The Bangko Sentral ng Pilipinas (BSP) is advising banks to adopt its recommended control measures to combat cyber fraud. For starters, banks must no longer use clickable links in the emails or SMS messages they send to customers.

That’s one of eight recommendations listed in the central bank’s Memorandum No. M-2022-015, signed by Deputy Governor Chuchi Fonacier in March 2022. Sent out to banks and other supervised financial institutions, the memo recognizes the need for a risk-based approach amid the prevalence of phishing attacks that are designed for taking over accounts or stealing sensitive personal information.


Besides the removal of links in written communication to customers, the BSP also suggests that banks immediately notify customers whenever there is a request to change their account passwords and contact information, prohibit their representatives from asking customers of their passwords and PINs, and regularly conduct awareness campaigns to educate customers on the latest forms of online scams.

In addition, the BSP encourages the implementation of one-time passwords and multi-factor authentication, along with personalized messages for authentication, device registration, fund transfer and other transactions. A lockup period should also be enforced, during which the customer’s registered mobile number, email address and authentication token devices may not be changed.

Leave a comment

Your email address will not be published. Required fields are marked *