PLDT unit secures authentication for digital platforms

PLDT Inc.’s enterprise arm is preparing to roll out a network-based authentication system as banks and digital platforms move away from traditional one-time passwords (OTPs), which regulators have flagged as increasingly vulnerable to fraud.

Nico Alcoseba, first vice president at PLDT Enterprise, said the company’s SmartSafe SilentAccess solution is gaining traction among banks, fintech firms and global digital platforms as they explore alternatives to short messaging system (SMS)-based authentication.

Financial institutions are under pressure to adopt stronger safeguards as the Anti-Financial Account Scamming Act (Afasa) takes effect in June 2026.

The Bangko Sentral ng Pilipinas (BSP) is also rolling out Circulars No. 1213 and No. 1214, which encourage banks to transition to more advanced and phishing-resistant authentication methods.

“Essentially, what they’re telling the banks is to stop using SMS OTPs because it’s very prone to fraud and move toward more advanced technologies,” Alcoseba told Inquirer.

“Afasa takes into effect June 2026—meaning, banks should not be sending any SMS OTPs by June 2026,” he said.

Alsoseba said SMS OTPs have long served as a key layer of security in digital transactions. But scammers have increasingly found ways to exploit them through tactics such as spoofing, smishing and social engineering.

Verification codes

SmartSafe SilentAccess seeks to address those vulnerabilities by removing the need for users to manually enter verification codes.

Instead, the authentication process happens silently in the background. Once integrated into an app, the system allows the platform to communicate directly with the telecom network to verify whether the mobile number registered in the app matches the number installed on the device.

PLDT said the process typically takes about five to eight seconds and eliminates the step where users must wait for and manually input OTP codes—an interaction that fraudsters often exploit.

Proof-of-concept tests

Interest from enterprises has been stronger than initially expected, according to Alcoseba. Banks, fintech firms and major global digital platforms are currently running proof-of-concept tests, where selected users evaluate the technology’s performance and security.

He said feedback from these trials shows improvements in user experience and security, as transactions no longer rely on SMS messages that could potentially be intercepted.

See Also

ROI of grace: Building lifetime brand equity

Alcoseba said the technology also supports financial institutions’ compliance with stricter antifraud requirements under Afasa and BSP regulations.

Beyond SilentAccess, PLDT is preparing to expand its SmartSafe application programming interface suite with additional tools designed to strengthen fraud detection.

These include device swap and SIM swap detection, which flag cases where a user’s SIM or device has been replaced. It also includes geo-check verification, which confirms whether a transaction is being conducted near the user’s mobile location. Also included is roaming status validation, which helps detect suspicious overseas credit card transactions.

Alcoseba said that as digital transactions grow, telcos are evolving beyond their traditional role as connectivity providers.

“Telcos are transitioning from providing network signals to providing risk signals,” he said. He was referring to data insights that help companies strengthen their authentication systems and prevent fraud.

With regulators tightening safeguards and digital payments expanding, PLDT sees network-based authentication becoming a key component of the country’s digital infrastructure.