The Bangko Sentral ng Pilipinas (BSP) has mandated that all supervised financial institutions (BSFIs) implement more secure authentication measures to protect users from fraud and unauthorized account access. Under BSP Circular No. 1213, issued in May 2025, covered entities must replace SMS- and email-based one-time passwords (OTPs) with stronger technology, including biometric, behavioral, adaptive, or passwordless solutions, by June 25, 2026.
Scope of the Circular
The circular applies to banks and e-wallet operators that average more than P75 million in online transactions per month. This includes most universal and commercial banks, all digital banks, and some cooperative, thrift, and rural banks. Many institutions are already implementing these enhancements ahead of the deadline.
"The BSP is equally dedicated to promoting innovation in financial services as to protecting customers from new forms of fraud, including technology-enabled fraud. We are pleased that banks and e-wallet operators are stepping up on both fronts," said BSP Deputy Governor Lyn I. Javier.
Risk-Based Authentication
Covered BSFIs must apply the stronger authentication technology to transactions they consider high-risk. Risk is assessed based on factors such as payee profile, transaction value, customer behavior patterns, and the nature of the product or service. For lower-risk transactions, institutions may use less stringent methods, such as SMS OTPs.
Non-covered institutions are not required to shift to stronger verification tools within the same transition period but must regularly assess the risks associated with their products and services to determine appropriate fraud prevention measures.
Fraud Management Systems
The circular also requires covered BSFIs to strengthen their fraud management systems to better detect and prevent unauthorized transactions. These systems must be capable of flagging unusual or suspicious activities, including unusually rapid transactions and those involving new recipients or unrecognized devices.
The BSP is committed to promoting a safe, secure, and resilient digital payments ecosystem while supporting the continued growth of digital financial services.
