BDO Push Authentication will officially replace SMS one-time passwords (OTPs) for eligible logins and transactions on the BDO Online app beginning July 17, 2026.
The update marks a significant change in how customers verify their identities when accessing their accounts and approving digital banking transactions.
The transition is part of BDO’s efforts to strengthen cybersecurity and comply with Bangko Sentral ng Pilipinas (BSP) Circular No. 1213, which requires banks to adopt stronger, phishing-resistant authentication methods for high-risk digital transactions.
The move also supports the implementation of the Anti-Financial Account Scamming Act (AFASA), which aims to reduce financial fraud and protect consumers from increasingly sophisticated cyber threats.
Why BDO is replacing SMS OTP
By adopting BDO Push Authentication, the bank aligns with national efforts to combat online financial scams under AFASA.
As phishing campaigns and account takeover attacks continue to evolve, financial institutions are investing in authentication methods that provide greater protection while maintaining convenience. The initiative also supports the banking industry’s ongoing digital transformation, where stronger security measures play a critical role in maintaining customer trust in online financial services.

The migration reflects a broader regulatory push to modernize digital banking security across the Philippines.
BSP Circular No. 1213 directs financial institutions to phase out SMS and email OTPs for high-risk transactions and implement authentication technologies that are more resistant to cyberattacks.
A more secure way to approve transactions

Once the new system takes effect, customers will receive authentication requests directly through the BDO Online mobile app instead of SMS OTPs. They can simply approve or deny login attempts and eligible transactions through a secure push notification sent to their registered device.
The shift to BDO Push Authentication addresses security risks associated with SMS-based verification, including phishing attacks, SIM swapping, and unauthorized account access.
Because authentication requests are sent directly to a customer’s registered device, fraudsters have fewer opportunities to intercept verification codes or trick users into sharing them.
What customers need to do before July 17
Before the transition, BDO advises customers to complete a few important steps to ensure uninterrupted access to their accounts.
First, users should update the BDO Online app to the latest version available through their device’s official app store. Customers should also enable push notifications on the mobile device registered with their BDO Online account, as these will become the primary way to approve eligible logins and transactions.
Finally, users are encouraged to keep their registered mobile device with them whenever they access their accounts. Since authentication approvals will be sent directly to that device, having it readily available will help ensure a smooth and secure banking experience.

Strengthening digital banking security
The rollout of BDO Push Authentication represents another step toward stronger digital banking security in the Philippines.
By replacing SMS OTPs with app-based authentication, BDO aims to reduce fraud risks while complying with BSP regulations designed to improve cybersecurity across the financial sector.
For customers, updating the BDO Online app, enabling push notifications, and keeping their registered device accessible will help ensure a seamless transition to the bank’s new authentication system.
