REUTERS

By Beatriz Marie D. Cruz, Reporter

PHILIPPINE financial institutions should consider adopting biometric authentication measures and artificial intelligence (AI)-based risk scoring as an alternative to one-time passwords (OTPs), according to ADVANCE.AI, a Singapore-based software-as-a-service (SaaS) risk management company.

“When combined, biometric authentication and AI-based risk scoring gives financial institutions a 360-degree view of the customer and validates not just what they know about the customer, but who they are and how they behave,” ADVANCE.AI Country Michelle Anne Chan said in an e-mail.

The Bangko Sentral ng Pilipinas (BSP) has told financial institutions to shift away from the use of interceptable authentication mechanisms like OTPs through short message service (SMS) or e-mail as cyberattacks are becoming more sophisticated.

BSP-supervised financial institutions lost about P5.82 billion from cyberattacks in 2024, the central bank earlier said.

However, many Philippine banks still rely on “static and obsolete” verification methods, Ms. Chan said, like manual ID checks and photo uploads, OTPs and basic passwords, and physical branch verification.

This leaves banks and their customers vulnerable to deepfake scams, SIM swapping, and account takeovers.

Biometric authentication, which offers physical and real-time identity verification, offers a powerful layer of protection compared to OTPs or passwords, Ms. Chan said.

“It’s nearly impossible to spoof — unlike passwords or OTPs, which can be phished or intercepted,” she said.

AI-based risk scoring also provides detection signals such as device integrity, behavioral anomalies, and synthetic identities and deepfakes, she added.

However, consumers could face difficulties with advanced authentication systems due to the lack of stable and reliable data and ID issues, Ms. Chan said.

Other challenges include low digital literacy and social media hygiene, she added. Some customers also have older or basic mobile phones with cameras that are unsuitable for biometric authentication.

Also, while biometric authentication measures may be susceptible to spoofing and false acceptance, firms can adopt multi-layered security measures, according to Ms. Chan.

“Combining biometrics with other factors (e.g. device intelligence, behavioral signals, real-time liveness detection) can reduce spoofing and errors,” she said.

Companies must also work with trusted tech partners when adopting biometric verification systems and conduct regular tests and auditing to help reduce false positives or negatives.

“When banks and fintech companies implement advanced verification (such as facial biometrics, document authentication, business license validation), they show consumers that security is a priority — this builds confidence in using digital finance and overall ecosystem,” Ms. Chan said.

RELATED ARTICLESMORE FROM AUTHOR