before you do any online transaction or submit personal information. Check if the website address or “Universal Resource Locator” (URL) begins with “https” and has a closed padlock icon beside it on the status bar (not open or slashed) of the browser Double-click on the padlock icon to show if the site’s security certificate is authentic or valid. Always enter the URL directly into the web browser. Avoid being re-directed to the website, or hyperlink to it from a website that may not be as secure. Use encryption software as much as possible, in order to scramble sensitive information you send through the website and protect your e-banking transactions. Know what’s FAKE through this illustration: And here’s how to know the REAL website: Be Familiar with Credit Card Fraud Types Credit Card Fraud (Part 1) Credit Card Fraud is the unauthorized use of your credit card or card information to make purchases or transact without your consent. These are the five (5) most common types of Credit Card Fraud Theft – Credit card is physically stolen and is used to purchase goods and services as if it were you who made these purchases. Stolen cards can be easily used to make online transactions in merchant websites or mobile apps which do not trigger a one-time PIN (OTP). OTPs are sent to cardholders to confirm the transaction. Identity Theft – Fraudsters obtain the information they need to assume your identity. They may call you and pose as bankers and ask you to provide personal information say, as part of the database update. Once they have such details, they can initiate transactions by using your credentials and you may become liable for the charges made. Skimming – Illegal copying of information from the magnetic stripe of the credit card and transferring the information to blank cards to create counterfeit credit cards. Phishing – This happens when fraudsters send you an email or a text message that looks like they were sent by your bank or credit card company, and ask for information such as the Card Verification Value or CVV of your credit card (i.e., the number located at the signature panel at the back of your credit card), log in IDs, and passwords. Card Replacement Scam – You will receive a notification from an individual claiming to be bank personnel, pretending that your card has been upgraded or has been compromised, and asking you to physically surrender your card. When your credit card gets into the hands of dishonest people and when your information has been illegally obtained, your credit card will be at risk of Credit Card Fraud. Protect Yourself Against Debit Card Fraud Debit Card fraud occurs when a thief steals your card information and your PIN to create a copy of your card, make unauthorized purchases and/or withdraw cash from your account. Bank of Commerce has put in place various facilities to make your Debit Card transactions secure, such as the latest EMV chip, EMV ATMs, 3D Secure One-Time Password, and transaction notifications, among others. However, cardholders can also take part in transaction security. How do you reduce your risk of Debit Card Fraud? Inspect the ATM– shake the card reader (where you insert your card) to ensure no hidden devices are attached to it. Check also for false keypads and buttonholes beside the screen where an unauthorized camera might have been installed to record your keystrokes. Look into the cash dispenser if there is any device installed that may trap the cash withdrawn. You may think that the cash was not dispensed at all but then the criminal can retrieve your trapped money. If you notice any suspicious device or false parts, report this immediately to the bank that operates the ATM. Protect your PIN – make sure to use your hand or shoulders as cover when entering your PIN through the keypad or the touchscreen monitor so that any camera or the person behind you won’t be able to obtain your PIN. Memorize your PIN and don’t write it down. Change your PIN regularly and don’t use an obvious PIN such as your birth date or part of your contact number. Regularly check your balance and recent transactions – The easiest way to detect unfamiliar transactions is to register in online banking and review your transaction history. The sooner you detect fraud, the easier it will be to limit its impact on your finances. Get Banking Alerts – You can immediately detect any suspicious transactions through these alerts when the Bank informs you by email or text message if a certain ATM transaction occurs in your account and when you use your card for online transactions. If enrolled in the facility, merchants send a one-time-password (OTP) for verification of transactions. Use a secured network for online transactions – Don’t transact in unsecured websites and avoid doing financial transactions using an unsecured network (ex. public computer or public free Wi-Fi connection) Save the customer service number (printed at the back of your card) on your phone. Immediately report to the Bank if you find anything unusual in your transaction history. If you are planning to go abroad and use your card, inform the Bank about your travel dates and destination. Update your contact information (e.g. mobile number, e-mail address) with the Bank so that the Bank can easily reach you if it needs to verify a certain transaction. Beware of Deceptive E-mails E-mails are an important medium through which banks and clients communicate. Banks use e-mails to advise clients about system maintenance or to confirm transactions they made through e-Banking. In as much as e-mails can be used for banking purposes, consumers should be aware that fraudsters also use e-mails to execute phishing and deceive individuals to divulge certain information to access their bank accounts. BE WARY! CHECK THE E-MAIL FOR WARNING SIGNS: Asks for your personal or account data, such as: username, password, PIN account number card number, CVV code birthday Claims to be sent by a financial institution because of official-looking logos and other identifying marks, but has a message or set of instructions which you find unexpected or not typical Starts with a generic greeting, such as “Dear Customer” or “To Our Valued Client”, and content that sounds threatening or meant to create a false sense of urgency such as “Verify your account”, “Update your account”, or “Failure to do so will result in account suspension.” Has poor grammar and misspellings, and accompanied by a link or phrase “click here” that intends to redirect you to another website, possibly fake (spoofing) Has a misspelled or different e-mail domain name. For example, instead of the correct domain “firstname.lastname@example.org”, the sender’s e-mail address domain appears as follows: INCORRECT: “email@example.com” boc-ph.com.ph”om.com.ph”. For example, the e-mail and report itnt number, card number, CVV code, PIN, birthday— incorrect due to double letter “k” INCORRECT: “firstname.lastname@example.org” boc-ph.com.ph”om.com.ph”. For example, the e-mail and report itnt number, card number, CVV code, PIN, birthday— not the same as “email@example.com” Does not give you the full contact details of the sender. When you see these warning signs, or if you believe you have fallen victim to this scam, CONTACT THE BANK IMMEDIATELY to verify or report the e-mail. Also: Do not reply or click any link in the suspicious message. Do not give personal and financial information requested through the suspicious e-mail.