When Vietnam enforced biometric verification in 2024, nearly half of all registered bank accounts could not be matched to a real person. The company that helped clean that up is now working in the Philippines, and sees the same conditions taking shape.
MANILA, Philippines — May 2026 — When the State Bank of Vietnam began enforcing biometric verification requirements in 2024, banks across the country ran a system-wide re-verification of their account holders. Banks discovered that nearly half their registered account base (more than 86 million of approximately 200 million accounts) could not be matched to a real person. By September 2025, they were shut down.
Trusting Social, a financial technology company founded in the United States in 2013 that built its fraud detection and identity products through years of work in the Vietnamese market, had a front-row seat.
"We spent years in Vietnam building systems that had to work for real people, on basic phones, in rural areas, with documents that weren't always perfect," said Nguyen Nguyen, Founder and CEO of Trusting Social. "That experience taught us what fails in production and what doesn't. When the Philippines mandate came, we already knew what to watch out for."
Fraud doesn't stop. It moves.
What the Vietnamese mandate exposed was not just bad data. It revealed how criminal networks had spent years exploiting a system that never demanded proof of who its account holders actually were.
The results were significant but uneven. The State Bank of Vietnam reported a 59 percent drop in individual fraud and theft cases and a 52 percent fall in accounts receiving illicit funds within months of enforcement. Yet just two weeks in, only two banks had achieved a biometric registration rate above 20 percent. In May 2025, Vietnamese police dismantled a 14-member gang that laundered USD 39 million over seven months using AI-generated fake facial scans to bypass biometric checks. The mandate raised the floor. Institutions that deployed minimum-viable solutions still had gaps, and those gaps were found.
Across Trusting Social's deployments, fraud prevention systems across eight leading Vietnamese banks blocked more than USD 4.3 billion in attempted mule transactions within a single year.
"Our experience in Vietnam showed us that when banks get stronger, fraudsters move to whoever is weakest," Nguyen said. "The institutions that built properly protected their customers and ones that didn't became the new target. That is the lesson we saw play out in Vietnam, and the one the Philippines needs to take seriously."
The Philippines is not far behind.
The structural conditions are familiar. The BSP received 70,000 fraud complaints in 2024. The Cybercrime Investigation and Coordinating Center logged 10,004 cybercrime complaints the same year, three times the 2023 figure, with losses reaching nearly PHP 198 million. Many of the accounts at risk were opened offline, with no identity verification against a living person.
BSP Circular 1213 requires covered financial institutions to phase out SMS and email one-time passwords for high-risk transactions by June 30, 2026. Under AFASA, institutions that fall short face direct liability for customer losses.
"Every institution we work with wants to get this right," said Johnny Escaler, CEO of Trusting Social Philippines. "The challenge is not willingness, it’s perspective. The banks that got this right in Vietnam stopped looking at the requirements and focused on how to make sure the customers never have to think about fraud again, and that made all the difference. AFASA is giving our industry the same opportunity to make that choice."
"There are Filipinos who stopped using digital banking after being scammed, there are more who never started ," Escaler added. "Every institution that builds this well is an institution that gives those people a reason to come back. That is the outcome worth working toward."
June 30 is not the finish line
Vietnam did not stop at one mandate. In the 18 months that followed, the State Bank of Vietnam extended requirements to corporate accounts, card issuance, and e-wallets. Banks that had built properly absorbed each expansion. Those that had done the minimum had to rebuild under pressure.
AFASA is on the same path. In March 2026, the BSP issued a draft circular pushing banks toward server-side biometric authentication, where a customer's identity is verified against records the bank holds, not just the customer's phone. It is a clear signal of where AFASA is heading next.
"We have spent over a decade working on this problem," Nguyen said. "The job is never done, Vietnam is proof of that. What the Philippines has that others didn't is a head start: the data, the experience, the proof of what works. That only means something if the industry uses it well, together, for the people on the other end of every transaction."
