How is Southeast Asia tackling cyberattacks on the underbanked?

Southeast Asia is the world’s fastest-growing internet market, with a digital economy poised to hit $600 billion in gross merchandise value by 2030.

However, the rapid growth of digitalization has also led to a steep increase in cybercrime in the region – up by 82% from 2021 to 2022 – highlighting the urgent need for tackling cyberattacks on the underbanked population, who are particularly vulnerable due to low digital literacy and reliance on informal financial services.

On the consumer level, over 50% of consumers in Taiwan, Thailand, Korea, Philippines, Malaysia, Hong Kong, Singapore and Indonesia report encountering scams at least once a week. The financially underserved – numbering 225 million in 2023 – are especially vulnerable due to low digital literacy and reliance on informal, less secure financial services with lower barriers to entry.

The danger to them is twofold: aside from victimizing their finances and personal information, scammers also traffic many job-seekers into cyber slavery at “scam farms” across the region.

Singapore, one of Southeast Asia’s leading countries in cybersecurity readiness, is currently advocating for a Shared Responsibility Framework for tackling cyberattacks on the underbanked and the loss responsibility for phishing scams.

Financial institutions, followed by telecommunication operators, will bear the total loss upon failure to fulfil their prescribed duties. If there is no fault on their part, the Shared Responsibility Framework will not require payouts to consumers, making it critical for them to maintain due diligence.

Many Singapore banks also enforce security measures such as preventing the installation of their apps on phones with sideloaded apps, adding steps and wait times to give users time to analyze the legitimacy of transactions, and removing clickable links in SMS and emails.

In the Philippines, a developing country regarding cyber-readiness, most financial institutions and telecommunication operators enforce the same security practices on consumer SMS and emails. Still, social media scams remain rampant.

First Circle, a Philippine fintech firm specializing in smart banking solutions for small and medium enterprises, has reported 10 Facebook pages impersonating them and their employees since January 2024; only three had been taken down at the time of writing.

In 2022, First Circle also fought to remove a fraudulent loan app using their name from the Google Play Store. The process took over a year to complete and their customer service team assisted four victims in filing reports with the Securities and Exchange Commission (SEC) and Google Philippines.

The Philippines is also cracking down on Chinese-run online gaming operations, some associated with online scams and other illegal activity. Similar operations are ongoing in Cambodia, Laos, and Myanmar, countries with limited cybersecurity capabilities; scammers here account for $39 billion in stolen funds annually.

Cambodia is drafting a cybercrime law that could threaten human rights and expose people to increased cyber threats due to its vague language and citizen protections that fall short of international standards.

Laos is cooperating with international law enforcement to combat scam farms. It is also collaborating with other countries to build its cyber capabilities, such as implementing a national information security monitoring system with Vietnam.

Myanmar’s ongoing conflict prevents meaningful efforts to manage cybercrime; militias along its border have set up massive criminal operations associated with online scams and cyber slavery.

Grassroots efforts, such as financial literacy initiatives and community programs, are vital in tackling cyberattacks on the underbanked, as they help educate vulnerable populations on identifying scams and safeguarding their personal information.

In the Philippines, a country with low reading and financial literacy rates, grassroots-level education to protect the unbanked is a focus.

“Financial consumers themselves are our frontliners against cyber threats,” says Philippine SEC Commissioner McJill Bryant Fernandez. “By investing in financial literacy initiatives, we can empower financial consumers and strengthen this vital line of defence.”

One such initiative is Project ACUITY by the Philippine Cybercrime Investigation and Coordinating Centre (CICC). The programme teaches communities in geographically isolated and disadvantaged areas how to identify scams, safeguard personal data and recognize potential human trafficking situations.

“Through the trifecta of Connect, Capacitate and Confluence, we’re confronting fintech cybercriminals, whose schemes often begin with phishing and social engineering,” says CICC Assistant Secretary Mary Rose Magsaysay.

Through intelligence-sharing and public-private partnerships, Southeast Asian countries can also improve detection and prosecution of cross-border scam operations and establish a more cooperative mechanism for enforcing policies.

In the Philippines, the Bangko Sentral ng Pilipinas (BSP) collaborated with lawmakers to pass the Anti-Financial Account Scamming Act (AFASA). It enhances collaboration in the financial community regarding financial crimes and authorizes financial institutions to hold disputed funds in accounts under certain conditions.

“Through AFASA, it is envisioned that victims of financial scams and fraud are able to recover their hard-earned money while preserving the integrity of financial accounts and fostering a secure financial ecosystem,” says BSP Deputy Governor Chuchi Fonacier.

The Philippine SEC’s Cyber and Forensics Division also assists foreign regulators by obtaining and processing evidence to prosecute ICT-related securities fraud.

“Our trend analyses as to the methods used by fraudsters and the demographics of victims and vulnerable sectors shape our strategies and policy measures in protecting investors,” says SEC Commissioner Rogelio Quevedo.

Cross-border alignment between governments can lead to the development of a centralized authority similar to the European Commission, which standardizes new laws, regulations and information-sharing practices related to cybersecurity, data processing and online access.

It can also mean that consumer protections are at par with international standards and that there is more shared responsibility among stakeholders such as financial institutions and telecommunication operators, so Southeast Asia’s underbanked aren’t always left to foot the bill.

As Southeast Asia continues to expand its digital economy, governments, financial institutions and communities must collaborate effectively in tackling cyberattacks on the underbanked.

By enhancing cybersecurity measures, promoting financial literacy and fostering regional cooperation, stakeholders can help protect vulnerable populations from the rising tide of cybercrime.