BSP wants shift from OTPs to more sophisticated systems

The Bangko Sentral ng Pilipinas (BSP) is looking to have local banks shift from one-time passwords (OTPs) to more advanced methods as part of its efforts to address fraud and financial crime, according to a top official.

Speaking with reporters, BSP deputy Governor Elmore Capule cited the need to shift into more sophisticated systems to make structures in the country more future-proof, with a draft circular recently released to boost the information technology risk management of financial institutions.

“Our objective is to make our OTPs future-proof, meaning, you know how technology is. If you say that what we have right now is efficient, then by next week or next year, it may no longer be,” he said Thursday..

“What we are saying is that we are encouraging the banks to go on a higher level of protection. While what we have now is maybe sufficient for now, we want them to continually upgrade,” he added.

This comes as other countries have started to shift from OTPs as methods to be able to access bank accounts digitally, given the increase in financial scams, which phishing and smishing accounting bulk of this.

“That’s where we are coming from. We are looking at the banks having more sophisticated systems in place,” Capule said.

“Our basis is, it really depends on how sophisticated your system and the bank is. Like if you’re talking of a rural bank or a thrift bank, perhaps we’ll be satisfied with the OTPs. But if you’re looking at, let’s say, digital banks, then a digital bank means your system should be more robust and more advanced,” he added.

Capule declined to give a timeline as to the shift from OTPs, with the BSP now soliciting feedback from industry stakeholders on the move.

“Conceptual pa lang ‘yun that we have to move away from the traditional but perhaps we have a consultation with the industry, exactly how long do they think they can institute. Hindi pa namin ma-hardcorde ‘yung period,” he said.

The BSP is also looking to release the implementing rules and regulations (IRR) of the Anti-Financial Account Scamming Act (AFASA) by March or early April, for the law to become effective 15 days after publication.

Signed by President Ferdinand “Bongbong” Marcos Jr. into law in July 2024, AFASA seeks to protect the public from cybercriminals and criminal synidicates by penalizing financial cybercrimes and imposing harsher penalties for illegal acts.

Under the law, the BSP is authorized to investigate cases, apply for cybercrime warrants and orders, and request the assistance of law enforcers in the investigation of cases. It is also exempted from existing laws on bank secrecy and data privacy to gather sufficient information relative to the commission of prohibited acts. — RSJ, GMA Integrated News