By Karl Angelo N. Vidal, Reporter
STATE-RUN Credit Information Corp. (CIC) has pushed back the launch of the country’s centralized credit information system as it is still ensuring the quality and safety of data.
In an interview, CIC President and Chief Executive Officer Jaime P. Garchitorena said the national credit information system should go live “within the next quarter,” well beyond an earlier January target.
“We should be going live, I want to say July, but we should be going live within the next quarter,” Mr. Garchitorena told BusinessWorld last week.
Mr. Garchitorena said the national credit registry is still ensuring the security of their database amid escalated cybersecurity threats.
“In all my interviews, I’m very careful to couch my predictions because before going live, security is a major concern. And the environment has become such where many of the…data outside CIC can [be exposed] to fraud and misuse,” he said.
“The Comelec breach was the largest in the Philippine history, and the level of data that was leaked out of the public was so substantial that it actually has the potential to allow fraud to happen,” Mr. Garchitorena said.
To recall, hackers under the name LulzSec Pilipinas leaked the “whole database” of the Commission on Elections in 2016, exposing voters’ registration data.
Amid heightened cybersecurity threats, Mr. Garchitorena said the CIC instituted a series of information technology audits, vulnerability assessment and penetration testing to ensure the data in the centralized system will be secured.
“We moved back the go live schedule because of that,” he said.
In a July 2017 interview, Mr. Garchitorena said CIC’s January 2018 target for the database to go live may be pushed back should the firm experience issues in the system primarily involving security measures.
Republic Act No. 9510 or the Credit Information System Act mandates the establishment of a comprehensive and centralized credit information system, with CIC tasked to consolidate the data.
The law also states that submitting entities, which are the lenders, are required to submit and provide all credit data of their borrowers in their database to the CIC.
Aside from ensuring the security of the credit information system, Mr. Garchitorena added the CIC is currently in a “validation stage” where it is “getting a sense” of how much data they carry have inaccuracies that may stem from being old or poorly maintained.
“We expect real volumes of paid-for transactions to happen within the quarter. Once there’s a financial exchange, then it becomes a real product,” Mr. Garchitorena said.
By next quarter, the CIC hopes that it will be able to charge its users, receive data corrections from special accessing entities (SAE) and other financial institutions.
“That’s what we hope to see in the third quarter,” Mr Garchitorena said, noting that “going live” is not like flipping a switch to be open for business.
“Going live is rolling the services of the CIC in a manner where we can view the impacts across usage cycles and then start building safeguards or managing the situations as it happens.”
The system can be accessed by two kinds of users: the SAEs or credit bureaus, as well as the submitting financial institutions, such as banks, cooperatives, lending firms, to name some.
Currently, there are four official SAEs namely local firm CIBI Information, Inc., South Africa’s Compuscan, Italy’s CRIF S.p.A, and United States’ TransUnion Information Solutions, Inc.