MANILA, Philippines (Updated Dec. 24, 9:39 a.m.) — Social media users over the weekend claimed that BDO Unibank Inc. changed its terms and conditions allegedly in response to widespread reports on social media of sizable sums stolen from the accounts of bank depositors.
CLAIM: The supposedly new clause in the "updated" BDO Terms and Conditions reads: "Loss or damage you may suffer arising out of any improper, fraudulent access or utilization of BDO Online Banking due to theft or unauthorized disclosure of username, passwords, ATM PINs, Online Banking PINs, or violation of other security measures with or without your participation."
Related Stories
RATING: This is misleading.
FACTS: The clause is not new and is a "regular compliance" in the banking industry.
What the posts said
To recall, account holders and clients of the bank began reporting unauthorized transactions on social media with some saying they lost as much as P50,000 without their knowledge.
Users "discovered" the "new" terms shortly after and took their outrage to social media.
"In the future, they aren't liable if someone steals from your account. This is a massive red flag," one Twitter user wrote.
"Be careful in handling your bank accounts since it seems that banks are avoiding liability on the circumstances," another said.
"Major red flag right there. If this is the case, BDO better [make] sure they have perfect security measures in place. I’ve had my BDO account ever since I was in college but I will reconsider transferring to another bank because of this."
What they left out
The bank does have a portion in its terms on the "Use of Electronic Facilities" for its insurance product BDO Life that reads:
Loss or damage you may suffer arising out of any fraudulent access or utilization of BDO Life’s Electronic Facilities due to theft or unauthorized disclosure of User IDs, passwords, or violation of other security measures with or without your parTticipation.
According to the Wayback Machine, a digital archive of the World Wide Web, the same clause has been on the website as early as January 21 of this year.
At the time, the terms and conditions also said: "We reserve the right to vary these Terms and Conditions at any time and will give you thirty (30) days prior notice of such changes."
Terms and conditions governing deposit accounts, meanwhile, were last modified in March of 2017 and included a similar clause rendering the bank not liable in the case of "fraudulent or unauthorized utilization of the Card due to theft."
Its debit card terms and conditions have the same clause and were last modified in May 2021.
Even the Bank of the Philippine Islands on its website has a clause in its terms and conditions that says the bank shall not be liable "for any loss or damage, whether the same is caused or is due to unauthorized or fraudulent access or utilization of your BPI Debit Card, any service, facility or channel."
The UnionBank of the Philippines is also not liable for loss or damage in the event of "Loss or damage arising out of any fraudulent access or utilization of the facility due to: (1) theft; (2) unauthorized disclosure of mobile phone numbers, emails, passwords, and one-time passwords; (3) deactivation of the OTP; and (4) the unauthorized usage of biometrics, and other security measures used in the facility with or without your participation."
CIMB Bank Philippines Inc. has the same clause.
Metrobank Online Banking, according to its terms and conditions, shall also "not be liable for any loss or damage in connection with any unauthorized interception or use of data relating to the Depositor/Cardholder or to his account(s), including missending thereof."
Essential context
In a statement issued Sunday, BDO pointed out the same. "Liability clause is a regular compliance in the banking industry. This has been part of the normal compliance for a long time. There was no added clause due to the recent incident," the bank said.
"BDO made exceptions and shouldered the losses not caused by the clients to maintain good customer relationship even if the Bank is not legally liable."
The Sy-led bank also agreed to reimburse the financial losses of close to 700 clients affected by massive online hacking incidents over the past few days, which resulted in several unauthorized electronic fund transfers.
This, after the Bangko Sentral ng Pilipinas coordinated with the bank to ensure that victims were reimbursed.
"The BSP has been monitoring the surge in complaints posted in social media platforms since the early part of this week," BSP Governor Benjamin Diokno said on December 12.
"We are in close coordination with BDO as well as UBP on this incident to ensure that remedial measures are being undertaken, including reimbursement of affected consumers."
In a separate statement, BDO Unibank said it had already been informed on the concerns and assured clients that it was "looking into each of the cases."
It also began prompting users to update their login credentials with a pop-up notification on its mobile app.
Why does this matter?
As it currently stands, the original tweet by one Jasper Salceda has garnered over 8,370 retweets, 3,200 quote tweets, and 26,900 likes.
According to CrowdTangle, a social media monitoring tool, 7,181 posts including the words "BDO" and "Terms and Conditions" have been tallied on Facebook in the past seven days.
Collectively, the posts have amassed 130,834 interactions on the social networking website.
— Franco Luna
--
Erratum: The latest update corrects the first quoted source of the clause "Use of Electronic Facilities" to be under the terms of BDO Life, an insurance product. It was not from terms released by its umbrella company BDO Unibank.
--
This story is part of the Philippine Fact-check Incubator, an Internews initiative to build the fact-checking capacity of news organizations in the Philippines and encourage participation in global fact-checking efforts
Want to know more about our fact-checking initiative? Check our FAQs here.
Have a claim you want fact-checked? Reach out to us at factcheck@philstar.com.