24 September 2025 – The Makati Business Club, in partnership with IBM, conducted a roundtable on digital trust and identity security. It convened leaders from the banking, fintech, and cybersecurity sectors. The discussion emphasized the imperative for organizations to fortify their identity systems as fraud and scams increase in today’s digital landscape.

Consumers carry multiple and overlapping digital identities across social media, banking, e-commerce, and government services, and with these come the associated risks. At the final installment of the three-part AI in Action roundtable series, IBM APAC Digital Trust Leader Shaibal Kumar Saha, warned that with billions of distinct identity records exposed and compromised, “identity has become the number one attack vector,” which cybercriminals easily exploit.

Financial institutions supervised by the Bangko Sentral ng Pilipinas (BSP) suffered PHP5.82 billion in losses from cyberattacks in 2024, with phishing and card-not-present fraud causing the most significant financial impact at PHP1.8 billion and PHP1.5 billion, respectively. To address the rising cybersecurity threats that BFSIs and consumers face, the BSP issued implementing rules for the Anti-Financial Account Scamming Act (AFASA), which was signed into law by President Ferdinand R. Marcos, Jr. in July 2024. This includes mandating BFSIs to implement automated and real-time fraud monitoring and detection systems to identify and block suspicious or fraudulent online transactions to protect customers.

Identity-centric approaches such as implementing zero trust identity architectures, frequently rotating secrets and certificates, ensuring strong authentication, monitoring third-party access, and securing transaction data with just-in-time encryption and tokenization, are critical to financial institutions looking to strengthen their fraud management strategies and build trust, according to Jerome Walter, Field CTO of HashiCorp, an IBM company that helps organizations automate hybrid cloud environments with Infrastructure and Security Lifecycle Management.

Dragonpay’s President and CEO, Robertson Chiang, underlined the need to shift away from weak security methods like one-time password (OTP) authentication, which is more susceptible to attacks. He pointed out that even security experts can still fall victim to these advanced phishing attempts; average users are at even greater risk. This points towards adopting more robust, passwordless authentication mechanisms, to develop resilience against identity fraud, and deliver more levels of assurance.

IBM urges Philippine organizations to reevaluate their identity security strategies. With identity security becoming the frontline of defense, proactive moves and cooperation will be essential in protecting businesses, institutions, and citizens in the digital age. , “If you are investing in security, you must prioritize identity-centric approaches to help deliver the best return in reducing risk and ensuring the future readiness for your organization,” said Saha.

Moderator Cesar “Yoyong” Santos Jr. of BAP Data Exchange expressed similar urgency, pointing out that with the use of our national IDs already in place, “We really have to step up and move up the curve on how to utilize this secure identity system.”

The roundtable ended with a shared consensus that identity security is no longer a choice. It has to be the foundation of digital trust. Fortifying this requires collaboration among businesses, government, and technology partners so that the Philippines may build a secure, resilient, and trusted digital economy.