Close Menu
Philstar Tech
    • Deals
    • Contact Us
    • About Us
    Philstar Tech
    • Home
    • All Post
    • News
      • Features
    • Tech @Life
    • Reviews
      • Fitness
      • Laptops
      • Mobility
      • Smartphones
      • Wearables
    • Opinion
    • Latest Issue
    Philstar Tech
    Home » BSP urges banks to replace OTPs with stronger security methods
    News

    BSP urges banks to replace OTPs with stronger security methods

    Dawn SolanoBy Dawn SolanoMarch 11, 20263 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr Email
    Share
    Facebook Twitter LinkedIn Pinterest Email

    A text message containing a one-time password (OTP) often serves as the final step before an online banking transaction is completed. 

    However, the same code has also become a target for scammers, who trick victims into revealing OTPs through phishing links and fake customer service calls. 

    Due to these risks, the Bangko Sentral ng Pilipinas (BSP) is urging banks and financial institutions to adopt stronger authentication methods that do not rely solely on SMS-based OTPs.

    Under BSP Circular No. 1213, financial institutions supervised by the central bank are required to implement phishing-resistant multi-factor authentication (MFA) as part of enhanced cybersecurity measures. 

    The circular forms part of the implementing rules of the Anti-Financial Account Scamming Act (AFASA). which aims to curb the growing number of banking scams in the country.

    For years, OTPs sent via SMS have served as a second layer of protection for online banking and digital payment transactions. However, regulators say the method has limitations, particularly as cybercriminals develop more sophisticated ways to intercept or manipulate the codes. 

    In phishing attacks, scammers may trick victims into entering their OTPs on fake websites or sharing the codes through phone calls or messages. 

    In SIM-swap attacks, criminals take control of a victim’s mobile number, allowing them to receive OTP messages intended for the account holder.

    What could replace them?

    To reduce these risks, the BSP circular encourages banks to move toward stronger authentication technologies.

    One option already familiar to many consumers is biometric authentication, such as fingerprint or facial recognition. Several mobile banking apps already allow users to log in or approve transactions.

    Another emerging alternative is the use of passkeys, which rely on encrypted credentials stored directly on a user’s device.

    Some financial institutions may also adopt hardware security keys, small physical devices that generate encrypted authentication signals when connected to a computer or smartphone.

    Beyond authentication methods, Circular 1213 also requires financial institutions to strengthen their fraud detection and monitoring systems.

    Banks must deploy tools capable of identifying suspicious activity in real time, such as unusual login locations, abnormal transaction behavior or potential account takeover attempts.

    The circular also calls for improved customer account protection measures, including better processes for identifying suspicious or fraudulent accounts often used by scammers as “money mule accounts.”

    Are we on the way?

    Meanwhile, telecommunications providers, like PLDT via Smart Communications, are also stepping up efforts to reduce SMS-based scams. 

    The telco has introduced Smart Safe, a network-level security feature designed to block malicious links and attempts before they reach users’ devices.

    Smart Safe works by detecting suspicious domains and filtering scam-related content at the network level, protecting subscribers from clicking on harmful links often used in phishing attacks.

    For consumers, the shift may eventually mean fewer SMS verification codes and more transactions approved through fingerprints and facial scans.

    While the transition may take time, due to financial institutions that have yet to upgrade their systems, regulators like BSP believe that stronger authentication technologies will play a key role in protecting users from increasingly sophisticated online scams.

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Dawn Solano

    Content Producer for PhilSTAR Tech

    Related Posts

    HONOR 600 Series brings Google Gemini AI to more Filipinos

    July 14, 2026

    Acer keeps lead in Philippine laptop market

    July 13, 2026

    Meta pulls Instagram AI feature over privacy concerns

    July 13, 2026

    Most Popular

    Nothing Phone (4b) arrives in the Philippines, starts at P21,990

    July 8, 20262 Mins Read

    ChatGPT is now on Viber, here’s what you can do with it

    July 9, 20263 Mins Read

    Meta’s new Muse Image feature raises privacy questions

    July 10, 20262 Mins Read

    Companies should prioritize AI security investments in 2026, says CrowdStrike

    July 6, 20263 Mins Read

    Here’s where you can officially buy the Nintendo Switch 2 in the Philippines (with 2 years warranty perks to match)

    July 8, 20253 Mins Read

    Philippine firms adopt AI faster than AI security

    July 10, 20262 Mins Read

    Latest

    HONOR 600 Series brings Google Gemini AI to more Filipinos

    By PhilSTAR Tech TeamJuly 14, 20262 Mins Read

    Acer keeps lead in Philippine laptop market

    By PhilSTAR Tech TeamJuly 13, 20262 Mins Read

    Meta pulls Instagram AI feature over privacy concerns

    By Marlet SalazarJuly 13, 20261 Min Read

    Gaming industry veteran Benson Te shares blueprint for sustainable growth

    By Jianzen DeananeasJuly 11, 20264 Mins Read

    Meta’s new Muse Image feature raises privacy questions

    By Dawn SolanoJuly 10, 20262 Mins Read

    Philippine firms adopt AI faster than AI security

    By Marlet SalazarJuly 10, 20262 Mins Read
    Copyright © 2026 Philstar Tech | Powered by The Philippine STAR

    Type above and press Enter to search. Press Esc to cancel.