New BSP Circular on Mobile Banking Security
The Bangko Sentral ng Pilipinas (BSP) has issued new requirements for mobile banking applications, mandating advanced fraud protection measures.
Key Requirements
Device Binding
All mobile banking apps must implement:
- Device registration and binding
- Multi-device management
- Anomaly detection for new devices
Transaction Monitoring
Required capabilities:
- Real-time transaction analysis
- Behavioral biometrics
- Geolocation verification
- Velocity checks
Authentication Standards
Minimum requirements:
- Multi-factor authentication for all transactions
- Biometric authentication support
- Session management controls
- Step-up authentication for high-risk actions
Security Controls
Mandatory implementation of:
- App integrity verification
- Root/jailbreak detection
- Screen capture prevention
- Anti-keylogging measures
Compliance Timeline
| Requirement | Deadline | |-------------|----------| | Device binding | June 2025 | | Transaction monitoring | September 2025 | | Enhanced authentication | December 2025 | | Full compliance | March 2026 |
Penalties
Non-compliance may result in:
- Monetary penalties
- Suspension of mobile banking services
- Revocation of banking license
Recommendations
- Assess current capabilities against new requirements
- Develop implementation roadmap with clear milestones
- Select technology partners for specialized controls
- Plan testing and validation before deadlines
- Document compliance for regulatory review
Verify your mobile banking app meets BSP requirements. Scan now.