Cyber resiliency in the PH fintech industry

Fintech services are leading digital adoption in the Philippines. Driven by work-from-home arrangements, distance education and social distancing protocols, more Filipino consumers are purchasing and paying online, and sending money digitally to others.

This is evidenced by a 37-percent annual increase in PESONet transactions to P502 billion last year, according to the Bangko Sentral ng Pilipinas (BSP). The number of Filipinos with access to banks and electronic money channels also rose to 41 million as of late last year, the BSP said.

These underscore the key role of fintech (financial technology) companies in the Philippines — they comprise 15 percent of start-ups in the country. Their market value is expected to grow to $10.5 billion this year from about $5.7 billion in 2018, according to Startup Genome’s 2019 Global Startup Ecosystem Report.


With digitization comes exposure to cybersecurity risks, however. Cyber threats are now considered a major concern among fintech players. It was opportune, therefore, when fintech executives and professionals converged during the recent “Cyber Resiliency in the Fintech Industry” virtual forum organized by HP, Intel and Phil-Data Business Systems.

The session was opened by Angie Recometa, Phil-Data sales manager for HP, who said that “the use of fintech services comes with many challenges; as digital transactions increase… reports of breaching attempts, data breaches and other cyberattacks also emerged.”


“Cyber criminals are more persistent, they are more skilled, organized, talented and sophisticated than ever; our endpoints are the most vulnerable targets. End point security is more vital than even as the first line of defense,” she added.

Recometa was referring to laptops and mobile devices as becoming vulnerable to cyberattacks when consumers use these in digital transactions.

The first speaker was Jan Martin Encina, head of information security governance and operations at Maya, a homegrown fintech firm powered by its digital payments company, PayMaya, and the recently launched digital bank, Maya Bank. His talk centered on how Maya was protecting its customers by making an analogy with airline travel safety.

Airport security for Maya, he said, is all about securing the operating environment, i.e. getting the fundamentals right in the organization, which entails all employees uniting to fight cybercrime.


Pre-departure checks involve knowing Maya’s customers, both good and bad. This means verifying and identifying identities, monitoring transactions, and continuously reviewing rules and thresholds.

In-flight security, meanwhile, is about securing Maya’s product while keeping the customer experience seamless. Maya does this by shifting to biometric authentication from passwords, securing mobile apps and APIs, and monitoring for cyberattacks and fraud round-the-clock.

Finally, flying on autopilot means leveraging the use of automation and artificial intelligence against cybercrime. Maya utilizes a robust intelligence and automated incident response as well as behavior-based anti-malware tools in both cloud and on-premise assets.

The next speaker was Lito Villanueva, the founding chairman of FinTech Alliance PH and executive vice president and chief innovation and inclusion officer at RCBC. He described digital resilience as “building back better by harnessing advancements in technology can contribute to adding more meaning and value and lives of more people.”


“To sustain the health of our digital finance systems, it imperative for us to understand the current trends in big data and cybersecurity” such as in artificial intelligence, emerging data marketplaces, ransomwares and the Internet of Things, he added.

“One way to protect our institutions and customers from data breaches is through the use of zero trust strategy, i.e. operating our data systems and platforms in such a way that all users are required to be authenticated and continuously verified before they are authorized to access and use them,” Villanueva continued. His final note was that “data protection and cybersecurity is everyone’s responsibility.”

All speakers agreed that cyber threats were increasing but all of them also pronounced that industry players and stakeholders should all be united to combat the danger.

The author is CEO of Hungry Workhorse Consulting, a digital and culture transformation consulting firm. He is fellow at the US-based Institute for Digital Transformation and teaches strategic management in the MBA Program of De La Salle University. The author can be emailed at