In a significant step toward strengthening digital financial security, the Bangko Sentral ng Pilipinas (BSP) has introduced a new set of guidelines aimed at protecting Filipino consumers from the rising tide of online fraud and cybercrime.
With the official release of Circular 1213, the BSP is urging banks and other financial institutions to go beyond the traditional one-time passwords (OTPs) and adopt more advanced and secure multi-factor authentication (MFA) methods. The move comes amid increasing cyber threats that have exposed the vulnerabilities of SMS-based OTPs—a method long used by banks but now considered insufficient to combat modern fraud tactics.
“There has to be additional safety measures,” BSP Deputy Governor Elmore Capule stressed. “Sometimes a good system is only good until the scammers find a way to get around it.”
The enhanced MFA framework is a direct response to the evolving strategies of cybercriminals, and more importantly, a decisive step in ensuring the safety and security of the Filipino public, especially as digital banking continues to expand across the country.
Protecting the People: A Calibrated, Risk-Based Approach
Under Circular 1213, all BSP-supervised institutions offering electronic financial services are now required to implement robust fraud management systems (FMS). These systems must operate in real-time, provide comprehensive monitoring, and be adaptable to emerging risks.
For institutions with high digital transaction volumes—defined as an average of at least P75 million per month—additional layers of protection are mandated. These include:
- Behavioral anomaly detection
- Geolocation monitoring
- Device and account change tracking
- Blacklist screening
- Transaction velocity checks
Such measures are designed to quickly identify and respond to suspicious activity, helping to prevent unauthorized transactions before they impact consumers.
Smaller financial institutions, such as rural and thrift banks, are not left behind. While the guidelines remain strict, the BSP has introduced a proportional, risk-based approach that allows these institutions to implement appropriate security measures based on their transaction sizes and service complexity.
Embracing Innovation for Public Protection
The BSP also officially recognized alternative, cutting-edge authentication tools including biometrics, behavioral analytics, and cryptographic keys like Fast Identity Online (FIDO). These technologies offer greater security by minimizing the risk of interception and misuse, unlike traditional SMS-based OTPs which are increasingly targeted by fraudsters.
Maricris Salud, BSP deputy director, highlighted that financial institutions are encouraged to supplement OTPs with more advanced safeguards. “Banks and financial institutions can still do OTPs, but they have to look for other authentication methods to supplement the vulnerabilities,” she said.
Accountability and Consumer Safety Under AFASA
Circular 1213 is part of a broader regulatory initiative to implement the Anti-Financial Account Scamming Act (AFASA)—a landmark law designed to curb digital scams through industry-wide accountability. Under AFASA, banks that fail to meet security standards may be held liable for financial losses suffered by consumers due to fraud.
“If a bank fails to comply and a customer is defrauded, that bank may be held liable,” Capule warned, reinforcing that protecting the public is no longer optional—it is a legal responsibility.
Securing Every Filipino’s Digital Future
As cyber threats become increasingly sophisticated, the BSP’s directive underscores its commitment to defending every Filipino’s right to a secure digital financial ecosystem. While the transition to advanced MFA tools may require investment and operational changes, the central bank made it clear: the protection of consumers must come first.
These changes, taking effect on June 25, aim not just to strengthen institutional defenses, but to restore and build public trust in digital banking—a critical step toward a safer and more inclusive financial future for all Filipinos.
Leave a Reply