.png){kind=logo}
2 weeks ago
11
Upgrade to High-Speed Internet for only ₱1499/month!
Enjoy up to 100 Mbps fiber broadband, perfect for browsing, streaming, and gaming.
Visit Suniway.ph to learn
Keisha Ta-Asan - The Philippine Star
March 14, 2026 | 12:00am
Lito Villanueva, founding chairman of FinTech Alliance PH, said industry players are ready to comply with the Bangko Sentral ng Pilipinas (BSP)’s directive to adopt more advanced security tools that will gradually replace OTP-based verification.
STAR / File
MANILA, Philippines — Financial technology firms in the Philippines are prepared to transition away from one-time passwords (OTPs) as regulators push stronger authentication systems to curb rising digital fraud.
Lito Villanueva, founding chairman of FinTech Alliance PH, said industry players are ready to comply with the Bangko Sentral ng Pilipinas (BSP)’s directive to adopt more advanced security tools that will gradually replace OTP-based verification.
“The fintech industry is ready to comply,” Villanueva said in a chance interview. “We have no choice but to comply.”
The BSP has given banks and financial institutions until June 30 to phase out SMS-based OTPs and shift to stronger authentication methods, including biometric verification.
In a draft circular released earlier this month, the BSP also proposed the adoption of server-side biometric authentication and other stronger controls for high-risk financial transactions and critical account changes, as part of efforts to curb online fraud and strengthen consumer protection.
While OTPs have long been the standard method for verifying online financial transactions, Villanueva said many fraud cases stem from consumers unknowingly sharing these codes with scammers.
“For most Filipinos, OTPs have been the practice,” he said. “But the reason the BSP has been pushing for their removal is that the bulk of the complaints and fraud cases involve account takeovers, with OTPs essentially acting as the security needed to open an account.”
He explained that OTPs effectively serve as the “key” to a user’s financial account, making them a prime target for fraudsters who trick consumers into revealing the code.
To address this vulnerability, financial institutions are ramping up investments in alternative authentication technologies such as device binding, behavioral device intelligence and other fraud detection tools that verify a user’s identity without relying solely on text codes.
“These are part of the fraud and anti-money laundering solutions or platforms that all players in the industry would have to comply with,” he said.
Villanueva said the shift is consistent with the objectives of Republic Act 12010, or the Anti-Financial Account Scamming Act, which aims to strengthen consumer protection in the digital financial ecosystem.
As institutions roll out stronger safeguards, he said compliance would require substantial spending on security infrastructure.
“That’s why there’s so much investment on compliance, there’s so much investment on cybersecurity, there’s so much investment when it comes to having to protect your consumers,” Villanueva said.
“At the end of the day, this business is all about trust,” he added.
