Keisha Ta-Asan - The Philippine Star
February 4, 2025 | 12:00am
During the 2025 Media Information Session in Baguio City over the weekend, BSP Deputy Governor Elmore Capule said there is a need for future-proofing financial security, noting that technological advancements require continuous upgrades.
STAR / File
MANILA, Philippines — The Bangko Sentral ng Pilipinas (BSP) is pushing banks to adopt more advanced security measures and move away from one-time passwords (OTPs) as the primary form of authentication.
During the 2025 Media Information Session in Baguio City over the weekend, BSP Deputy Governor Elmore Capule said there is a need for future-proofing financial security, noting that technological advancements require continuous upgrades.
“Our objective is to make (the financial system) future-proof. If you say that what we have now is efficient, next week or next year, it may no longer be,” Capule said.
“We are encouraging banks to go to a higher level of protection. While what we have now may be sufficient, we want them to continually upgrade,” he said.
Capule said that security expectations should depend on the bank’s sophistication. Rural and thrift banks might still rely on OTPs, but digital banks should have more robust systems.
“Being a digital bank means your system should be more advanced,” Capule added.
Likewise, BSP Deputy Governor Mamerto Tangonan said that OTPs are becoming obsolete.
Tangonan pointed out that the Monetary Authority of Singapore and the Bank for International Settlements have already discouraged OTP reliance.
While the BSP aims to phase out OTPs, Capule acknowledged the need for a transition period.
“You cannot just say OTPs are passé,” Capule said.
The BSP is set to consult with the banking industry to determine a realistic timeline for the shift, similar to the transition from magnetic stripe cards to EMV chip technology which started in 2017.
“The IRR (implementing rules and regulations) to move away from the traditional is still conceptual. We need further consultations to set a clear timeframe,” Capule added.
OTPs have been widely adopted by financial institutions in the country as an added security measure for online transactions. However, technological developments and more sophisticated social engineering tactics have enabled scammers to more easily phish customers’ OTPs.
Based on data from the Cybercrime Investigation and Coordinating Center, about 10,004 cybercrime complaints were recorded in 2024, a sharp increase from 3,317 cases in 2023. The total financial losses suffered by victims amounted to nearly P198 million last year.
Among digital wallets, GCash was the most commonly used platform in cases of consumer fraud, online fraud and phishing, with its users losing a total of P76.49 million.