Philippines AFASA

AFASA and the Fight Against Scams in the Philippines

The Philippines' Anti-Financial Account Scamming Act (AFASA) aims to combat online fraud and scams, introducing stricter requirements for banks to enhance fraud prevention systems and protect customers.

Scams in the Philippines: What AFASA Means for Banks

                  
Contact Us

Thanh Tai Vo

Director of Fraud and Identity, Asia Pacific

AFASA and the Fight Against Scams: What Banks Need to Know in the Philippines

Philippines AFASA
The Philippine’s new Anti-Financial Account Scamming Act (AFASA) is the latest and most significant step by regulators to tackle the growing problem of online fraud and scams across the country.  The Act introduces significant new responsibilities for financial institutions to implement much stronger fraud management systems to protect customers. 

Scams and fraud have proliferated in The Philippines in recent years, as criminals have sought to take advantage of the popularity of digital services, such as mobile banking and e-commerce.  A recent study found that suspected digital fraud rates in the country are two-thirds higher than the global average, making the Philippines recognized as the epicenter for online shopping scams
The pandemic significantly accelerated this trend. From 2019 to 2023, digital fraud grew by 105%, and the situation continues to worsen, with the Philippine National Police reporting a 22% increase in cybercrime cases in the first quarter of 2024.

 

In recent years incidences of digital identity theft and scams that involve fraudsters gaining access to user credentials that allows them to take over a genuine customer’s account or persuade a customer to transfer money to an account controlled by them, have risen sharply. The Philippine National Police recorded almost 3,000 cases of digital identity theft in 2023, up 12% on the previous year, and our own data shows that account takeover attacks across the APAC region increased by 18% in 2023 and 52% in 2022. Scams and third-party account takeover account for more than 44% of all frauds in the region.

The new legislation

AFASA was signed into law, also known as Republic Act 12010, in July 2024, with the aim of combatting financial cybercrimes, safeguarding the interests of financial consumers, and upholding the integrity of the financial system.

The new Act takes a multi-faceted approach to tackling scamming:

  • It widens the definition of financial crime to criminalize activities including money mule activity (such as taking over someone else’s account or opening an account using a false identity), social engineering schemes (obtaining sensitive identifying information through deception or fraud, which leads to unauthorized access of an account), and acts of economic sabotage;
  • It introduces severe penalties for scammers, including substantial fines and imprisonment;
  • It provides Bangko Sentral ng Pilipinas (BSP) with the authority to examine and investigate bank accounts, e-wallets, and other financial accounts that are involved in prohibited acts, including suspected scams;
  • Imposes responsibilities on BSP-supervised institutions to put in place adequate risk and fraud management systems to ensure that their customers’ accounts are protected. 

In practice this means that it is now mandatory for institutions to implement fraud risk management systems that are proportionate to the size and complexity of their business. AFASA builds on requirements set out in the BSP’s Circular 1140 issued in 2022, which requires banks and other financial institutions to ‘implement automated and real-time fraud monitoring and detection systems to identify and block suspicious or fraudulent online transactions.’ Institutions that fail to meet the requirements could face investigation by the BSP and the possibility of severe penalties.

Fraud challenges facing businesses and consumers

The challenge for institutions is to meet these regulatory requirements without introducing friction into the customer experience. Three quarters of organizations in the APAC region say that customer conversion rates have declined because of increased customer verification checks. Organizations must also find a way to leverage digital intelligence, and analyze, link and make sense of hundreds, if not thousands, of data points and signals that are registered from a single user activity or transaction online.

The fraud landscape is constantly evolving, driven by the surge in new payment methods, digital services and channels in recent years. Detecting fraud attacks in near real-time in a fast-moving digital environment is highly complex, and bad actors are constantly developing more sophisticated techniques. Adding to this complexity are the increasing threats from the use of synthetic and stolen identities, spoofing techniques and the emergence of AI-related scams, such as deepfakes and voice cloning, that cybercriminals use to scam unsuspecting victims. 

Funds obtained from illegitimate activities are funneled through fraud and mule networks that are difficult to detect and track with conventional fraud detection techniques. Identifying mule accounts is challenging because some of the victims are unwitting money mules, who are either unaware that they are part of illegal activities or have been coerced by cybercriminals to launder money on their behalf. 

A multi-layered solution

Advances in technology mean that powerful automated solutions are available to help institutions protect their customers and meet legislative requirements. But fraudsters are becoming more inventive by the day – and that is why LexisNexis Risk Solutions has helped businesses combat fraud and scams with a multi-layered fraud prevention strategy that delivers actionable intelligence at key touch points in the customer journey.

Our machine learning models analyze vast amounts of data through our Digital Identity Network®, a comprehensive repository for crowdsourced, tokenized  data on billions of consumer interactions online. This forms the foundation for a multi-layered approach:

  • Building a risk profile for each user. ThreatMetrix® analyzes transactions and attack patterns from billions of global online transactions in near real-time and builds risk profiles of users as they interact online. 
  • Create a digital identity. Using this unique digital intelligence, we build reliable, anonymized digital identities of every online user as they transact across locations, devices and digital businesses. This intelligence helps our customers better distinguish between a trusted user and a potential threat. 
  • Identify suspicious behavior. Behavioral intelligence has become a crucial part of fraud prevention strategy to tackle the rise of AI and deepfakes, remote access, and investment and romance scams. BehavioSec® is a behavioral biometrics solution that is able to detect suspicious activity, including indications of bots or signs of coercion. User interactions that deviate from normal behavior that is associated with a trusted digital identity are flagged as suspicious and additional step-up authentication can be considered to confirm the user’s identity.   
  • Focus on beneficiaries. The risks associated with beneficiaries can often be overlooked in fraud prevention. Traditionally, institutions have focused their fraud prevention efforts on their customers; as regulators focus more on stopping money mules, preventing illicit money flows coming into the network is equally important.

AFASA is a strong indication of the growing threat in the region from fraud and online scams, and a sign that regulators will be expecting institutions to take significant steps to protect themselves and their customers. For more information about our comprehensive LexisNexis® Risk Solutions services, get in touch today.

Corporations Financial Services
Fraud

Have Sales Contact Me

Related Resources

Read More Resources & Insights
Loading...

Products You May Be Interested In