Friday, June 13, 2025

BLOG | Safeguarding digital transactions in PH

With one of the highest smartphone penetration rates in Southeast Asia at 90%, according to the World Economic Forum, the Philippines is a mobile-first nation. Millions rely on mobile devices not just for communication, but also for essential services like banking and payments.

In 2024, the country exceeded the Bangko Sentral ng Pilipinas (BSP) goal of having more than 50% of all retail payments done digitally. Merchant payments (64.9%), peer-to-peer transfers (19.3%), and business-to-business payments (6.1%) were the top contributors. This growth reflects the rising adoption of e-wallets and transaction accounts, demonstrating how mobile phones have become the gateway to financial services.

To secure these digital interactions, biometric identification, like facial recognition, fingerprint scanning, and voice ID, has emerged as the preferred way of user verification.

However, as adoption grows, so does the threat. Just in the last six months, AI-driven deepfake attacks have undermined the integrity of and destroyed the trust in biometric authentication that we, as consumers, have come to depend on to safeguard our accounts and transactions, opening the door to fraud, account takeovers (ATOs), and on-device scams.

Rise of Deepfake: What Filipino Consumers and Businesses Should Know

Deepfake technology is advancing at a rapid pace around the world. Deloitte has warned that financial institutions will become major targets of deepfake-enabled fraud. In Southeast Asia, law enforcement agencies are seeing an increase in the usage of AI-generated content by organized criminal groups.

The Philippines isn’t exempt. The Cybercrime Investigation and Coordinating Centre (CICC) points out that it detects 200 to 300 deepfakes daily, indicating an escalating threat.

Deepfakes are more than just viral enjoyment — they’re tools for social engineering and biometric fraud. Attackers can use stolen biometrics and generate synthetic faces or voices to bypass liveness detection in mobile apps.

There are already real-world cases across the region. In Indonesia, a leading bank reported over 1,100 deepfake fraud attempts where AI-generated facial videos convincingly mimicked real users, evading biometric defenses and exposing the institution to potential losses of $138.5 million in just three months. In the Philippines, telco providers have warned consumers about “vishing” scams, which are voice phishing attacks enhanced by AI.

Criminals utilize voice cloning to impersonate loved ones or authority figures, tricking victims into sharing personal information and enabling account takeover.

Attack Techniques Targeting Biometric Authentication in PH

As deepfakes evolve, so do the tactics attackers use to target mobile apps:

  • On-device Face ID Bypass: Hackers manipulate authentication APIs locally on a device, making it seem like biometric verification succeeded — an especially high risk in mobile-first nations like the Philippines.
  • Exploiting Third-party SDKs: Many Filipino apps integrate biometric SDKs from third parties, which, if left unprotected, can be exploited to intercept or spoof biometric data.
  • Deepfake Video Injection: Attackers feed AI-generated videos into the authentication flow, tricking systems into recognizing synthetic faces as real users.
  • Virtual Camera Substitution: Fake camera feeds replace live ones, fooling the app.
  • Voice Cloning and Audio Deepfakes: AI-generated voices are now able to impersonate users with shocking precision, targeting apps with voice ID.

These techniques target not only the biometric inputs but also the mobile app logic that processes authentication, reinforcing the need for holistic protection.

Real-World Impact: How Filipinos are Affected by Biometric Fraud

The consequences of biometric fraud go well beyond technical compromise. Businesses are facing operational disruptions, reputational damage, and a loss of customer trust. For consumers, the risks include financial loss, identity theft, and erosion of confidence in mobile platforms.

Recognizing the significance of the threat, the BSP has demanded that financial institutions deploy real-time fraud monitoring and detection systems.

These methods aim to identify and prevent suspicious activities before they lead to losses. However, as attacks become more sophisticated, security strategies must evolve to address emerging threats like AI-generated deepfakes and device manipulation.

Securing the Biometric Process from End to End

Biometric authentication is only as strong as the defenses surrounding it. Whether it’s facial recognition or voice ID, attackers now have the tools to bypass individual layers of protection — especially if they can exploit gaps within the mobile app or the authentication flow.

That is why securing biometric systems requires a thorough approach. Protections must extend across the mobile app and the authentication journey, beginning at the point of biometric capture. This means defending against not only input spoofing, but also manipulation of biometric SDKs, authentication APIs, and even the app runtime environment.

Why Filipino Businesses Need to Act Now

With the rise of digital transactions, protecting biometric authentication is important to maintaining user trust. In a mobile-first economy like the Philippines, securing mobile apps isn’t just good practice; it is a necessity.

Biometric methods like fingerprint scanning and facial recognition offer a convenient layer of security, but they must be backed by defenses that account for cybercriminals’ evolving tactics. Protecting the full mobile environment — not just the biometric step — is essential to preventing fraud, account takeovers, and digital impersonation.

For Filipino organizations looking to stay ahead, now is the moment to adopt modern AI-driven security platform that can adapt in real time and respond to the next wave of threats. In doing so, they’ll be safeguarding not only their systems, but also the trust of the millions of people who rely on mobile platforms every day.

The author is the mobile app security evangelist at Appdome

Subscribe

- Advertisement -spot_img

RELEVANT STORIES

spot_img

LATEST

- Advertisement -spot_img