Philippine Businesses Prepare for New Security Authentication Mandates
菲律賓企業為新的安全認證規範做好準備
更新於: 2026年6月9日 上午01:15
The Philippines is witnessing a major transformation in digital security.
菲律賓正見證數位安全領域的重大轉型。
To combat a 35% rise in online fraud and sophisticated scams, the Bangko Sentral ng Pilipinas (BSP) has introduced strict mandates under the Anti-Financial Account Scamming Act (AFASA).
為對抗網路詐騙與精細詐騙案件高達35%的增長,菲律賓中央銀行(BSP)已依據《反金融帳戶詐騙法》(AFASA)祭出嚴格法規。
A pivotal change is the phase-out of SMS and email-based One-Time Passwords (OTPs) for high-risk transactions.
其中一項關鍵變革是針對高風險交易,逐步淘汰基於簡訊(SMS)與電子郵件的一次性密碼(OTP)。
By June 30, 2026, financial institutions must replace these vulnerable methods with more robust, phishing-resistant alternatives.
在2026年6月30日前,金融機構必須以更穩健、抗網路釣魚(Phishing)的替代方案,取代這些脆弱的驗證方式。
The new standards prioritize server-side biometrics, such as facial recognition, and FIDO-certified passwordless authentication.
新標準將伺服器端的生物辨識以及FIDO認證的無密碼驗證列為優先事項。
However, regulators recognize that biometrics alone are not enough; institutions are required to adopt a layered defense strategy, including device binding and behavioral analysis.
然而,監管機關體認到僅靠生物辨識並不足夠;機構必須採取分層防禦策略,包括裝置綁定與行為分析。
This shift is also a matter of financial accountability.
此轉變亦涉及財務責任問題。
With supporting regulations like Circulars 1213 and 1232, the focus is clear: cybersecurity is no longer just an IT concern, but a core business priority.
在第1213號與第1232號通函等相關法規的支撐下,重點十分明確:網路安全不再僅是資訊技術(IT)部門的疑慮,而是核心業務的優先要務。
