’Stronger, OTP-free authentication methods gaining ground in Philippines‘ 

Upgrade to High-Speed Internet for only ₱1499/month!

Enjoy up to 100 Mbps fiber broadband, perfect for browsing, streaming, and gaming.

Visit Suniway.ph to learn

May 31, 2025 | 12:00am

MANILA, Philippines — More companies in the Philippines are expected to adopt a stronger, layered and passwordless authentication methods as the Bangko Sentral ng Pilipinas (BSP) urges financial institutions to move away from the use of one-time passwords (OTPs), according to global communications firm Twilio.  

Twilio said the shift is part of an industry-wide response to the BSP’s call for more robust ways to verify identity and secure digital transactions amid the growing risk of cyber fraud.

“We expect banks and other financial firms in the Philippines to move toward  more sophisticated and secure authentication methods, and gradually use SMS-based authentication for initial registration or as a fallback, considering its accessibility and convenience,” Billy Chan, director for Asia of Twilio’s Communications Business, said. 

“However, using SMS OTPs as a backup requires an added layer of security, such as utilizing real-time carrier data on SIM swap history to help prevent SIM swap or number port attacks, delivering seamless verification without user friction,” Chan said.

According to Twilio, one of the vulnerabilities of text-based OTP is that it is unencrypted and not designed for security. This makes it vulnerable to interception, as anyone with access to the data can read it.

SIM swapping or hijacking has also become widespread in the Philippines, wherein scammers use illicitly obtained personal information to gain access to sensitive online accounts, including bank accounts.

Chan said that newer tools like passkeys are seeing increased adoption due to their simplicity and familiarity. “Many Filipinos are already familiar with passkeys, such as simple fingerprint scans or PINs, which makes this transition seamless and reassuring,” he said.

Another OTP-free method gaining traction is Silent Network Authentication (SNA), which uses mobile carrier technology to verify phone number ownership without any input from the user.

“The process happens in the background and does not require a PIN or a separate authenticator app, eliminating risks associated with phishing, social engineering, and SMS scams,” Christopher Connolly, Twilio solutions engineering lead, said. 

“SNA is built on top of the standardized Global System for Mobile Communications authentication and offers a secure and seamless authentication experience, thus enabling organizations to beef up security without any negative impact on user experience,”  Connolly said.

The method is already being adopted by local telecom companies and is expected to see wider usage among banks and fintech firms in line with the BSP’s directive. 

Twilio also warned that consumers expect fast, easy access and would abandon apps or transactions that take too long to verify.

“For any authentication strategy to succeed, accessibility in customer experience must be a top priority. It is a delicate balancing act of employing advanced authentication methods with enhanced security, while keeping user friction to a minimum,” Sam Richardson, executive engagement director at Twilio, said. 

“To ensure accessibility, financial firms can provide users with options on authentication methods that work best for them, in their preferred channel,” Richardson added. 

As digital transactions continue to rise in the Philippines, Twilio said financial institutions must craft authentication strategies that enhance security while protecting the customer experience. A privacy-first, adaptive approach will be crucial in maintaining user trust in the evolving digital landscape.