As it is upgrading its system, BDO sent an advisory to all of its BDO Securities (formerly BDO Nomura) account holders that effective January 30, you can only request a One-Time Password (OTP) only via SMS for both the desktop and mobile app. This means that all users should make sure that their registered mobile number is updated and that BDO will disable the OTP generator on its Online Banking app.

This move is part of BDO’s efforts to improve its security and authentication for its BDO Securities users, as OTP requests via SMS are more reliable than the bank’s OTP generator on its online banking app.

While the change will only apply to BDO Securities, there’s no word if it will be applied to other BDO platforms as of this writing.

The advisory to limit all OTP requests to SMS follows after around 700 BDO account holders lost their money in an online hacking incident. The incident involved users losing as much as Php 100,000 in their BDO accounts due to unauthorized transactions initiated by hackers. A few days ago, 5 suspects–which include two Nigerian nationals–were arrested by authorities.

In its investigation, the BSP suspects that the online hacking incident was made possible due to BDO using a 10-year old service that’s due to be phased out by this year. BDO president Nestor Tan said that they are working on a new version of their web service, which is slated to be available to the public by Q1 2022.