Philippine Daily Inquirer
Now Reading
BSP orders banks to go beyond OTPs
Philippine Daily Inquirer
Philippine Daily Inquirer
Dark Light
In ‘Youth Group’ comic, evangelical kids sing silly songs about Jesus, fight demons
First Gen cues initial $25-m outlay for solar
June 13, 1997: Palace belittles opposition bloc
Philconsa: Senate act can endanger PH democracy
Marcos calls on Filipinos to demand accountability, uphold truth
More than 200 dead as Air India plane crashes after takeoff in Ahmedabad
House lead prosecutor: We better be ‘cooperative’
Victims, kin already outside PH can still join ICC case vs Du30
Filipino families flee Northern Irish home amid anti-immigrant violence
Not-so-hot pursuit: Cops chase suspect on a tractor
DOH wants vape devices banned within schools
‘Cocolisap’ victims ask gov’t for P25K cash aid

BSP orders banks to go beyond OTPs

Avatar
by
June 13, 2025
BSP Deputy Governor Elmore Capule —PHOTO COURTESY OF BANGKO SENTRAL NG PILIPINAS/LINKEDIN

The Bangko Sentral ng Pilipinas (BSP) has ordered banks to supplement one-time pins (OTPs) with more secure authentication methods to curb cybercrimes like scams and fraud.

While the ultimate goal is still to eventually shift away from OTPs, Deputy Governor Elmore Capule said the BSP was cognizant of the fact that such an undertaking can be very expensive for financial institutions.

Thus, Capule explained that the central bank wants regulated entities to limit the use of interceptable authentication mechanisms like OTPs, while adopting more safety measures for consumers.

“Because we have to realize that all of these things are very, very expensive. That’s the reality. So, we are giving them (financial institutions) sufficient time,” he told reporters in a press chat.

“But, at the same time, we realize that if they will not adapt to this, then we cannot really solve these scamming, these frauds. So, it’s a calibrated approach,” he added.

BSP Circular No. 1213 ordered banks to limit the use of authentication mechanisms that can be shared with, or intercepted by, third parties unrelated to the transaction. The central bank said there was an increasing prevalence of social engineering attacks aimed at obtaining the login credentials of victims.

The BSP said regulated entities, especially those engaged in “complex” digital products and services, must go beyond OTPs and adopt additional methods like biometric authentication, behavioral biometrics and password-less authentication such as hardware tokens and cryptographic keys.

As it is, the Philippines wants to follow the examples of other countries that have abandoned OTPs.

See Also
More dividends ahead for D&L stockholders?

Last year, major retail banks in Singapore phased out OTPs to better protect consumers against phishing. This, as technological developments and more sophisticated social engineering tactics have enabled scammers to more easily phish for customers’ OTP.

The plan to eventually ditch OTPs is part of the BSP’s active effort to fight fraud via the Anti-Financial Account Scamming Act.

The law not only prohibits and punishes financial cybercrimes but also compels regulated entities to employ adequate risk and fraud management systems.

Tags
Philippine Daily Inquirer

Have problems with your subscription? Contact us via
Email: plus@inquirer.com.ph, subscription@inquirer.com.ph
Landine: (02) 8896-6000
SMS/Viber: 0908-8966000, 0919-0838000

© The Philippine Daily Inquirer, Inc.
All Rights Reserved.

Scroll To Top