菲律賓企業為新的安全認證規範做好準備
Philippine Businesses Prepare for New Security Authentication Mandates
Updated at: June 9, 2026 at 01:15 AM
菲律賓正見證數位安全領域的重大轉型。
The Philippines is witnessing a major transformation in digital security.
為對抗網路詐騙與精細詐騙案件高達35%的增長,菲律賓中央銀行(BSP)已依據《反金融帳戶詐騙法》(AFASA)祭出嚴格法規。
To combat a 35% rise in online fraud and sophisticated scams, the Bangko Sentral ng Pilipinas (BSP) has introduced strict mandates under the Anti-Financial Account Scamming Act (AFASA).
其中一項關鍵變革是針對高風險交易,逐步淘汰基於簡訊(SMS)與電子郵件的一次性密碼(OTP)。
A pivotal change is the phase-out of SMS and email-based One-Time Passwords (OTPs) for high-risk transactions.
在2026年6月30日前,金融機構必須以更穩健、抗網路釣魚(Phishing)的替代方案,取代這些脆弱的驗證方式。
By June 30, 2026, financial institutions must replace these vulnerable methods with more robust, phishing-resistant alternatives.
新標準將伺服器端的生物辨識以及FIDO認證的無密碼驗證列為優先事項。
The new standards prioritize server-side biometrics, such as facial recognition, and FIDO-certified passwordless authentication.
然而,監管機關體認到僅靠生物辨識並不足夠;機構必須採取分層防禦策略,包括裝置綁定與行為分析。
However, regulators recognize that biometrics alone are not enough; institutions are required to adopt a layered defense strategy, including device binding and behavioral analysis.
此轉變亦涉及財務責任問題。
This shift is also a matter of financial accountability.
未能落實上述更嚴格安全防護措施的金融業者,若發生詐騙導致客戶損失,可能需負擔賠償責任。
Financial firms failing to implement these stronger safeguards may face liability for customer losses due to fraud.
在第1213號與第1232號通函等相關法規的支撐下,重點十分明確:網路安全不再僅是資訊技術(IT)部門的疑慮,而是核心業務的優先要務。
With supporting regulations like Circulars 1213 and 1232, the focus is clear: cybersecurity is no longer just an IT concern, but a core business priority.
企業現在必須投資先進且可驗證的技術,以保障客戶權益,並確保在日益數位化的經濟環境中合規。
Companies must now invest in advanced, verifiable technology to protect their customers and ensure compliance within an increasingly digital economy.
