BSP orders banks to go beyond OTPs

BSP orders banks to go beyond OTPs

/ 02:30 AM June 13, 2025

BSP orders banks to go beyond OTPs

MANILA, Philippines — The Bangko Sentral ng Pilipinas (BSP) has ordered banks to supplement one-time pins (OTPs) with more secure authentication methods to curb cybercrimes like scams and fraud.

While the ultimate goal is still to eventually shift away from OTPs, Deputy Governor Elmore Capule said the BSP was cognizant of the fact that such an undertaking can be very expensive for financial institutions.

Article continues after this advertisement

Thus, Capule explained that the central bank wants regulated entities to limit the use of interceptable authentication mechanisms like OTPs, while adopting more safety measures for consumers.

FEATURED STORIES

READ: BSP eyes shift away from OTPs to fight fraud

“Because we have to realize that all of these things are very, very expensive. That’s the reality. So, we are giving them (financial institutions) sufficient time,” he told reporters in a press chat.

“But, at the same time, we realize that if they will not adapt to this, then we cannot really solve these scamming, these frauds. So, it’s a calibrated approach,” he added.

BSP Circular No. 1213 ordered banks to limit the use of authentication mechanisms that can be shared with, or intercepted by, third parties unrelated to the transaction. The central bank said there was an increasing prevalence of social engineering attacks aimed at obtaining the login credentials of victims.

Article continues after this advertisement

READ: ‘Digital hygiene’ cuts probability of being scammed

Additional methods

The BSP said regulated entities, especially those engaged in “complex” digital products and services, must go beyond OTPs and adopt additional methods like biometric authentication, behavioral biometrics and password-less authentication such as hardware tokens and cryptographic keys.

Article continues after this advertisement

As it is, the Philippines wants to follow the examples of other countries that have abandoned OTPs.

Last year, major retail banks in Singapore phased out OTPs to better protect consumers against phishing. This, as technological developments and more sophisticated social engineering tactics have enabled scammers to more easily phish for customers’ OTP.

The plan to eventually ditch OTPs is part of the BSP’s active effort to fight fraud via the Anti-Financial Account Scamming Act.

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

READ: Marcos signs laws to improve gov’t procurement system, curb online scams

The law not only prohibits and punishes financial cybercrimes but also compels regulated entities to employ adequate risk and fraud management systems.

TAGS: BSP, cybercrimes

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2025 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.