.png)
The OTP was a sharable secret that left Filipinos vulnerable. Explore how AFASA and the shift to biometric liveness are removing the tax of fear from digital banking, shifting liability back to institutions, and finally making financial inclusion safe by default.
There is a specific kind of anxiety that has defined digital banking in the Philippines for the last decade. It’s that split second when your phone vibrates with a six-digit code, and you realize that those numbers are the only thing standing between your savings and a stranger.
We were told the One-Time Password (OTP) was a security feature. In reality, it was a "sharable secret," and secrets are notoriously hard to keep.
Whether it was a teacher distracted in a classroom or an OFW answering a system update call from a convincing fraudster, the OTP became a weapon used against the very people it was meant to protect. By 2024, the math was devastating: over 10,000 complaints and PHP 198 million lost, with the average victim losing PHP 44,700.
When the money vanished, the industry had a name for it: User Error. But at Trusting Social, we see it for what it really was: a breach of trust.
The Problem with Sharable Security
The fundamental flaw of the OTP is that it can be spoken aloud. It can be typed into a fake website. It can be coached out of a victim by a professional scammer.
This is why the BSP’s Circular 1213, which mandates a move away from SMS and email OTPs by June 2026, is so pivotal. By shifting to biometric liveness detection, we are moving from "what you know" (a code) to "who you are" (your face).
You cannot read your face over the phone to a scammer. You cannot accidentally share your live thumbprint with a phishing site. By removing the code, we remove the fraudster’s most effective script. We are replacing a fragile, stress-inducing secret with an uncopyable, physical reality.
AFASA: Shifting the Burden, Restoring the Dignity
The real "unexplored territory" of the Anti-Financial Account Scamming Act (AFASA) isn't the technology—it’s the restoration of dignity. For years, the burden of security sat squarely on the consumer’s shoulders. If you were tricked, it was your fault. AFASA flips that power dynamic. By June 2026, if an institution continues to use "interceptable" tech like the old OTP and a loss occurs, the law presumes the institution was negligent.
This isn't just about who pays for the fraud; it’s about who is responsible for the design of the safety. It forces banks to build systems that are "safe by default," ensuring that a moment of human distraction doesn't lead to a lifetime of financial regret.
Safety is the New Definition of Inclusion
At Trusting Social, we’ve always believed that you cannot have true financial inclusion without a foundation of absolute safety.
If a student or a small business owner is afraid to use their digital wallet because they don't trust themselves to spot every scam, they aren't truly included. They are just surviving in a digital minefield.
The move toward biometric-led security is about removing the cognitive tax of banking.
It means security becomes passive, not active.
It means the system works for the human, not the other way around.
It means that trust is no longer something we demand from the user; it’s something we build into the architecture.
The Return of Trust
June 2026 is a deadline for the industry, but for the Filipino consumer, it is the start of a much-needed exhale.
By retiring the "Human Firewall" and the six-digit gamble, we are finally acknowledging that the cost of progress should not be paid by the most vulnerable among us. At Trusting Social, we are championing this shift because we believe the future of banking isn't just digital or AI-powered, it’s human. Your face is better than a code because it belongs to you, and you alone.
And in the world of AFASA, that is finally enough to keep your money safe.
