Philippine Businesses Prepare for New Security Authentication Mandates

Updated at: June 9, 2026 at 01:15 AM

The Philippines is witnessing a major transformation in digital security.

nounPhilippines

nountransformation

To combat a 35% rise in online fraud and sophisticated scams, the Bangko Sentral ng Pilipinas (BSP) has introduced strict mandates under the Anti-Financial Account Scamming Act (AFASA).

verbcombat

nounmandate

A pivotal change is the phase-out of SMS and email-based One-Time Passwords (OTPs) for high-risk transactions.

nountransaction

By June 30, 2026, financial institutions must replace these vulnerable methods with more robust, phishing-resistant alternatives.

adjectivevulnerable

The new standards prioritize server-side biometrics, such as facial recognition, and FIDO-certified passwordless authentication.

nounbiometrics

However, regulators recognize that biometrics alone are not enough; institutions are required to adopt a layered defense strategy, including device binding and behavioral analysis.

verbrecognize

nounbiometrics

This shift is also a matter of financial accountability.

nounaccountability

With supporting regulations like Circulars 1213 and 1232, the focus is clear: cybersecurity is no longer just an IT concern, but a core business priority.

nouncybersecurity

🎉

End of article

You read 8 focus sentences.

Challenge Mode

Comprehension Questions

What is the primary reason for phasing out SMS and email OTPs?

The government wants to promote local mobile network providers.

They are increasingly vulnerable to phishing, social engineering, and interception.

They are too expensive for small businesses to implement.

Reveal Answer

✓

Correct Choice

They are increasingly vulnerable to phishing, social engineering, and interception.

By what date must financial institutions phase out SMS/email OTPs?

April 30, 2026

June 30, 2025

June 30, 2026

Reveal Answer

✓

Correct Choice

June 30, 2026

Which technology standard is encouraged for passwordless authentication?

Data Privacy Act 2012

FIDO2

SMS-Protocol 5

Reveal Answer

✓

Correct Choice

FIDO2

What is a potential consequence for firms that fail to implement mandated authentication?

A reduction in annual IT taxes.

Immediate closure of the business by the BSP.

They may be held liable for reimbursing customers for funds lost to scams.

Reveal Answer

✓

Correct Choice

They may be held liable for reimbursing customers for funds lost to scams.

Besides biometrics, what other security measure does the BSP mandate?

Device binding and behavioral checks.

Paper-based identity verification.

Public posting of transaction logs.

Reveal Answer

✓

Correct Choice

Device binding and behavioral checks.

Learn faster with Ringoo apps

Trace your learning progress and get real-time feedback with interactive exercises.

App Store Google Play