By Aaron Michael C. Sy, Reporter

CUSTOMER engagement platform Twilio expects banks to adopt alternative authentication methods such as silent network authentication and passkeys as the Bangko Sentral ng Pilipinas (BSP) pushes lenders to veer away from one-time passwords (OTP).

“We expect banks and other financial firms in the Philippines to move towards more sophisticated and secure authentication methods and gradually use SMS (short message service)-based authentication for initial registration or as a fallback, considering its accessibility and convenience,” Twilio Communications Business Asia Director Billy Chan said in a note.

The central bank in February said it was looking to veer away from the use of OTPs for more secure and advanced authentication methods.

“One of the vulnerabilities of SMS-based OTP is that it is unencrypted, and therefore not designed for security,” Mr. Chan said. “This makes it vulnerable to interception, as anyone with access to the data can read it.”

He said passkeys, such as fingerprint scans or personal identification numbers (PIN), are gaining traction among local banks because many Filipinos are familiar with them and due to their enhanced security.

Twilio Asia Pacific and Japan Communications Solutions Engineering Lead Christopher Connolly said silent network authentication, which uses mobile carriers to verify the possession of a phone number without needing user input, is already being used by telecommunication companies.

“The process happens in the background and does not require a PIN or a separate authenticator app, eliminating risks associated with phishing, social engineering and SMS scams,” he said.

Mr. Connolly said this type of authentication is also built in the standardized global system for mobile communications authentication, which allows organizations to beef up security without any negative impact on user experience or conversion.

“Financial firms will likely explore adaptive authentication strategies that assess risk in real-time and leverage AI (artificial intelligence) and behavioral analytics to dynamically adjust access controls based on observed activities,” he added.

Banks may also tap third-party solutions as an alternative to OTPs, such as those that provide authentication across multiple channels.

“For instance, Twilio Verify is a purpose-built end-user verification API (application programming interface) that handles route optimization, channels, code generation and fraud monitoring — enabling user verification over multiple channels at scale,” Mr. Connolly said.

He said banks should use such solutions to add extra layers of security to prevent fraudulent transactions and access attempts.

“Twilio’s Lookup API, for example, works in the background to look up a phone number and filter real users from those with suspicious behaviors.”

Artificial intelligence (AI) and behavioral biometrics will also likely be used by banks, but Mr. Connolly said human oversight is still needed to prevent false positives.

He said regulators are expected to establish strict guidelines to address AI-generated fraud and emphasize identity-proofing protocols.

“Public education campaigns will raise awareness about digital deception risks and promote vigilance,” he said. “We also expect a closer collaboration between the public and private sectors to defend against these emerging threats targeting consumers and their digital transactions.”

RELATED ARTICLESMORE FROM AUTHOR