BDO has pushed back against allegations made by vlogger Maria Jamila Cristiana Gonzales Berenguer, calling her accusations of a system breach and insider involvement in unauthorized transfers “baseless.”
In a statement released Thursday, the bank pointed to its own probe, which showed that Berenguer’s registered mobile number remained unchanged and continued to receive all official alerts. Investigators found that a password reset and device registration were completed on September 14—actions validated through a one-time password (OTP) sent to her device—just a day before the questionable transactions.
The bank further clarified that BDO Pay requires either a PIN or biometric login for transfers, stressing that OTPs are only used for registering devices, not authorizing payments. It also noted that transaction notifications were sent six hours before the issue was reported to its hotline.
“BDO has put in place different features intended to protect clients’ accounts. These controls will not work if clients ignore warning signs and messages sent by the bank through official channels,” the bank emphasized.
Despite attempts to directly discuss the matter, BDO said Berenguer declined engagement and instead continued posting what it described as inaccurate content online.
The bank assured clients that its transfer limits were not bypassed and its system remains fully secure. “BDO’s system remains secure, with no evidence of any breach or insider involvement,” it added.
