AS THE Philippines moves to tighten digital banking security rules, lessons from Vietnam’s banking overhaul show both the benefits and risks of large-scale biometric verification systems.
Trusting Social, a Singapore-based financial technology company operating in the Philippines, said Vietnam’s experience revealed how weak identity verification systems allowed fraudulent accounts to proliferate for years before reforms were introduced.
When the State Bank of Vietnam enforced biometric verification requirements in 2024, banks re-verified customer accounts and found that about 86 million of roughly 200 million accounts could not be linked to a real person. Those accounts were shut down by September 2025.
“We spent years in Vietnam building systems that had to work for real people, on basic phones, in rural areas, with documents that weren't always perfect,” said Nguyen Nguyen, founder and chief executive officer of Trusting Social.
“That experience taught us what fails in production and what doesn't. When the Philippines mandate came, we already knew what to watch out for,” Nguyen added.
Vietnam’s central bank later reported a 59-percent decline in individual fraud and theft cases and a 52-percent drop in accounts receiving illicit funds after the rules took effect.
Still, vulnerabilities remained. In May 2025, Vietnamese authorities dismantled a syndicate accused of laundering $39 million using artificial intelligence-generated facial scans to bypass biometric checks.
Trusting Social said fraud prevention systems deployed across eight Vietnamese banks blocked more than $4.3 billion in attempted mule account transactions in one year.
“Our experience in Vietnam showed us that when banks get stronger, fraudsters move to whoever is weakest,” Nguyen said. “The institutions that built properly protected their customers and ones that didn't become the new target.”
The company said similar conditions exist in the Philippines, where digital fraud complaints continue to rise.
The Bangko Sentral ng Pilipinas received 70,000 fraud complaints in 2024, while the Cybercrime Investigation and Coordinating Center logged 10,004 cybercrime complaints, triple the number recorded in 2023, with reported losses nearing P198 million.
BSP Circular 1213 requires financial institutions to phase out SMS and email one-time passwords for high-risk transactions by June 30, 2026.
Under the Anti-Financial Account Scamming Act, or AFASA, institutions may also face liability for customer losses if they fail to implement adequate safeguards.
“Every institution we work with wants to get this right,” said Johnny Escaler, chief executive officer of Trusting Social Philippines.
“The banks that got this right in Vietnam stopped looking at the requirements and focused on how to make sure the customers never have to think about fraud again,” Escaler added.
The BSP in March also issued a draft circular encouraging server-side biometric authentication, where customer identities are verified against bank-held records instead of only through mobile devices.
Trusting Social said Vietnam’s experience suggests stronger fraud controls require continuous upgrades as criminal methods evolve.
