Inquirer Plus
Now Reading
30% of FinTech Alliance members now OTP-free 
Inquirer Plus
Inquirer Plus
Dark Light
D&L profit hit P2.6B in 2025
PSEi rebounds amid hopes of US-Iran deal
March 26, 1996: Probe reveals web of DOH corruption
Marcos gets special power to cut or suspend fuel tax
PNP: 415 gas stations shut for hoarding, overpricing
P20-B emergency fund set to secure fuel supply
Police note mounting suicides in PH capital
Corruption issues hound Marcos, Duterte in Pulse Asia poll
House panel asks for Sara’s SALNs, files on her threat to kill Marcos
US colleges turn to oral exams to combat AI
Police official accused of harassment quits post
Cops bust ‘e-sabong’ in Manila; 174 arrested

30% of FinTech Alliance members now OTP-free 

Nyah Genelle C. De Leon
by
March 26, 2026

Roughly a third of financial technology firms under the FinTech Alliance PH have already ditched their one-time password (OTP) authentication systems ahead of the June deadline set by the Bangko Sentral ng Pilipinas (BSP).

Speaking to reporters, Lito Villanueva, founding chair of the industry group, said about 30 percent of their more than 150 members, or around 45 firms as of March, have already complied with the central bank’s directive.

This already includes digital banking giant Gcash, with Maya expected to follow soon.

“The whole idea is for all of us to be OTP-less across the board,” Villanueva said.

He cited the Anti-Financial Account Scamming Act (Afasa), which criminalizes the use of financial accounts to move or hide criminal proceeds. In line with this law, the BSP has ordered banks and financial institutions to phase out short messaging system (SMS) or text-based OTPs and adopt stronger security measures by the end of June.

Under the new rules, institutions must implement advanced authentication methods, including biometrics, fingerprint or facial recognition, in-app approvals, push notifications and device-based verification.

A draft circular released earlier this month further directs banks to adopt robust biometric authentication for high-value online transactions and sensitive account changes.

This involves server-side verification, where a customer’s fingerprint, facial scan, or other biometric credential is checked within the secure back-end infrastructure of a bank or its authorized third-party provider using centrally stored reference templates.

See Also
Phinma takes over Southeastern Colleges for P690M

For Villanueva, the shift to alternative authentication methods comes with added costs, but compliance is mandatory.

“The tools for anti-fraud should be implemented. If you’re not compliant, the liability now shifts to the bank or to the fintech player. That’s how it is. That’s where fintech players are at risk,” he explained.

“It’s part of compliance. It’s part of having to protect the interests of the consumers,” he added.

Tags
Inquirer Plus

Have problems with your subscription? Contact us via
Email: plus@inquirer.net, subscription@inquirer.net
Landline: (02) 8896-6000
SMS/Viber: 0908-8966000, 0919-0838000

© 2025 Inquirer Interactive, Inc.
All Rights Reserved.

Scroll To Top