Real-time payments growth poses new cybersecurity risks

GROWING ADOPTION of emerging instant payments technologies in the Philippines will mean new kinds of cybersecurity threats as bad actors adapt, financial technology firm Global Payments, Inc. said.

“The challenge is that faster, frictionless payments leave less time to assess risk. Without adequate safeguards, fraud such as account takeovers or social engineering scams can increase,” Global Payments Senior Vice-President for the South and Southeast Asia Krishnaraj Tantri said in an e-mail interview.

As real-time transactions grow, consumers will see more cybersecurity threats such as account takeovers, scams that trick users into authorizing payments, and refund abuse, he said.

“As payments become more automated, the focus must shift from merely blocking unauthorized users to preventing bad actors from abusing legitimate tools.”

Enterprises’ cybersecurity systems must also be able to assess fraud faster as the phasing out of one-time pin (OTPs) in the Philippines will likely lead to the adoption of new authentication technologies like biometrics-based authentication and passkeys.

The Bangko Sentral ng Pilipinas (BSP) has given financial institutions up to the middle of this year to comply with new fraud management system requirements and improve their customer authentication measures as part of the implementation of a law against financial scams.

A draft circular released last month showed that the BSP wants to require banks to enforce server-side biometric authentication to verify users and secure customer-initiated transactions amid rising financial fraud risks.

Once implemented, institutions are expected to phase out interceptable methods like OTPs via text or e-mail, though OTPs may still verify a registered mobile number linked to transactions.

“The transition away from OTPs is manageable, but only if replaced with strong security layers like biometrics and tokenized credentials. Where those protections are incomplete, the changeover period may create opportunities for fraud, so careful implementation is critical,” Mr. Tantri said.

He added that having more modern security foundations will also allow for the adoption of other emerging payments technologies.

“Adoption will depend on whether markets have modern security foundations in place, such as tokenized credentials and biometric authentication, to clearly identify who, or what, is making a purchase and ensure actions can be traced back to a real person.”

Based on the BSP’s cyberthreat surveillance in the first half of 2025, social engineering, account takeover, and identity theft accounted for 76% of the total amount lost to financial fraud in the period. — A.M.C. Sy