The Bangko Sentral ng Pilipinas (BSP) is considering removing one-time password (OTP) authentication as phishing scams and other fraud schemes continue to target bank customers, according to news reports.
OTP is a security feature sent via SMS or email that is valid for a single transaction. While designed to prevent identity theft, scammers have exploited it using social engineering tactics. Many individuals have been tricked into revealing their OTPs, making the method less reliable.
The Inquirer report quoted BSP Deputy Governor Elmore Capule urging banks to move to a “higher level of protection” as OTPs have become less reliable these days.
The move is part of BSP’s efforts to strengthen security under the Anti-Financial Account Scamming Act (Afasa), which requires institutions to implement stricter fraud prevention measures.
BSP is working with banks and financial service providers to introduce more advanced authentication methods before phasing out OTP.