The Bangko Sentral ng Pilipinas (BSP) has ordered banks and e-wallets averaging over ₱75 million in monthly online transactions to stop using SMS and email OTPs by June 25, 2026. The directive requires stronger authentication methods such as biometrics, behavioral checks, adaptive tools, or passwordless systems.
The order applies mainly to universal, commercial, and digital banks. High-risk transactions must use advanced verification, while low-risk ones may still allow SMS OTPs. Covered institutions are also required to upgrade fraud detection systems to flag suspicious activity.
Deputy Governor Lyn Javier said the move balances innovation with fraud prevention. “The BSP is equally dedicated to promoting innovation in financial services as to protecting customers from new forms of fraud, including technology-enabled fraud. We are pleased that banks and e-wallet operators are stepping up on both fronts.”
Institutions not covered by the directive are still required to conduct regular risk assessments to ensure secure digital transactions.
Also Read: GCash OTP now in-app, SMS codes end today
By June 2026, SMS-based OTPs will be phased out for major financial firms, pushing the industry toward stronger authentication and tighter fraud management.
Source: 1






