OTPs under siege: Why the Philippines needs stronger defenses With the Bangko Sentral ng Pilipinas (BSP) sounding the alarm on the weaknesses of one-time passwords (OTPs) and urging financial institutions to adopt stronger digital authentication methods, the country is entering a new phase in its battle against cyber fraud. BSP Circular No. 1140 highlights that traditional OTPs, once seen as the gold standard of security, are no longer enough to protect Filipinos against increasingly sophisticated attacks. The urgency is real. In 2024 alone, the Cybercrime Investigation and Coordinating Center (CICC) logged over 10,000 cybercrime complaints, amounting to ₱198 million ($3.4 million) in losses, a sharp rise from the previous year. According to Assistant Secretary Renato "Aboy" Paraiso, Deputy Executive Director of the CICC, financial scams linked to OTP fraud, SIM swaps, and smishing make up the majority of cases. "Most of them, majority of them are linked to these financial scams… If you round it off, it's around 65% of the complaints that we receive," Paraiso said in an exclusive interview with CoinGeek. How scammers work: From links to SIM swaps For ordinary Filipinos, these scams often start with a simple text. "When you receive a text that contains what we call a hyperlink, which is now prohibited… you click on that hyperlink, it would forward you to a malicious website either for smishing, phishing, or if it progresses into a financial scam site," Paraiso explained. Scammers then trick victims into "test deposits" or OTP verifications, hijacking legitimate banking or even government text threads to make the fraud appear real. The infamous "Ayuda" scams, for instance, mimicked official government relief programs to lure unsuspecting citizens into handing over their OTPs. Even with the SIM Registration Act in effect, criminals have found ways around it.…