Leveling Up Security – Beyond the SMS OTP

Leveling Up Security – Beyond the SMS OTP

Your security is our top priority. We protect you against modern cyber threats by moving away from text message codes (SMS OTPs) for daily transactions. Today, we ensure a safer digital experience by using stronger security features built directly into your mobile app and registered phone.

I. Understanding the Security Upgrade

What is the biggest change in how I log in and approve transactions?

The most significant change is that the RCBC Pulz app now uses security features built directly into your smartphone/device to verify your identity. This process is faster and significantly safer than waiting for and manually typing a text message code (SMS OTP) for every transaction.

Why are you shifting away from SMS OTPs?

SMS text messages are vulnerable to sophisticated cyber-attacks, such as “SIM swapping,” where criminals intercept your codes. Our new system uses a multi-layered defense tied specifically to your physical smartphone/device. This makes it virtually impossible for remote attackers to access your account without having your actual smartphone/device in their hand.

How do these new features protect my account?

We have created a powerful defense through:
• Unique Device Identification: Your account is “bound” to your trusted smartphone/device. Even if someone steals your password, they will be blocked if they try to log in from an unauthorized smartphone/device.
• Convenient Verification: Instead of typing codes, you simply confirm a Push Prompt notification or use your unique fingerprint/face scan.

Is the bank stopping the use of SMS OTPs entirely?

We are significantly reducing our reliance on them. Biometrics (Face ID/Fingerprint) and Push Prompts are now the primary methods for daily banking. While SMS OTPs may still be used for specific non-transactional actions like enrollment or web application logins, they are no longer the standard for daily activities.

II. Setting Up Your Security

How do I set up Device Binding?

Device binding happens automatically when you register your primary smartphone/device. Please note that registering a new smartphone/device will automatically deregister and replace your old smartphone/device. To register a new device please follow the step-by-step process in question #8 of the RCBC Pulz Single Device Access FAQ.

How do I enable Biometric login?

You can enable this directly within the RCBC Pulz app:

Log in on your registered smartphone/device.
Navigate to the Security tab at the bottom of the screen.
Toggle the Biometrics switch to ON.
• Note: The app uses the secure data already stored in your smartphone/device’s hardware.

How do Push Prompts work?

If Biometrics and Push Prompts are enabled and you perform a sensitive action (like a high-value transaction), a notification will appear on your screen:

• Review the details (Amount, Recipient, Time, and Location).
• Simply tap “Approve” or “Reject.”
• The transaction completes securely in seconds—no SMS OTP required.

III. Troubleshooting & Recovery

What if I lose my smartphone/device or get a new smartphone/device?

The system is designed to handle this securely:

Install RCBC Pulz on your new smartphone/device.
Upon login, the app will identify the new smartphone/device and guide you through the Secure Device Switching process.
Once the new smartphone/device is approved, the old smartphone/device is instantly deactivated.

What if I don’t receive a Push Prompt?
• Check Settings: Ensure “Notifications” are turned ON for RCBC Pulz in your smartphone/device’s system settings.
• In-App Check: If you don’t see a notification, open the app; the prompt will usually appear as an In-App push prompt on the home screen.

Can I still use SMS OTPs if I can’t use Biometrics?
• Mobile App: Yes, for non-transactional features like enrollment.
• Web App: Verification will be routed through either an SMS OTP or a Push Prompt based on your active security profile.
• Fallback: If neither Biometrics nor SMS can be used, a Push Prompt will be sent to your registered smartphone/device as the primary verification method.

What if my notifications are turned off?

Transactions cannot be authorized without push notifications enabled. If you initiate a transaction while notifications are disabled, you will be prompted to update your device settings before you can proceed.

How do I ensure I am fully protected?

To take full advantage of this defense:

Register your primary smartphone/device (Refer to the Single Device Policy).
Enable Biometrics and Notifications in both your smartphone/device’s system settings and the RCBC Pulz app.

IV. Account Enrollment Changes

Can I still use the app during the 24-hour holding period?

Yes, you can access your Dashboard to view your accounts. However, all transactional features will be temporarily disabled until the 24-hour period ends.

END

Advisory

RCBC Pulz

Online Account Opening

RCBC Assist Online

ATMGo

Track Your Transfer

Savings Accounts

Checking Accounts

Time Deposit

Foreign Currency

Home Loans

Auto Loans

Personal Loans

RCBC Trust Corporation Homepage

UITF

Corporate Trust

Estate Planning

Fixed Income Securities

RCBC Credit Cards

MyDebit

YGC Rewards Plus

Sun Life GREPA

Malayan Insurance

Remit

Remittance Inquiry

International Network

RCBC Properties For Sale

RCBC Cars for Sale

Savings

Checking

Corporate Loans

Corporate Salary Loan

Receivables Services

Disbursement Solutions

UITF

Fixed Income Securities

RCBC Online Corporate

Other Corporate Services

Hexagon Club

Hexagon Club Privilege

Hexagon Club Priority

Hexagon Club Prestige

RCBC Wealth

Our Company

Sustainability

Inclusive Finance

Corporate Governance

Investor Relations

Company Disclosures

Newsroom

Leveling Up Security – Beyond the SMS OTP