Philippine Daily Inquirer
Now Reading
BSP eyes shift away from OTPs to fight fraud
Philippine Daily Inquirer
Philippine Daily Inquirer
Dark Light
Bato mourns pilot’s death after chopper that serviced him crashed
DSWD wants P12-B from AKAP funds to be exempt from election spending ban
Mass shootings horrify the Balkans but illegal guns still thrive
BSP oks relief for banks in typhoon-hit areas
Brewing trade war spooks investors
INQUIRER LIFESTYLE FOOD AWARDS
February 4, 1986: Cory’s 1st 100 days
Big biz group joins call to stop ₱200 wage hike
‘Devils’ take to the streets in Spanish village fest
Docs decry ‘sabotage’ of gov’t health program
DA declares food security emergency
Barbie Hsu, Meteor Garden’s ‘Shan Cai,’ dies of flu at 48

BSP eyes shift away from OTPs to fight fraud

Avatar
by
February 4, 2025

The Bangko Sentral ng Pilipinas (BSP) wants financial firms to eventually move away from one-time passwords (OTP) and instead adopt a more secure and sophisticated method of authenticating transactions to combat fraud and other financial cybercrime.

During the recent media information session of the BSP, central bank Deputy Governor Elmore Capule stressed the need to make authorization processes for fund transfers “future proof” to prevent financial criminals from keeping up.

“You know how technology is. If you say that what we have right now is efficient, then by next week or next year, it may no longer be,” Capule told reporters.

“What we are saying is that we are encouraging the banks to go on a higher level of protection. While what we have now is maybe sufficient for now, we want them to continually upgrade,” he added.

Phishing

The plan would place the Philippines together with other countries that have abandoned OTPs.

Last year, major retail banks in Singapore phased out OTPs to better protect consumers against phishing.

This, as technological developments and more sophisticated social engineering tactics have enabled scammers to more easily phish for customers’ OTP.

And the BSP has already laid the groundwork for the upcoming transition.

The central bank is currently soliciting the industry’s feedback on a draft circular that would require banks and nonbanks to adopt an “aggressive security posture” against financial cybercrimes. Among the safeguards being proposed by the regulator is the limitation on the use of OTPs and other “interceptable” authentication mechanisms.

See Also
BIZ BUZZ: HK, Cebu top Pinoy holiday picks

That said, the central bank wanted regulated entities –– especially those engaged in “complex” digital products and services –– to put in “stronger” authentication processes that are both secure and convenient. Among the examples is the use of biometrics via fingerprint scanning, as well as facial and voice recognition.

The plan to ditch OTPs is part of the BSP’s active effort to fight fraud with the enactment of the Anti-Financial Account Scamming Act (Afasa). The law not only prohibits and punishes financial cybercrimes but also compels regulated entities to employ adequate risk and fraud management systems.

Capule, one of the brains behind Afasa, said there will be a transition period for the shift away from OTPs.

“We have a consultation with the industry on exactly how long they think they can transition,” he said.

Tags
Philippine Daily Inquirer

© The Philippine Daily Inquirer, Inc.
All Rights Reserved.

Scroll To Top