OTPs no longer enough? BSP warns banks on security risks

1 month ago 10

The Bangko Sentral ng Pilipinas (BSP) is encouraging banks to upgrade their security systems, as one-time passwords (OTPs) may eventually become obsolete for banking transaction authentication.

“What we are saying is that we are encouraging the banks to go to a higher level of protection,” said Elmore O. Capule, BSP deputy governor for the corporate services sector.

Capule explained that while OTPs and other current security measures may seem sufficient for combating scams and other banking threats, the central bank urges continuous upgrades.

“Our objective is to make our regulations future-proof,” Capule said, stressing the rapid changes in the technological landscape. 

“If you say that what we have right now is sufficient, then by next week or next year, it may no longer be,” Capule said.  

Capule noted that security expectations should be based on a bank’s sophistication. Rural and thrift banks might still rely on OTPs, but digital banks should implement more robust systems.

He clarified that while rural and thrift banks can maintain their current security schemes, digital banks should install more advanced security systems. The urgency of continuous upgrades depends on the bank’s level of sophistication.

Mamerto E. Tangonan, BSP deputy governor for payments and currency management, echoed Capule's remarks, noting that OTPs are becoming obsolete despite their widespread use in the banking sector.

Tangonan affirmed that the BSP aims to gradually adopt more advanced methods, adding that a transition period will accompany this shift.

We are looking at the banks having more sophisticated [security systems],” Tongonan said.

Read Entire Article