Banks and e-wallet operators will be required to stop using SMS- and email-based one-time passwords for high-risk transactions starting June 25 under a directive issued by the Bangko Sentral ng Pilipinas.

Under BSP Circular No. 1213, financial institutions covered by the policy must adopt stronger authentication measures, including biometric, behavioral or passwordless verification systems, to better protect customers from fraud and cybercrime.

The requirement applies to BSP-supervised financial institutions that process an average of more than P75 million in online transactions per month. These include most universal and commercial banks, all digital banks, and select cooperative, thrift and rural banks.

“The BSP is equally dedicated to promoting innovation in financial services as to protecting customers from new forms of fraud, including technology-enabled fraud,” BSP Deputy Governor Lyn Javier said in a statement.

“We are pleased that banks and e-wallet operators are stepping up on both fronts,” she added.

The BSP said stronger authentication measures must be applied to transactions deemed high-risk based on factors such as transaction amount, customer behavior, recipient profile, transaction patterns and the type of product or service involved.

Lower-risk transactions may still use one-time passwords sent through SMS.

Covered institutions are also required to strengthen their fraud monitoring systems to detect suspicious activities, including rapid transactions, transfers to new recipients and transactions conducted through unfamiliar devices.

The central bank said institutions not covered by the circular are not required to immediately adopt the new authentication methods but must continue assessing risks associated with their products and services and implement appropriate safeguards.

“The BSP is committed to promoting a safe, secure, and resilient digital payments ecosystem while supporting the continued growth of digital financial services,” the central bank said.

The BSP has said the shift away from traditional OTPs forms part of broader efforts to combat financial fraud and aligns with international practices already adopted in several countries.

Staff Report17 seconds ago

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Staff Report

Related Articles

Palace praises Robredo for recognizing housing gains

NBI to file human trafficking case against Mike Defensor

Sara visits wake of students killed in Tacloban school shooting

Filipino Accountants in UAE gather for PICPA Dubai Leadership, induction ceremony