The Bangko Sentral ng Pilipinas (BSP) is phasing out reliance on one-time passwords (OTPs) in Philippine digital banking, urging banks to adopt stronger, phishing-resistant authentication systems.
The move is part of the Anti-Financial Account Scamming Act (AFASA), designed to protect consumers from digital scams like phishing and SIM-swap attacks.
Banks must implement advanced fraud management systems with tools such as behavioral analytics, geolocation tracking, and device-change detection, particularly those handling at least ₱75 million in monthly transactions.
BSP Deputy Governor Elmore Capule confirmed the June 30, 2026, compliance deadline remains firm, encouraging institutions to accelerate preparations.
Officials also said broader reforms to bank secrecy laws could enhance AFASA enforcement, enabling authorities to access financial information under reasonable suspicion to combat financial crime.
Source: PhilNews24 | March 9, 2026
