Press Release

BPI encourages clients to be more cybersafe with digital security features



The Bank of the Philippine Islands (BPI) encourages its clients to be more cyber-secure, and use the bank’s security features.

With the enhanced community quarantine to contain the spread of COVID-19, BPI Chief Digital Officer Noel Santiago said more people now have adopted to digital ways of doing things. Digital banking helped people cope with the difficult situation, and are thus equipped to manage their finances.

“This has become the new normal. We hope people would continue to appreciate and utilize the value of transacting via online and mobile apps, even after COVID-19,” Santiago said.


Given the digital adoption, BPI puts great emphasis on providing a safe and secure banking experience for its clients.   Part of this is to regularly remind clients to be cybersafe, and be extra vigilant in protecting their information and accounts.

After all, cybersecurity is a shared responsibility.

The bank has these security features in place:

Activate Mobile Key

BPI's Mobile Key is a secure alternative to the One-Time PIN (OTP). With the Mobile Key, you can authenticate transactions with biometrics. The Mobile Key allows you to do your bills payments, fund transfers to third parties, and InstaPay transfers safely and conveniently.

Enable biometric login

Make things private and personal when accessing your online banking account. Do this by using biometrics via the BPI Mobile app. With BPI’s “Set Fingerprint/Face ID Login” feature, you can have your mobile device scan your fingerprint (i.e., your thumb), or use the camera for facial recognition for secure access to your accounts.


Link a device to your account

One online account can be linked to one mobile device, providing you additional security. Plus transaction notifications are sent to this linked mobile device. Mobile Key will also work only on your linked device. When using the BPI Mobile app, link your trusted mobile phone, a device that only you should be using, to your account.

Know how to use the One-Time PIN (OTP)

For those not using mobile banking and have not activated Mobile Key, we’ve made your online banking experience safe through the One-Time PIN (OTP) sent via SMS. The OTP you receive is unique to a single transaction. Read the text message and you will find the transaction details, including the amount that you are about to transfer or pay. Once you enter the OTP, that means you have given your approval to process and complete the transaction. So read the message carefully and never share your OTP to anyone.


Set up your notifications and alerts

Turn on your email log-in notification. You can now keep track of your log-in activities. You will receive an email for every successful log-in to your account.  Hence, we encourage you to periodically review your e-mail messages.

We have also provided  the “last log in” date and time in the main menu of both Online and Mobile App page. This will allow you to know if somebody else has logged in your account. As a security habit, check the “last log in” every time you log in to BPI Online or BPI Mobile app.

Additional protection provided for you in the BPI Online accounts is the transaction confirmation email. Get notified via email for every successful transaction made using your account.

Finally, you may also activate BPI’s ATM Withdrawal AlertsReceive email or SMS notifications whenever a certain amount is withdrawn from your account.

Be more secure with Card Control Settings

Manage your card usage and security via the Card Control Settings. By setting your maximum ATM withdrawal amounts, debit purchase limits, or allowing international access or not, you can control your threshold on security risk exposure. Through the card control feature, you can also temporarily block or unblock your card so no one can use your card but you.

Mr. Santiago said that while BPI enables clients to be cybersafe through these digital security features, clients have to remain vigilant.


“We’re empowering our clients to be more secure. But again, we must also do our part.  We need to have a mindset of vigilance so that we don’t fall for scams.  We will never ask for confidential info via email, text messages, or phone calls. Most especially, we will never ask you to share with us your password or One-Time PIN. Remember that being cybersafe is everyone’s responsibility,” said Santiago.



April 1, 2020