Filipinos embraced the news that the Bangko Sentral ng Pilipinas (BSP) has directed banks to phase out the use of OTPs (One-Time Pins) for transactions.
A draft memorandum reportedly instructs financial institutions to replace text-based OTPs with fingerprint, facial recognition, or other biometric authentication methods.
The BSP explained that biometric authentication verifies a customer’s identity within the bank’s “secure backend system,” rather than depending on the security of an individual’s mobile device.
Using biometrics as an authentication method allows banks to verify a customer’s against their own records, even if the mobile phone is lost, stolen or replaced.
The BSP reportedly said this approach “reduces the risk of account takeover, device compromise, spoofing and unauthorized credential changes.”
It added that OTPs may still be used for verifying the “existence or ownership of a registered mobile number.”
Banks typically use OTPs to verify transactions, requiring individuals to input a code received via text message or email.
Meanwhile, Filipinos have welcomed the move to replace OTPs with stronger authentication methods, noting that network signal issues can sometimes delay the delivery of OTPs.
“This is actually great, sa GoTyme, every transaction [or] payment online, may in-app OTP, pero sa GoTyme app mismo, puro biometrics na or pin. Kahit wala signal, agad agad pumapasok na ‘yung in-app OTP, unlike ‘pag sa sim ise-send,” a Facebook user said.
“Tama ‘yan, may case [kasi] nawala phone, kasama sim,” another commented.
“Hayz, salamat naman, kasi ang area ay hindi nakakatanggap ng text at call. Masyadong mahina ang signal,” a different Pinoy wrote.
“Sobrang inconvenient ng nagse-send pa ng OTP sa mobile number kasi minsan, wala naman signal ‘yung mismong network kaya kahit pa na naka-connect ka sa ibang wi-fi, ‘di mo pa rin ma-open ‘yung account mo dahil hindi ma-receive ang OTP dahil sa walang signal,” another said.
The BSP, however, acknowledged that even biometric systems can be vulnerable to sophisticated deepfakes. It said banks must complement these authentication methods with additional safeguards, such as behavioral checks, human review and secure fallback options.
