BSP Mandates Phase-Out of SMS OTPs by June 2026 Under Anti-Scamming Act

Disclaimer: This article is for informational purposes only and does not constitute financial advice. BitPinas has no commercial relationship with any mentioned entity unless otherwise stated.

📬 Get the biggest crypto stories in the Philippines and Southeast Asia every week — subscribe to the BitPinas Newsletter.

The Bangko Sentral ng Pilipinas (BSP) has set a firm deadline for banks and financial institutions to phase out the use of SMS-based One-Time Passwords (OTPs) by June 30, 2026.

Key Details

According to a recent public advisory highlighted by the community page Digital Banks PH Updates, the central bank is requiring the transition away from SMS OTPs as part of the broader implementation of the Anti-Financial Account Scamming Act (AFASA).

The policy mandates financial institutions to adopt more secure, modern authentication methods to protect consumers from the rising tide of account takeover scams.

The End of the SMS OTP

For years, the SMS OTP has been the standard second layer of security for digital banking in the Philippines. However, the BSP now considers this method obsolete and highly vulnerable to interception techniques such as SIM-swapping, text hijacking, and social engineering phishing attacks.

To replace the SMS OTP, the BSP is pushing banks and financial apps to gradually introduce stronger, phishing-resistant verification methods leading up to the deadline. Based on the advisory, the replacements will primarily include:

• In-App OTPs and Push Notifications: Approving transactions directly within the secure, encrypted environment of the banking app itself, bypassing the telecom network’s text messaging system.
• Biometrics: Utilizing device-level hardware security, such as fingerprint scanning or facial recognition.
• Behavioral Biometrics: Advanced security systems that verify identity in the background based on unique user habits, such as typing speed, swipe patterns, or typical device movement.
• Silent Authentication: A seamless background process that directly verifies the user’s mobile number via the telecom network without requiring the user to manually wait for and input a code.

The AFASA Framework and Strict Compliance

The phase-out of SMS OTPs is a direct result of the implementing rules and regulations of AFASA, specifically under BSP Circular No. 1213. The law aims to combat the use of financial accounts in criminal activities and to harden the country’s defenses against digital heists.

Under the AFASA guidelines, BSP-supervised financial institutions (BSIs) such as traditional banks, digital banks, and e-wallets must deploy stronger fraud management systems capable of detecting suspicious transactions in real-time.

The central bank has maintained a strict stance on the transition timeline. BSP Deputy Governor Elmore Capule recently confirmed that the central bank is holding firm on the compliance schedule.

“As of now we are not extending it,” Capule stated, stressing that financial institutions are expected to accelerate their preparations for the new requirements.

Filipino consumers can expect their banking and financial applications to roll out mandatory updates requiring the setup of these new authentication methods.

Disclosure: AI has been used to develop this story

This article is published on BitPinas: BSP Mandates Phase-Out of SMS OTPs by June 2026 Under Anti-Scamming Act

What else is happening in Crypto Philippines and beyond?